[w3c/webpayments-payment-apps-api] Suggested apps (#74) from Rouslan Solomakhin on 2016-12-12 (public-webpayments-specs@w3.org from December 2016)

From: Rouslan Solomakhin <notifications@github.com>
Date: Mon, 12 Dec 2016 09:01:17 -0800
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/74@github.com>

I've heard feedback from payment app writers that merchants need a way to suggest payment apps to the user. Let's specify how this happens, exactly. Here's a few options.

> If the merchant specifies a payment app identifier URL for which no payment app has been installed, then the user agent SHOULD display this URL to the user as a "suggested app." A payment app identifier URL is a ServiceWorker URL, e.g., `https://bobpay.com/payment-app/`, which SHOULD also have an `index.html` that lets user register the payment app. If the user selects the suggested app URL, then the user agent SHOULD open the URL and wait for the payment app to register itself. (User can interact with the webpage at this point to, for example, enter their credentials.) Once the payment app is installed, user agent SHOULD fire the `PaymentRequest` event in this payment app with the information provided by the merchant.

Does this sound any good? If so, let's spec something out.

Some ways to improve with pros and cons:

* Payment app identifier URL should be the location of the JS service worker of the payment app, e.g., `https://bobpay.com/payment-app/app.js`.
* Pro: No need to open the webpage to install the service worker.
* Con: The service worker needs to open a webpage anyway to get user credentials after it's been installed.
* Con: Presenting `something.js` file in the UI to the user is ugly.
* Merchant website should provide a human-readable name and an icon URL for the suggested payment app.
* Pro: No need to show `https://bobpay.com/payment-app/` to the user.
* Con: Burden on the merchant.
* User agent should retrieve the favicon and the title of the page at `https://bobpay.com/payment-app/` and show that in its own UI.
* Pro: No need to show `https://bobpay.com/payment-app/` to the user.
* Con: User agents pings `https://bobpay.com/payment-app/index.html` and `https://bobpay.com/favicon.ico` every time the merchant suggests a payment app that's not installed.
* `https://bobpay.com` may get overloaded.
* `https://bobpay.com` learns about the user's IP without user's explicit consent.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/74

Received on Monday, 12 December 2016 17:39:18 UTC