@adrianhopebailie wrote: "I believe this issue ignores the fact that most payment apps will not be registered as part of the checkout flow." This thread has shed light on a design consideration [1] that we expect registrations to happen both in checkout (e.g., merchant-recommended apps) and out of checkout (e.g., while browsing an app provider side). I've updated the design considerations doc with some use cases. It's useful to call that out in the spec. It's not yet clear to me whether there are any functional implications for the API. "The PaymentApp.register() function will be called by payment app publishers and we have said we want to enforce origin based security which implies the user is currently in a context that has the same origin as the app publisher and also the same origin as the app invocation URL." I agree that it will be useful to be aware of origins. This may affect a number of things, including: * What is provided at registration * Matching; see the [PMI proposal from Zach](https://github.com/zkoch/zkoch.github.io/blob/master/pmi.md). [1] https://github.com/w3c/webpayments/wiki/PaymentApp_Notes#design-considerations --- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/8#issuecomment-235933817
Received on Thursday, 28 July 2016 15:38:44 UTC