W3C home > Mailing lists > Public > public-payments-wg@w3.org > May 2016

Re: User Consent and Addresses

From: Ian Jacobs <ij@w3.org>
Date: Tue, 10 May 2016 08:42:24 -0500
Cc: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-Id: <5BE0487B-B3BB-450C-BBC8-839AAF7B3A01@w3.org>
To: Adam Roach <abr@mozilla.com>

> On May 10, 2016, at 8:29 AM, Adam Roach <abr@mozilla.com> wrote:
> 
> On 5/10/16 08:16, Ian Jacobs wrote:
>> Today if I type information (e.g., shipping address) in a form field, does that change the DOM and thus the merchant has access to the information immediately as well?
>> 
>> I am wondering whether the behavior you describe for paymentRequest differs significantly from today’s form-based approach. (I say “I am wondering” because I think
>> you have a better grasp than I do.)
>> 
> 
> Yes, it certainly does have access. But there's a somewhat different mental model between "I entered data into merchant.com's web page, so merchant.com has access to it" and "I entered data into Bobpay's payment app, so merchant.com has access to it, even if I never submitted it.”

Thank you for the clarification. I am hearing this:

 1) I am interacting with merchant.com (browser-as-payment-app). This amounts to the form-fill case.
 2) I am interacting with bob’s payment app (third-party-payment-app). This is a new origin.

Is that your observation? Do you think API behavior should differ in those two cases?

Ian

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447




Received on Tuesday, 10 May 2016 13:42:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 10 May 2016 13:42:29 UTC