- From: Adrian Hope-Bailie <adrian@coil.com>
- Date: Thu, 5 Mar 2020 13:30:31 +0200
- To: Ian Jacobs <ij@w3.org>
- Cc: Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CAFYU5zYssyK1bct=Zd7Me7kvwkYg2QgREFp81HgOEopUXEw7pw@mail.gmail.com>
Hi all, Sorry I couldn't join this call. With regard to the cross-origin PH installation, would this flow work? Assuming there is: 1. an "Add Card" payment handler hosted on the "src.org" origin 2. SRC system payment handlers at "src-system1.com" and "src-system2.com" origins Flow: 1. The user invokes the "Add Card" PH which calls openWindow and shows a UI hosted under the src.org origin. 2. The use captures their card details and depending on which network the card is from the PH submits these to a server at the appropriate SRC system which returns a redirect URL. 3. The user is redirected to a page hosted at either "src-system1.com" or " src-system2.com" origin. (Part of the data passed in the redirect is a context identifier that is used when the SRC system redirects back later) 4. The user enrolls their card on the SRC system which installs the necessary Payment Handler from that origin 5. The user is redirected back to a page on src.org along with the context identifier allowing the "Add Card" payment handler to continue where it left off (re-establish comms with the service worker via PostMessage) and return a response to the calling page via PaymentRequestEvent. The SRC payment handler is now installed for the enrolled card (even though this initial response was proxied via the add card PH the first time). On Wed, 4 Mar 2020 at 20:14, Ian Jacobs <ij@w3.org> wrote: > Dear Card Payment Security Task Force, > > Minutes from today’s call: > https://www.w3.org/2020/03/04-wpwg-minutes > > Next call: 18 March > > Thank you! > > Ian > > -- > Ian Jacobs <ij@w3.org> > https://www.w3.org/People/Jacobs/ > Tel: +1 718 260 9447 > > > > > >
Received on Thursday, 5 March 2020 11:31:00 UTC