- From: Tommy Thorsen <notifications@github.com>
- Date: Tue, 07 Feb 2017 01:17:26 -0800
- To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments-payment-apps-api/issues/98/277942555@github.com>
@marcoscaceres > So, that's to do with the "scope" of a web app: scope is the URL space to which a manifest is applied (e.g., /blue). That's independent from its origin. > > More info at: https://w3c.github.io/manifest/#navigation-scope Thanks Marcos! This is useful and relevant information. I should really try to find the time to sit down and read the whole Web App Manifest specification today. @marcoscaceres > However, origin policy still applies- we can't change the web's security model. Not sure if you are implying that I proposed to change the web's security model in my previous comment, but I want to make it clear that I propose no such thing. I am however suggesting that perhaps there is no conflict between the security model of the web, and having multiple payment apps per origin. Even if my bank has multiple payment apps, it is fine that they share permissions, as my trust lies with the bank itself, not with the specific apps. For those that are arguing the one-app-per-origin side, I would ask that you consider the following simple logical statements: 1. "Payment Apps are Web Apps." (This is by our own definition.) 2. "There may exist multiple Web Apps per origin." (I demonstrated this [above](https://github.com/w3c/webpayments-payment-apps-api/issues/98#issuecomment-277808484).) 3. The above two statements imply that: "There may exist multiple Payment Apps per origin." Which one(s) of these do you disagree with? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/98#issuecomment-277942555
Received on Tuesday, 7 February 2017 09:18:07 UTC