- From: ianbjacobs <notifications@github.com>
- Date: Fri, 03 Feb 2017 10:42:17 -0800
- To: w3c/webpayments-method-identifiers <webpayments-method-identifiers@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments-method-identifiers/pull/21/c277327513@github.com>
Hi @adrianhopebailie,
Several comments:
OLD:
<div class="issue" title="Payment method manifest specification in progress">The Web Payments Working Group is developing a payment method manifest specification for the information a payment method owner would want to publish. Payment method identifiers that are URLs will help user agents locate these manifest files using a mechanism defined in that specification. <a href="https://github.com/zkoch/zkoch.github.io/blob/master/payment-manifest.md">Payment Manifest Proposal</a>.</div>
NEW:
<div class="issue" title="Payment method manifest specification in progress">The Web Payments Working Group is developing a <a href="https://w3c.github.io/webpayments/proposals/Payment-Manifest-Proposal.html">Payment Method Manifest</a> specification for machine readable information that describes how that method participates in the PaymentRequest ecosystem. That specification will define a mechanism to discover a payment method manifest file given a payment method identifier.</div>
=========
Your new text around syntax is overly constraining:
<pre>
"When URLs are used for payment method identifiers they MUST be absolute URLs including a <a>scheme</a>, <a>host</a>, <a>port</a> and <a>path</a>.
</pre>
The text is overly constraining because some of those parts are optional anyway. Suggested alternative:
<pre>
When URLs are used for payment method identifiers they MUST be absolute URLs that include at most the following URL components: <a>scheme</a>, <a>host</a>, <a>port</a>, and <a>path</a>.
</pre>
=======
Please delete this:
<pre>
The <a>port</a> MAY be excluded if the <a>scheme</a> is a <a>special scheme</a>.
</pre>
It is no longer necessary given the previous edit, and we should also not be defining general URL rules; that's out of our scope.
==========
IMPORTANT: You implemented something other than what the WG resolved. The WG resolved that URLs that do not conform to the syntax limitations will be thrown out during matching. Instead, you implemented an algorithm that ignores the query and fragment, but does not throw out the entire URL. Please fix that.
This sentence will also need to change:
<pre>
Identifier URLs SHOULD have null <a>query</a> and <a>fragment</a> values as these will be ignored when matching identifiers.
</pre>
I like your idea of updating the algorithm. The algorithm should say something like "If either URL includes any components other than those permitted by this specification, the test returns false."
If you want to keep a sentence about the impact of the syntax restriction on matching, you could
say this (taking all the edits into account):
<pre>
<p>When URLs are used for payment method identifiers they MUST be absolute URLs that include at most the following URL components: <a>scheme</a>, <a>host</a>, <a>port</a>, and <a>path</a>. URLs that include any other components MUST be ignored during <a href="#matching-1">matching</a>. The URL MUST be a <a>potentially trustworthy URL</a> as defined in the [[SECURE-CONTEXTS]] specification.</p>
</pre>
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-method-identifiers/pull/21#issuecomment-277327513
Received on Friday, 3 February 2017 18:43:20 UTC