Comments on 3DS Flow

Hi Matt,

I volunteered [1] to review the 3DS flow [2]. Comments below. Cheers!

Ian

[1] https://lists.w3.org/Archives/Public/public-payments-wg/2016Feb/0036.html
[2] http://www.plantuml.com/plantuml/proxy?fmt=svg&src=https://raw.githubusercontent.com/w3c/webpayments/gh-pages/PaymentFlows/Card/MerchantHosted-CardPaymentwith3DS-Current.pml

========
Comments

 * The whole 3DS section is in an “opt” box. My understanding is that for the 3DS flow, this is not optional.
 * I found slightly confusing the use of “Authorization” for both (1) the PSP/Acquiring bank doing some communications and (2) the issuer actually authorizing payment.
   I wonder if messages 9 and 26 (to and from the PSP/Acquirer) could be labeled “PaymentInitiation” or something else that makes clearer that the PSP/Acquirer
   is not doing any authorization, only acting as a conduit.
 * In some cases, messages are showing with a parameter (e.g,. “payload” or “PAReq message”). In other cases, there are no parameters. Personally, I find that
   the parameters are not adding much value. For example, one could rename 6 “payload” to “RawCardInfo” or “UnencryptedCardInfo” and then 7 would be
   “EncryptedCardInfo” and there would be no need for parameters.
 * The capture phase shows a message (28) from Web site to PSP. Is that necessary? According to message 25 (Auth Response), the PSP already has the
    necessary information so should be able to initiate capture without going to the Merchant site.
 * Minor: Instead of “Basket Page” do we want to say “Checkout”? I think that word is gaining traction in the group.
 * Minor: Where there are alternatives, I wonder whether those could be numbered, for example: "4a and 4b," rather than "4 and 5”. My guess is that the
   answer is “no” because the rendering engine numbers them that way. That’s fine.

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447