- From: Stephen McGruer <notifications@github.com>
- Date: Tue, 25 Jan 2022 05:52:17 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments/pull/260/review/862299889@github.com>
@stephenmcgruer approved this pull request. > @@ -0,0 +1,28 @@ +# EMV® Secure Remote Commerce (SRC) User Recognition +<sup>[Home][home] > [Use Cases][use-cases] > SRC User Recognition</sup> + +See more [information about EMV®SRC](https://www.emvco.com/emv-technologies/src/), including the "Click-to-Pay" consumer facing UX. + +## Overview of Click-to-Pay Flow + +* The user pushes the Click-to-Pay button. Optional; should we indicate that the user is usually **not** on an SRC-I page here? (As otherwise step 2 is just a 1p cookie) > @@ -0,0 +1,28 @@ +# EMV® Secure Remote Commerce (SRC) User Recognition +<sup>[Home][home] > [Use Cases][use-cases] > SRC User Recognition</sup> + +See more [information about EMV®SRC](https://www.emvco.com/emv-technologies/src/), including the "Click-to-Pay" consumer facing UX. + +## Overview of Click-to-Pay Flow + +* The user pushes the Click-to-Pay button. +* The SRC Initiator (SRC-I) determines (via a cookie, typically) whether this is a returning user, and if so finds the user's SRC identity (e.g., email address). This is interesting, as its not how I thought SRC worked! I had thought it was as follows: 1. Sometime in the past, user visits `https://src-a.com` and signs up for SRC with that system. * At this time, `https://src-a.com` drops a 1p cookie saying 'this user has ID abcd1234' 2. Later, user is on a site and clicks a Click To Pay button. 1. SRC-I loads to handle the payment, and has no particular knowledge of the user 2. SRC-I sends (e.g.) a fetch request to `https://src-a.com/get-details` * This fetch request is made with 3p cookies for `https://src-a.com` * Server-side, `https://src-a.com` reads its previously set cookie and looks up abcd1234 in its database to fetch credit card details * These details are then returned to SRC-I 3. Repeat step ii. for each known SRC system. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/pull/260#pullrequestreview-862299889 You are receiving this because you are subscribed to this thread. Message ID: <w3c/webpayments/pull/260/review/862299889@github.com>
Received on Tuesday, 25 January 2022 13:52:30 UTC