[w3c/payment-handler] What mechanism allows enforcing payment handler authenticity? (#308) from Rouslan Solomakhin on 2018-07-30 (public-webpayments-specs@w3.org from July 2018)

From: Rouslan Solomakhin <notifications@github.com>
Date: Mon, 30 Jul 2018 19:24:54 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/308@github.com>

>From [TAG review](https://github.com/w3ctag/design-reviews/issues/231#issuecomment-377645336):

> [8.4 Payment App Authenticity](https://w3c.github.io/payment-handler/#payment-app-authenticity) sounds good, but it's not clear if this specification describes a mechanism that allows it to be enforced. More detail would be helpful.

We should mention that payment handlers are identified by service worker scopes, origins of which are compared to the origins of payment method identifiers and the entries in the `"supported_origins"` list in the payment method manifest.

cc @dbaron

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/308

Received on Monday, 30 July 2018 19:25:18 UTC