W3C home > Mailing lists > Public > public-payments-wg@w3.org > March 2019

Summary of recent changes based on privacy review

From: Ian Jacobs <ij@w3.org>
Date: Thu, 14 Mar 2019 08:28:53 -0500
Message-Id: <A03DACDD-AF71-46F1-B722-31534E6ECC3F@w3.org>
To: Web Payments Working Group <public-payments-wg@w3.org>
Dear Web Payments WG,

As part of preparing to move Payment Request API forward in the W3C process, several of us presented changes to Payment Request to the Privacy Interest Group on 28 February [1]. We received helpful review, which led to a number of specification changes to the draft that we expect to publish as a revised Candidate Recommendation.

In addition, we have recorded two issues that are currently slated for further discussion after we complete version 1:

 * Fine-grained error reporting for canMakePayment
   https://github.com/w3c/payment-request/issues/847

 * Address redaction negotiation
   https://github.com/w3c/payment-request/issues/842

Ian

[1] https://www.w3.org/2019/02/28-privacy-minutes

=================
Payment Request API

Normative:

* For events that share addresses with the payee prior to confirmation by the user, browsers redact parts of the address. The "redactList" was optional and is now required as a minimum bound for both shipping and billing addresses. In addition, we increased the scope of the redactList (that is: less information is shared prior to the user confirming the transaction).

Editorial:

* Added more information about canMakePayment() abuse mitigations.
* New verbiage drawing attention to privacy considerations upon instrument selection.
* New privacy consideration regarding validationURL not exposing PII.
* Merged two sections about security and privacy into one.
* Clarified two definitions: payment method and payment method owner.

=================
Basic Card

Editorial:

* Fixed a bug (missing addressLine from redactList).

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 718 260 9447
Received on Thursday, 14 March 2019 13:28:57 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 14 March 2019 13:28:58 UTC