Re: [webpayments] PROPOSAL: The Web Payments browser API should not support the collection of shipping information through API calls (#63)

Hey @mikewest, 

We've had a very lengthy set of conversations with you in WebAppSec over the past year about "more than just login credentials" use cases:

As a result of those conversations, there were changes made to the CM API spec, namely the Extension Points portion of the spec:

It's documented in the CM API that these sorts of credentials are of interest and Credentials CG, Web Payments IG, and Verifiable Claims Task Force are exploring the space *and expect to use the Credentials Management API to implement these features*:

We (Digital Bazaar) even went to the trouble to align the Credential CG API w/ the Credential Management API because we thought there was alignment that the CM API could do this in the future. I realize that you're not *currently* chartered to do more than just login credentials. That's not the point.

The point is that there exists an API at W3C that is Recommendation track that /could/ gather shipping address information, and the Credentials CG and VCTF work intends to extend that API to do just that. However, the requestPayment API proposal intends to create its own API to gather shipping address information instead of extending the CM API (which could be done).

The question is, why isn't the requestPayment API not just extending the CM API? Why is it effectively re-inventing a very specific subset of the CM API?

Reply to this email directly or view it on GitHub:

Received on Friday, 22 January 2016 15:34:02 UTC