Thank you for this review request and for the comprehensive information you've put together in the explainer. As we've previously positively reviewed Payment Request and Web Authentication we're happy to see these being brought together to make the web payment user flow easier. The use cases and user needs are well documented. It's also great to see the results of the experiment written up here. Regarding the [design choices you've made](https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md#why-use-the-payment-request-api) to implement this as a payment method: we're concerned that this may be confusing to developers. Would the alternative approach (`navigator.credentials.get()`) be better from a developer ergonomics PoV? If so, it may be worth the effort to coordinate with the webauthn working group. Regarding the privacy risks enumerated at the end of the explainer, can you include more specific mitigation advice for implementers on how to mitigate against these potential attacks? -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/763#issuecomment-1259180435 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/763/1259180435@github.com>
Received on Tuesday, 27 September 2022 08:42:46 UTC