Re: Payment App receiving customer details from Adrian Hope-Bailie on 2017-03-10 (public-payments-wg@w3.org from March 2017)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Fri, 10 Mar 2017 13:05:18 +0200
To: Marcos Caceres <marcos@marcosc.com>
Cc: Frank Hoffmann <frank.hoffmann@klarna.com>, Payments WG <public-payments-wg@w3.org>, Ian Jacobs <ij@w3.org>
Message-ID: <CA+eFz_+AOLTFZabuWwjW83JuJ9X4RaWD4MceJ-RD-tgBNZZpZQ@mail.gmail.com>

> There are lots of ways to deal with this, that don't require permission
grants via an API.

It's not clear to me how these would solve the current requirement. Could
you elaborate?

On 10 March 2017 at 13:01, Marcos Caceres <marcos@marcosc.com> wrote:

> On March 10, 2017 at 9:56:39 PM, Adrian Hope-Bailie
> (adrian@hopebailie.com) wrote:
> > While I have heard the argument that the data collected is "for the
> > merchant" I would argue that it is the user's data so the user should be
> > able to specify if it is shared with third-parties.
> >
> > I like this proposal but would make some minor adjustments:
> > 1. Don't have a catch-all scope. It's easy enough to list the data you
> > actually want.
> > 2. Pass the scope's in as an array.
> >
> > Example:
> > .requestPermission({scopes: ["displayItems", "payer-email",
> > "payer-phone"]});
>
> There are lots of ways to deal with this, that don't require
> permission grants via an API. See how browsers do "Autofill",
> particularly how Safari does things (requiring user interaction, as an
> explicit permission grant that is user-guarded on interaction). I know
> form Mozilla's perspective, we want less permission prompts (which are
> less than ideal - and generally annoy people), and more solutions
> gated on user interaction that happens "in context" while the user is
> trying to do something.
>

Received on Friday, 10 March 2017 11:05:51 UTC