W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2016

Re: User Consent and Addresses

From: Ian Jacobs <ij@w3.org>
Date: Tue, 10 May 2016 08:16:03 -0500
Cc: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-Id: <8220D5D6-9041-405E-8F5B-0F21BD3E25A2@w3.org>
To: Adam Roach <abr@mozilla.com>

> On May 6, 2016, at 4:48 PM, Adam Roach <abr@mozilla.com> wrote:
> 
>> From: Adam Roach [mailto:abr@mozilla.com]
>> Sent: Wednesday, May 4, 2016 3:47 PM
>> 
>> Issue A: Interaction between address updates and user consent
>> 
>> Section 16.1 specifies that user data, such as shipping addresses, are to be provided to the merchant page only with user consent. It's unclear how this interacts with the behavior of "onshippingaddresschange," which fires every time the user changes their address in a payment app. As a user, I would not inherently expect such actions to be automatically exfiltrated to the merchant web page. We definitely need to think through and document what kind of behavior represents informed user consent in these cases.

Hi Adam,

Today if I type information (e.g., shipping address) in a form field, does that change the DOM and thus the merchant has access to the information immediately as well?

I am wondering whether the behavior you describe for paymentRequest differs significantly from today’s form-based approach. (I say “I am wondering” because I think
you have a better grasp than I do.)

Ian

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447




Received on Tuesday, 10 May 2016 13:18:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 10 May 2016 13:18:02 UTC