Re: [w3c/payment-handler] Open Window Algorithm and tracking through 1ps (#351) from Danyao Wang on 2019-12-11 (public-webpayments-specs@w3.org from December 2019)

From: Danyao Wang <notifications@github.com>
Date: Tue, 10 Dec 2019 16:05:44 -0800
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/351/564316273@github.com>

> > Why should the payment handler be treated differently from a popup window, which has 1P storage?
> 
> This is not correct, popup (window.open) windows have partitioned storage, at least in the Safari implementation. I have not checked Firefox's or other's implementations.

This is news to me. Thanks for pointing it out. I'll look into Chrome's position on this one.

> > I worry that if browser is required to prompt the user on every {website, payment app} combination
> 
> I appreciate that this might just be a difference of opinion, but being asked, once per `{website, payment app}` seem like a very _low_ barrier to entry, especially given how sensitive the information is.
> 
> > Given that these tasks will take some time, one way we can limit the impact now is to move Payment Handler API behind Origin Trials [2]. Do you have a strong opinion about this?
> 
> I would prefer that Google (or anyone else) not ship functionality on the web with known privacy holes, but I also realize that I don't have (nor probably should I have) any say on what Google does. I'm only here to make sure the spec winds up privacy-preserving.

I appreciate the discussion.

> One thing I would strongly emphasize though is that Chrome doesn't currently do any storage partitioning, doesn't implement Storage Access API, and has stated that it doesn't intend to ship it. So, Chrome users' experience with the API you might be putting behind origin trials may not (will not?) provide one-to-one feedback into the spec (which would presumably be implemented by folks who are, or will be, shipping Storage Access API).

I'm not following your point. The learnings I'm looking for are (i) the degree of reliance on cookie for a legitimate payment handler implementation (ii) user's ability to make sense of the security UX features of the payment handler window (e.g. URL, origin) and (iii) importance of explicit payment handler installation flows. I believe all of these are independent of whether Chrome implements Storage Access API, right?



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/351#issuecomment-564316273

Received on Wednesday, 11 December 2019 00:05:46 UTC