Re: [webpayments] PROPOSAL: The Web Payments browser API should not support the collection of shipping information through API calls (#63) from Manu Sporny on 2016-01-26 (public-payments-wg@w3.org from January 2016)

From: Manu Sporny <notifications@github.com>
Date: Mon, 25 Jan 2016 19:36:13 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/63/174801278@github.com>

> A shipping address is none of these things. It may be a home address, but it equally may be an address a friend gave me and I have no proof that it is or isn't real.

The United States Post Office, UPS, and FedEx are interested in issuing digitally signed shipping address credentials to people and organizations. Doing so, and enabling people to use those instead of something they type into an online form would reduce tens of millions of dollars in wasted effort re-routing misrouted packages.

Note that the definition of "credential" in the Credential CG's glossary uses 'such as' before the examples. A credential can be any set of claims about an entity. Saying that "Person X can receive packages at Address Y" makes Address Y a credential of Person X (at least, that's how the Credential CG has decided to model things - and it works pretty well across a variety of market verticals). 

> Surely nobody would propose a latitude/longitude coordinate be a "credential"?

They would. For example, a lat/long credential issued to a person via a mobile phone provider with a timeout of 3 hours would enable that person to consume region-locked content on a particular website without tight coupling between the mobile phone provider network and the content provider.

> Calling it a credential seems like some serious overreaching.

It fits the dictionary definition of a credential, so I don't quite see why you think it's overreaching.

Do you mean that calling a shipping address credential a credential as it is defined in the Credential Management API is overreaching? If so, I agree, but that's only because the Credential Management API has a very narrow definition of credential at the moment (what they really mean are 'a small subset of credentials that can only be used to login'). That said, we've had the discussion w/ @mikewest about extensibility in the CM API and the answer we got back wasn't "the CM API isn't extensible enough to support the types of credentials that the Credential CG is working on".

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/63#issuecomment-174801278

Received on Tuesday, 26 January 2016 03:37:17 UTC