Re: [webpayments] Abstract payment architecture (#11)

I'm concerned we're not obeying the [Rule of Least Power](http://www.w3.org/2001/tag/doc/leastPower.html) by making payment instruments into applications. Perhaps we're not because of their related "manifests", but we'll have to be clear about what is in them. If we strongly tie payment instruments to applications (or model them as such), we're limiting their use.

There seem to be some other potential problems, for example, how does one authenticate with a Payment App? If you're using some kind of credit card, for example, is the information necessary to authenticate included in the manifest for the Payment App? Where is that information located? When you go to a site to install a Payment App -- do you have to enter the information there? Is it then stored in the manifest that is associated with you/your browser? (By the way, is the information user-centric and associated with you or is it  associated only with a particular browser?)

If the information is integrated with the Payment App and not present in the manifest, and you have to install a Payment App in a new browser, do you have to re-register the information associated with the app?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/11#issuecomment-157434601

Received on Tuesday, 17 November 2015 17:04:39 UTC