Re: [webpayments] What gets registered - apps, wallets, or payment instruments? (#28) from Jeff Burdges on 2015-12-11 (public-payments-wg@w3.org from December 2015)

From: Jeff Burdges <notifications@github.com>
Date: Fri, 11 Dec 2015 06:07:34 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>
Message-ID: <w3c/webpayments/issues/28/163944000@github.com>

Sounds good.  Who provides payment mediator user-interface though?  It's platform dependent I suppose, but..

In the browser, it's possible to design a payment mediator secure context so that the merchant controls that flow, look and feel, etc. but cannot do anything too harmful.  There are real advantages to this like a news paper could run a payment bar that handled micro-payments if suitable payment applications were installed, but otherwise offered a link to a subscription page.  There are also more ways for us, the w3c, browser makers, merchants, and users to screw up though too.

I had not considered the need to trim data there because in my little world the merchant never receives any data about the customer, except for whatever the merchant put into a purchase contract, and a bunch of anonymous digital signatures.  I donno if the need to trim sensitive data in the payment mediator is fatal to the idea that the merchant can provide the payment mediator logic, maybe they could still provide some part of its user interface. 

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/28#issuecomment-163944000

Received on Friday, 11 December 2015 14:08:10 UTC