Re: [webpayments] What gets registered - apps, wallets, or payment instruments? (#28) from Dave Longley on 2015-12-11 (public-payments-wg@w3.org from December 2015)

From: Dave Longley <notifications@github.com>
Date: Fri, 11 Dec 2015 09:05:39 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>
Message-ID: <w3c/webpayments/issues/28/163991969@github.com>

> Is there a problem with the merchant providing the payment data pre-trimmed for all payment applications they support?

Well, they'd probably need N signatures (one for each method) or some complex CL-Signature and trusted mapping information. In short, it could get very messy and frighten off developers.

Before even considering anything like that, I'd rather see the threat model for exposing all of the payment request data to the user's payment app of choice. What are the real dangers/concerns as concrete examples?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/28#issuecomment-163991969

Received on Friday, 11 December 2015 17:06:07 UTC