Re: [paymentrequest] Payment App Registration: Same Origin is problematic for identifying_url (#66)

> It would be cleaner to have the user agent interrogate the
payment app to determine the list of supported payment methods.  Or, and I
think this is better, have the user agent pass through to the payment app
the list of methods the merchant supports, and the payment app responds
with the subset that is available.

I think that could work -- except there might be an authentication problem with this approach. The user needs to authenticate with the Payment App in order for it to be able to be respond (on behalf of the user) to the browser with what methods are available. This potentially brings up more questions than it answers -- like how the browser will get user consent and security credentials to authenticate with a variety of different Payment Apps? Right now, how authentication happens with a particular Payment App is of no consequence to the browser -- this may require breaking that abstraction.

Reply to this email directly or view it on GitHub:

Received on Wednesday, 24 February 2016 18:37:51 UTC