W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2016

User Consent and Addresses

From: Adam Roach <abr@mozilla.com>
Date: Fri, 6 May 2016 16:48:06 -0500
To: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <82ed3d5e-ab42-0a6a-c87b-9f98c3082080@mozilla.com>
> *From:*Adam Roach [mailto:abr@mozilla.com]
> *Sent:* Wednesday, May 4, 2016 3:47 PM
> *Issue A: Interaction between address updates and user consent*
> Section 16.1 specifies that user data, such as shipping addresses, are 
> to be provided to the merchant page only with user consent. It's 
> unclear how this interacts with the behavior of 
> "onshippingaddresschange," which fires every time the user changes 
> their address in a payment app. As a user, I would not inherently 
> expect such actions to be automatically exfiltrated to the merchant 
> web page. We definitely need to think through and document what kind 
> of behavior represents informed user consent in these cases.

On 5/4/16 20:07, Adrian Bateman responded:
> On Issue A, I very much disagree. This group should not be defining 
> user consent.

I'm trying to understand this assertion. Other specifications that deal 
with users' private information -- such as the Geolocation API and the 
Media Capture API -- include treatments of user consent. What is it 
about the Web Payments WG that would make our specifications exempt from 
doing so?

Adam Roach
Principal Platform Engineer
Office of the CTO
Received on Friday, 6 May 2016 21:48:37 UTC

This archive was generated by hypermail 2.3.1 : Friday, 6 May 2016 21:48:38 UTC