- From: haavardmolland <notifications@github.com>
- Date: Mon, 01 Feb 2016 06:51:14 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Message-ID: <w3c/webpayments/issues/42/178001135@github.com>
> Therefor passing the payment request from the browser to the payment app and the response from the payment app back to the browser is going to leverage some form of IPC that is already defined in most mobile OS (like intents as indicated by @rsolomakhin) This should still be standardized though, since there will be several browser vendors on each OS. > Payment apps will be regular Web applications (i.e. served from a remote Web server) and rendered in a special native dialogue window or an iframe embedded in the merchant website. One benefit with regular web applications rendered in a special window is that we can require that the app has to be loaded from a https site protected by a Extended Validation (EV) certificate. That way the app can prove the identity of the app vendor, and we can show the vendor identity to the user. This will make it much harder for a phishing site to create a fake payment app and convince a user to install it. I don't know of any such mechanism for native apps or, at least not for Android, or extensions. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/42#issuecomment-178001135
Received on Monday, 1 February 2016 14:51:50 UTC