Re: [w3c/webpayments-payment-apps-api] Should origin information (about the payment request) be shared with the payment app? (#27) from Dave Longley on 2016-08-16 (public-webpayments-specs@w3.org from August 2016)

From: Dave Longley <notifications@github.com>
Date: Tue, 16 Aug 2016 11:34:16 -0700
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/27/240195562@github.com>

The origin of the payee (or whatever identifier we use for the payee) is important to pass on to the Payment App. I would think that information would be required and present in the payment request message that gets forwarded to the app -- and, depending on our design, could actually be different from the origin of the request.

Now, if an API strongly binds those two together (i.e. you can't take a digitally-signed payment request message from one origin and submit it from another one), then the two would necessarily be the same origin. But if I could sign and put payment request messages out on the Web and people could find them and submit them however they wanted, then the Payment App would be most interested in the payee (or "merchant") origin, not where they were submitted from.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/27#issuecomment-240195562

Received on Tuesday, 16 August 2016 18:34:52 UTC