- From: ianbjacobs <notifications@github.com>
- Date: Thu, 10 Dec 2015 07:08:15 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: webpayments <public-payments-wg@w3.org>
Received on Thursday, 10 December 2015 15:08:45 UTC
@adrianhopebailie "I don't think it's private, it is used by the publisher to probe if their app is installed later on so needs to be known to both the publisher and mediator." It's not clear to me that the mediator needs it; they can use their own internal id when the app is registered. "Using a URL has the benefit of enabling some SOP based restrictions. e.g. If the app is installed through some side channel then the mediator is able to determine which origin is able to probe for the presence of the app." I would not trust the URI to determine origin; that can be faked. Instead, the system should have data from the actual origin where the information was retrieved (thus, through a protocol like HTTP). --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/14#issuecomment-163652955
Received on Thursday, 10 December 2015 15:08:45 UTC