Re: Payment App receiving customer details from Adrian Hope-Bailie on 2017-03-10 (public-payments-wg@w3.org from March 2017)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Fri, 10 Mar 2017 12:55:11 +0200
To: Frank Hoffmann <frank.hoffmann@klarna.com>
Cc: Ian Jacobs <ij@w3.org>, Payments WG <public-payments-wg@w3.org>
Message-ID: <CA+eFz_+3CzaSugea5cMNT2TUgfrh9AxRt8HOaPhwvR2BD0vZVA@mail.gmail.com>

While I have heard the argument that the data collected is "for the
merchant" I would argue that it is the user's data so the user should be
able to specify if it is shared with third-parties.

I like this proposal but would make some minor adjustments:
1. Don't have a catch-all scope. It's easy enough to list the data you
actually want.
2. Pass the scope's in as an array.

Example:
.requestPermission({scopes: ["displayItems", "payer-email",
"payer-phone"]});

On 10 March 2017 at 10:38, Frank Hoffmann <frank.hoffmann@klarna.com> wrote:

> Hi
>
> I would like to discuss the potential for Payment Apps to receive customer
> and purchase details provided by the merchant or collected by the browser.
> This is related to the discussion in issue #13 (https://github.com/w3c/
> webpayments-payment-apps-api/issues/13) and issue #91 (
> https://github.com/w3c/webpayments-payment-apps-api/issues/91). Can we
> put this on the agenda for next weeks meeting?
>
> Use cases:
> 1. A user have multiple "accounts", e.g. private/business. Payment App can
> identify this by email/phone
> 2. Shared computer/browser. Payment App can identify the user by
> email/phone
> 3. Payment App require customer or purchase details. Payment App do not
> have to ask for the same information again / The merchant does not have to
> provide the information in two places (payment method specific object)
>
> *Suggested solution*
>
> When a Payment App requests permission to handle payments it can
> optionally request for customer and purchase details to be shared with the
> App. For Payment Apps that have the users consent to share
> customer/purchase details the browser will forward this information (when
> available) to the Payment App when invoked.
>
> The user will see something like this when permission is requested:
> "Allow boopay.com to handle payments..
> Your shipping address will be shared with boopay.com when making a
> payment"
>
>
> Related to the discussion in #94 (https://github.com/w3c/
> webpayments-payment-apps-api/issues/94) when permission is asked for an
> optional "scope" can be provided.
>
> Scopes:
> * displayItems
> * payer (covers all of the below)
> * payer:email
> * payer:phone
> * payer:shipping
>
> Example:
> .requestPermission({scope: 'displayItems, payer:email'})
>
> Regards
>
> /frank
>

Received on Friday, 10 March 2017 10:55:44 UTC