Re: [w3c/webpayments-payment-apps-api] Should merchants be able to limit matching to trusted apps? (#1) from ianbjacobs on 2016-10-14 (public-webpayments-specs@w3.org from October 2016)

From: ianbjacobs <notifications@github.com>
Date: Fri, 14 Oct 2016 07:16:52 -0700
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/1/253812778@github.com>

I am adding to this issue some data from recent discussions:
 - Ian discussed this with a large merchant who expressed concern about third party apps mining data. Presumably the merchant would like to limit which apps the user can use.
 - Matt Saxon has made the point that there are benefits to using the API even if merchants want finer grained control over which apps the user may use, and those benefits include both filtering and consistent user experience.
- For pull payments, Matt Saxon has an idea that perhaps the payee origin could only be shared with payment apps from the same origin as the payee, and that the user agent could display that origin information to the user in the context of the payment app display, but without sharing via the API. Note that for push payments, the payment app likely needs to know the origin.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/1#issuecomment-253812778

Received on Friday, 14 October 2016 14:17:47 UTC