- From: Danyao Wang <danyao@google.com>
- Date: Thu, 5 Mar 2020 09:11:36 -0500
- To: Ian Jacobs <ij@w3.org>
- Cc: Adrian Hope-Bailie <adrian@coil.com>, Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CAErabb9=MR+vZVF=LLc7VXR=4ck-U1=sUmOoqHqeD0x=LmFTzg@mail.gmail.com>
On Thu, Mar 5, 2020 at 9:03 AM Ian Jacobs <ij@w3.org> wrote: > > > On Mar 5, 2020, at 5:30 AM, Adrian Hope-Bailie <adrian@coil.com> wrote: > > > > Hi all, > > > > Sorry I couldn't join this call. > > With regard to the cross-origin PH installation, would this flow work? > > > > Assuming there is: > > 1. an "Add Card" payment handler hosted on the "src.org" origin > > 2. SRC system payment handlers at "src-system1.com" and " > src-system2.com" origins > > > > Flow: > > 1. The user invokes the "Add Card" PH which calls openWindow and shows a > UI hosted under the src.org origin. > > Hi Adrian, > > I think the observation was that the add card payment handler could not be > installed “just-in-time” if it was referenced by the payment method > manifest of src-system1.com. A tiny clarification: ... if it was *only* referenced by the payment method manifest of src-system1.com, then JIT is not possible. The only solution to enable this flow is to change the browser, but needs a security discussion. If src.com also hosts a payment method manifest, and merchants also include src.com PMI in their request, then the JIT flow would work. This is the second option from here: https://github.com/w3c/src/wiki/ProposedArchitecture#Installation-of-multiplexing-handler-from-another-origin I read Adrian’s original email as the latter, but realize now that it’s actually ambiguous... > > One proposed idea is to have a PMI for the Add Card payment, whose payment > method manifest can refer to it from the same origin. > > Ian > > > 2. The use captures their card details and depending on which network > the card is from the PH submits these to a server at the appropriate SRC > system which returns a redirect URL. > > 3. The user is redirected to a page hosted at either "src-system1.com" > or "src-system2.com" origin. (Part of the data passed in the redirect is > a context identifier that is used when the SRC system redirects back later) > > 4. The user enrolls their card on the SRC system which installs the > necessary Payment Handler from that origin > > 5. The user is redirected back to a page on src.org along with the > context identifier allowing the "Add Card" payment handler to continue > where it left off (re-establish comms with the service worker via > PostMessage) and return a response to the calling page via > PaymentRequestEvent. > > > > The SRC payment handler is now installed for the enrolled card (even > though this initial response was proxied via the add card PH the first > time). > > -- > Ian Jacobs <ij@w3.org> > https://www.w3.org/People/Jacobs/ > Tel: +1 718 260 9447 > > > > > >
Received on Thursday, 5 March 2020 14:12:01 UTC