[w3c/webpayments-payment-apps-api] Require secure contexts for web-based payment apps (#24) from adamroach on 2016-08-10 (public-webpayments-specs@w3.org from August 2016)

From: adamroach <notifications@github.com>
Date: Wed, 10 Aug 2016 13:27:28 -0700
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/24@github.com>

This is a recommendation from the Security and Privacy Checklist review. See https://docs.google.com/document/d/1w7ginyzNg-xZUmITK4vzcGUKB4gbMOAvlkWWaRtX14k/edit?usp=sharing for additional detail

Although the payment apps specification has not yet been taken up by the Working Group, we also expect that it will require payment apps to run in secure contexts. Information can be transferred between these two contexts using the Payment Request API, but such transfer will be between secure contexts, and (we presume) policed by the user agent.


---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/24

Received on Wednesday, 10 August 2016 20:27:59 UTC