Re: Request for review of substantive changes to Payment Request API -- by 19 February 2019 from Wendy Seltzer on 2019-02-07 (public-privacy@w3.org from January to March 2019)

From: Wendy Seltzer <wseltzer@w3.org>
Date: Thu, 7 Feb 2019 10:18:15 -0500
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Cc: Ian Jacobs <IJ@W3.org>
Message-ID: <cc553c6f-daeb-5f72-481b-d0c68b39cbf5@w3.org>

Ian's summary of substantive changes at this CR is quite helpful
> https://lists.w3.org/Archives/Public/public-payments-wg/2019Feb/0003

A few points stood out to me for privacy consideration:
> * Added support for notification when the user selects a payment method,
>   but before confirming payment. This allows merchant to update totals, 
>   validate acceptance, etc. 
> 
> * Added support to notify site of billing address selection. This
>   allows a merchant to update a total (e.g., for VAT in Europe).
>   To enhance privacy, only some billing address data is returned
>   to the merchant as long as the user has not confirmed payment.

Both of these API features return information about user interactions
before the user has explicitly "submitted" a stage of the payment
process. Would users be surprised by that behavior? Should authoring or
implementation guidance suggest user notification?

--Wendy

On 2/5/19 18:21, Christine Runnegar wrote:
> Hi Pete,
> 
> Yes, I agree. Two days is probably too short. We will liaise with Ian regarding timing, etc. to see what may work.
> 
> Christine
> 
>> On 5Feb2019, at 1:20 PM, Pete Snyder <psnyder@brave.com> wrote:
>>
>> I don't think we can do a proper review of this by our meeting two days for now.  I suggest we review next months meeting.  Would that be possible?
>>
>>> On Feb 5, 2019, at 1:13 PM, Ian Jacobs <ij@w3.org> wrote:
>>>
>>> Christine, Tara,
>>>
>>> On behalf of the Web Payments Working Group, I would like to request Privacy Interest Group review of substantive changes to Payment Request API since it was last published as a Candidate Recommendation in July 2018 [1]. I am asking for this review as we prepare to return to Candidate Recommendation (and then Proposed Recommendation).
>>>
>>> I would like to request review of these changes by 19 February 2019. If that is not feasible, please let us know a date by which you could provide a response.
>>>
>>> Here are the substantive changes (in descriptive format):
>>> https://lists.w3.org/Archives/Public/public-payments-wg/2019Feb/0003
>>>
>>> That email includes additional information such as links to the full edit history.
>>>
>>> For the updated specification, see the Editors' Draft:
>>> https://w3c.github.io/payment-request/
>>>
>>> Thank you for your consideration of this request. Let me know if you have any questions.
>>>
>>> For the co-Chairs of the Web Payments Working Group,
>>> Ian Jacobs
>>>
>>> [1] https://www.w3.org/TR/2018/CR-payment-request-20180709/
>>>
>>> --
>>> Ian Jacobs <ij@w3.org>
>>> https://www.w3.org/People/Jacobs/
>>> Tel: +1 718 260 9447
>>>
>>>
>>>
>>>
>>>
>>
>>
> 
> 


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Strategy Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)

Received on Thursday, 7 February 2019 15:18:17 UTC