Re: [Minutes] 4 Mar 2020 card payment security task force call

Hi Adrian,

Yes, that flow would work.

Cheers,
Rouslan

On Thu, Mar 5, 2020 at 6:31 AM Adrian Hope-Bailie <adrian@coil.com> wrote:

> Hi all,
>
> Sorry I couldn't join this call.
> With regard to the cross-origin PH installation, would this flow work?
>
> Assuming there is:
>  1. an "Add Card" payment handler hosted on the "src.org" origin
>  2. SRC system payment handlers at "src-system1.com" and "src-system2.com"
> origins
>
> Flow:
> 1. The user invokes the "Add Card" PH which calls openWindow and shows a
> UI hosted under the src.org origin.
> 2. The use captures their card details and depending on which network the
> card is from the PH submits these to a server at the appropriate SRC system
> which returns a redirect URL.
> 3. The user is redirected to a page hosted at either "src-system1.com" or
> "src-system2.com" origin. (Part of the data passed in the redirect is a
> context identifier that is used when the SRC system redirects back later)
> 4. The user enrolls their card on the SRC system which installs the
> necessary Payment Handler from that origin
> 5. The user is redirected back to a page on src.org along with the
> context identifier allowing the "Add Card" payment handler to continue
> where it left off (re-establish comms with the service worker via
> PostMessage) and return a response to the calling page via
> PaymentRequestEvent.
>
> The SRC payment handler is now installed for the enrolled card (even
> though this initial response was proxied via the add card PH the first
> time).
>
>
>
>
>
>
> On Wed, 4 Mar 2020 at 20:14, Ian Jacobs <ij@w3.org> wrote:
>
>> Dear Card Payment Security Task Force,
>>
>> Minutes from today’s call:
>>  https://www.w3.org/2020/03/04-wpwg-minutes
>>
>> Next call: 18 March
>>
>> Thank you!
>>
>> Ian
>>
>> --
>> Ian Jacobs <ij@w3.org>
>> https://www.w3.org/People/Jacobs/
>> Tel: +1 718 260 9447 <(718)%20260-9447>
>>
>>
>>
>>
>>
>>