Just encryption and/or also signing? Signing JSON is a minefield. JWT and JOSE are not very developer friendly and the other proposed solutions out there have got very little traction. I'd suggest we leave that to each payment method and come up with an elegant solution for one of our open payment methods that can serve as an example for others. On 29 November 2016 at 01:54, Roy McElmurry <rvm4@fb.com> wrote: > I need to chat with Zach and Adrian from a technical perspective (and I’ll > facilitate that later), but I would like to discuss philosophically how we > would like to handle data encryption specifically for the tokenized card > spec if not all data payloads. > > On 11/28/16, 9:10 AM, "Ian Jacobs" <ij@w3.org> wrote: > > Hello all, > > Here is the draft agenda for our 1 December call: > https://github.com/w3c/webpayments/wiki/Agenda-20161201 > > IMPORTANT: We would like to resolve whether to adopt the proposal > for detecting payment method availability. Please review this pull > request in > advance and be prepared to discuss it on the call: > https://github.com/w3c/browser-payment-api/pull/316 > > Zach, Adrian, and Roy: there were numerous comments recently on the > specification > (notably from Marcos). Please let me know whether there are any issues > you would like > to add to this week’s agenda. Thank you! > > More on WPWG meetings: > https://github.com/w3c/webpayments/wiki/Meetings > > Ian > -- > Ian Jacobs <ij@w3.org> http://www.w3.org/People/Jacobs > Tel: +1 718 260 9447 > > > > > >
Received on Tuesday, 29 November 2016 08:50:29 UTC