- From: Ian Jacobs <ij@w3.org>
- Date: Thu, 14 Mar 2019 08:28:53 -0500
- To: Web Payments Working Group <public-payments-wg@w3.org>
Dear Web Payments WG, As part of preparing to move Payment Request API forward in the W3C process, several of us presented changes to Payment Request to the Privacy Interest Group on 28 February [1]. We received helpful review, which led to a number of specification changes to the draft that we expect to publish as a revised Candidate Recommendation. In addition, we have recorded two issues that are currently slated for further discussion after we complete version 1: * Fine-grained error reporting for canMakePayment https://github.com/w3c/payment-request/issues/847 * Address redaction negotiation https://github.com/w3c/payment-request/issues/842 Ian [1] https://www.w3.org/2019/02/28-privacy-minutes ================= Payment Request API Normative: * For events that share addresses with the payee prior to confirmation by the user, browsers redact parts of the address. The "redactList" was optional and is now required as a minimum bound for both shipping and billing addresses. In addition, we increased the scope of the redactList (that is: less information is shared prior to the user confirming the transaction). Editorial: * Added more information about canMakePayment() abuse mitigations. * New verbiage drawing attention to privacy considerations upon instrument selection. * New privacy consideration regarding validationURL not exposing PII. * Merged two sections about security and privacy into one. * Clarified two definitions: payment method and payment method owner. ================= Basic Card Editorial: * Fixed a bug (missing addressLine from redactList). -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Thursday, 14 March 2019 13:28:57 UTC