- From: ianbjacobs <notifications@github.com>
- Date: Thu, 08 Sep 2016 14:30:42 -0700
- To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
- Message-ID: <w3c/webpayments-payment-apps-api/issues/35/245747771@github.com>
For proprietary payment methods, there's a reasonable case for combining payment method
and payment app information in a single manifest, controlled by the payment method owner.
Here's what I would expect to find in the manifest:
- Origins of parties authorized to distribute apps that support the payment method
- Links to payment app manifests, or the same data inline. If these are links, then
presumably they would point to payment app manifests.
- Links to documentation (analogous to a payment method spec) about inputs
and outputs for the payment method.
Because the payment method owner controls the manifest, there are some security
advantages to this approach.
For open payment methods, I think there's a stronger case for separation. It is not clear
what the payment method manifest would include. Indeed, we've been talking about
using short strings for W3C-published open payment method specifications, implying
no manifest is necessary. There is likely to be a payment method specification that
is of interest to app developers, but I have not heard support for using PMIs to
designate those specifications. Other parties publishing open payment method
specs might want to use payment method identifiers for this purpose.
So this means that:
* For an open payment method, there's not a big perceived need yet to be able to
dereference the payment method identifier, but we need payment app identifiers to
get payment app manifests (from the payment app distributors).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/35#issuecomment-245747771
Received on Thursday, 8 September 2016 21:31:14 UTC