W3C home > Mailing lists > Public > public-payments-wg@w3.org > December 2015

Re: [webpayments] What gets registered - apps, wallets, or payment instruments? (#28)

From: Dave Longley <notifications@github.com>
Date: Fri, 11 Dec 2015 09:05:39 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>
Message-ID: <w3c/webpayments/issues/28/163991969@github.com>
> Is there a problem with the merchant providing the payment data pre-trimmed for all payment applications they support?

Well, they'd probably need N signatures (one for each method) or some complex CL-Signature and trusted mapping information. In short, it could get very messy and frighten off developers.

Before even considering anything like that, I'd rather see the threat model for exposing all of the payment request data to the user's payment app of choice. What are the real dangers/concerns as concrete examples?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/28#issuecomment-163991969
Received on Friday, 11 December 2015 17:06:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:12 UTC