W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: Browser Payments API proposal

From: Alex MacCaw <maccman@gmail.com>
Date: Tue, 19 Jun 2012 02:23:45 -0700
Message-ID: <CAGcWc_aOCV8-XX23o+EGaq-sheEVhKw6nHhEqFZYWAW2uQt-7Q@mail.gmail.com>
To: Charles McCathieNevile <chaals@opera.com>
Cc: public-webapps@w3.org
Yes, sorry, that link keeps breaking. Here is one that won't, and will
hopefully explain the proposal better:

http://cl.ly/HSTx

Basically, it's just an API to access data that's already stored in the
browser (as part of the autocomplete functionality).

[image: Inline image 1]

On Tue, Jun 19, 2012 at 1:10 AM, Charles McCathieNevile <chaals@opera.com>wrote:

> On Sat, 16 Jun 2012 06:05:35 +0200, Alex MacCaw <maccman@gmail.com> wrote:
>
>  I've been working on a way of integrating one-click payments (and signup)
>> into the browser, and I wanted to put it in front of a few people to get
>> some feedback.
>>
>> The API I was playing about with was pretty simple, and is documented
>> here:
>>
>> http://blog.alexmaccaw.com/**preview/**MjQxMDcwOTcwNjAYz14YvbdZWrrVg<http://blog.alexmaccaw.com/preview/MjQxMDcwOTcwNjAYz14YvbdZWrrVg>
>>
>
> (that link seems to go nowhere except the front of your blog)
>
>
>  It's basically an API to autocomplete data, already stored in the browser
>> and containing things like credit card number and name.
>>
>> For example:
>>
>> navigator.requestProfile(['**firstName', 'email', 'cardNumber'],
>> function(
>> profile){ console.log('Your name is:', profile.firstName); /* ... */ });
>>
>
> So it seems you are just using an API to support autocomplete, but with
> magic tokens as well as the browser heuristics that are normally used.
>
> This seems to introduce a lot of UI security issues (asking for data for
> hidden form fields or fields that are out of the rendering view, ...).
>
> cheers
>
> Chaals
>
>  I've also created a Chrome
>> extension<https://github.com/**maccman/request-profile<https://github.com/maccman/request-profile>>
>> demonstrating
>>
>> the API. I think the key thing to getting adoption for something like this
>> is to keep it really simple.
>>
>> Cheers,
>> Alex
>>
>>
>
> --
> Charles 'chaals' McCathieNevile  Opera Software, Standards Group
>    je parle franšais -- hablo espa˝ol -- jeg kan noen norsk
> http://my.opera.com/chaals       Try Opera: http://www.opera.com
>



-- 
Alex MacCaw

+12147175129
@maccman

http://alexmaccaw.com


image.png
(image/png attachment: image.png)

Received on Tuesday, 19 June 2012 09:24:15 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:52 GMT