W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2016

Re: User Consent and Addresses

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Tue, 10 May 2016 09:37:13 -0400
To: Adam Roach <abr@mozilla.com>, Ian Jacobs <ij@w3.org>
Cc: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <5731E409.6050109@digitalbazaar.com>
On 05/10/2016 09:29 AM, Adam Roach wrote:
> On 5/10/16 08:16, Ian Jacobs wrote:
>> Today if I type information (e.g., shipping address) in a form field, does that change the DOM and thus the merchant has access to the information immediately as well?
>>
>> I am wondering whether the behavior you describe for paymentRequest differs significantly from today’s form-based approach. (I say “I am wondering” because I think
>> you have a better grasp than I do.)
>
> Yes, it certainly does have access. But there's a somewhat different
> mental model between "I entered data into merchant.com's web page, so
> merchant.com has access to it" and "I entered data into Bobpay's payment
> app, so merchant.com has access to it, even if I never submitted it."

To be clear, I don't believe the latter represents the current API 
design. The shipping information (at least the information that is 
reported via `onshippingaddresschange`) isn't entered into a Payment 
App, but into a special checkout UI provided by the browser. However, it 
is correct that it is not entered via a page on merchant.com.

I think this may better capture what's going on: "I entered data into a 
'special browser checkout UI', so merchant.com has access to it, even if 
I never submitted it."


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Tuesday, 10 May 2016 13:39:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 10 May 2016 13:39:53 UTC