Re: [w3c/payment-handler] Return origin of payment app in PaymentHandlerResponse data? (#217) from ianbjacobs on 2017-09-18 (public-webpayments-specs@w3.org from September 2017)

From: ianbjacobs <notifications@github.com>
Date: Mon, 18 Sep 2017 20:56:37 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/217/330353791@github.com>

Today if a merchant wants to use PR API and control the list of payment apps that appear to the user, they can mint their own payment method identifier. However, if we want to enable merchants greater control over which payment apps the user can use, that seems like the wrong approach. 

Another approach would be for the merchant to declare payment app origins they accept, and to use those (payment method manifest style) to filter out some payment apps from other origins.

This has privacy implications - the merchant can infer what the user does not have.

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/217#issuecomment-330353791

Received on Monday, 18 September 2017 20:57:33 UTC