Re: [Minutes] 4 Mar 2020 card payment security task force call from Adrian Hope-Bailie on 2020-03-05 (public-payments-wg@w3.org from March 2020)

From: Adrian Hope-Bailie <adrian@coil.com>
Date: Thu, 5 Mar 2020 15:05:15 +0200
To: Rouslan Solomakhin <rouslan@google.com>
Cc: Ian Jacobs <ij@w3.org>, Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <CAFYU5zZCbJQuzKgM=ck6grT4iJe-rVFz_xdpGeYLA6MJke+WhQ@mail.gmail.com>

Great, thanks!

Note to all, in case it wasn't clear, all of the UI interactions I describe
(redriectes etc) are being rendered inside the Payment Handler window

On Thu, 5 Mar 2020 at 15:02, Rouslan Solomakhin <rouslan@google.com> wrote:

> Hi Adrian,
>
> Yes, that flow would work.
>
> Cheers,
> Rouslan
>
> On Thu, Mar 5, 2020 at 6:31 AM Adrian Hope-Bailie <adrian@coil.com> wrote:
>
>> Hi all,
>>
>> Sorry I couldn't join this call.
>> With regard to the cross-origin PH installation, would this flow work?
>>
>> Assuming there is:
>>  1. an "Add Card" payment handler hosted on the "src.org" origin
>>  2. SRC system payment handlers at "src-system1.com" and "src-system2.com"
>> origins
>>
>> Flow:
>> 1. The user invokes the "Add Card" PH which calls openWindow and shows a
>> UI hosted under the src.org origin.
>> 2. The use captures their card details and depending on which network the
>> card is from the PH submits these to a server at the appropriate SRC system
>> which returns a redirect URL.
>> 3. The user is redirected to a page hosted at either "src-system1.com"
>> or "src-system2.com" origin. (Part of the data passed in the redirect is
>> a context identifier that is used when the SRC system redirects back later)
>> 4. The user enrolls their card on the SRC system which installs the
>> necessary Payment Handler from that origin
>> 5. The user is redirected back to a page on src.org along with the
>> context identifier allowing the "Add Card" payment handler to continue
>> where it left off (re-establish comms with the service worker via
>> PostMessage) and return a response to the calling page via
>> PaymentRequestEvent.
>>
>> The SRC payment handler is now installed for the enrolled card (even
>> though this initial response was proxied via the add card PH the first
>> time).
>>
>>
>>
>>
>>
>>
>> On Wed, 4 Mar 2020 at 20:14, Ian Jacobs <ij@w3.org> wrote:
>>
>>> Dear Card Payment Security Task Force,
>>>
>>> Minutes from today’s call:
>>>  https://www.w3.org/2020/03/04-wpwg-minutes
>>>
>>> Next call: 18 March
>>>
>>> Thank you!
>>>
>>> Ian
>>>
>>> --
>>> Ian Jacobs <ij@w3.org>
>>> https://www.w3.org/People/Jacobs/
>>> Tel: +1 718 260 9447 <(718)%20260-9447>
>>>
>>>
>>>
>>>
>>>
>>>

Received on Thursday, 5 March 2020 13:07:01 UTC