- From: Marcos Caceres <marcos@marcosc.com>
- Date: Fri, 10 Mar 2017 06:01:41 -0500
- To: Adrian Hope-Bailie <adrian@hopebailie.com>, Frank Hoffmann <frank.hoffmann@klarna.com>
- Cc: Payments WG <public-payments-wg@w3.org>, Ian Jacobs <ij@w3.org>
On March 10, 2017 at 9:56:39 PM, Adrian Hope-Bailie
(adrian@hopebailie.com) wrote:
> While I have heard the argument that the data collected is "for the
> merchant" I would argue that it is the user's data so the user should be
> able to specify if it is shared with third-parties.
>
> I like this proposal but would make some minor adjustments:
> 1. Don't have a catch-all scope. It's easy enough to list the data you
> actually want.
> 2. Pass the scope's in as an array.
>
> Example:
> .requestPermission({scopes: ["displayItems", "payer-email",
> "payer-phone"]});
There are lots of ways to deal with this, that don't require
permission grants via an API. See how browsers do "Autofill",
particularly how Safari does things (requiring user interaction, as an
explicit permission grant that is user-guarded on interaction). I know
form Mozilla's perspective, we want less permission prompts (which are
less than ideal - and generally annoy people), and more solutions
gated on user interaction that happens "in context" while the user is
trying to do something.
Received on Friday, 10 March 2017 11:02:15 UTC