- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Fri, 7 Oct 2016 14:42:59 +0100
- To: "'Ian Jacobs'" <ij@w3.org>, <public-privacy@w3.org>
- Cc: "'Adam Roach'" <abr@mozilla.com>, "'Telford-Reed, Nick'" <Nick.Telford-Reed@worldpay.com>, "'Adrian Hope-Bailie'" <adrian@ripple.com>
Hi Ian, I wonder if the "allowpaymentrequest" attribute on an iframe is sufficient to stop rogue script dynamically creating iframes which present bogus payment requests to the user. Maybe a CSP directive would work here, or at least block payment requests from iframes when the top level context is not secure. Mike -----Original Message----- From: Ian Jacobs [mailto:ij@w3.org] Sent: 06 October 2016 16:22 To: public-privacy@w3.org Cc: Adam Roach <abr@mozilla.com>; Telford-Reed, Nick <Nick.Telford-Reed@worldpay.com>; Adrian Hope-Bailie <adrian@ripple.com> Subject: Seeking feedback on "user consent" text in Web Payments Working Group specification Dear Privacy IG, The Web Payments WG’s draft “Payment Request API” [1] involves user actions to share some information with a merchant (e.g., credit card details, shipping address). We would like to make it clear in the specification that that information should not be shared without user consent. Opinions vary on how much (if any) guidance to provide about securing user content. I would like to ask for your review of the proposal below, which would appear in our “Privacy Considerations” (section 18). Please let me know whether you find the text below useful and sufficient. For comparison, an analogous section in the Media Capture and Streams specification goes into greater detail: https://w3c.github.io/mediacapture-main/getusermedia.html#privacy-and-security-considerations Thank you, Ian [1] https://w3c.github.io/browser-payment-api/ ================= Proposal for 18.1 Exposing user information Capturing user information (payment credentials, shipping address, etc.) exposes personally-identifiable information to applications. The user agent should never share user information to the web page without user consent. For a number of reasons, this specification does not recommend particular practices for establishing user consent: • What constitutes user consent from a regulatory perspective may vary by jurisdiction. • Users provide consent through a variety of mechanisms, both case-by-case (e.g., one-time click-through agreement) and persistent (e.g., contractual agreements that involve a single user interaction, user agent settings, and operating system settings). • There are numerous good practices for establishing consent, such as clear notice to the user about implications of an action, usability of configuration interfaces to view and change user decisions, and avoiding unnecessary prompts. Developers should therefore consult up-to-date good practice documentation, which may vary by region, browser, operating system, and payment system. -- Ian Jacobs <ij@w3.org> http://www.w3.org/People/Jacobs Tel: +1 718 260 9447
Received on Friday, 7 October 2016 13:44:07 UTC