Re: [w3c/browser-payment-api] Should we standardise a callback mechanism for payment apps to communicate to 3rd parties? (#109)

> There is plenty you can do in the existing model, so I'm not exactly sure if a richer dialog is necessary.

The primary limitation of the existing model is that the UI is entirely driven by the payee and actors on the payer side are only humans entering data.

This places a huge limitation on the types of interactions that are possible. For example, we would like to allow credit-push payments and more secure credential exchange which are not possible today.

> In any case, browser vendors have already abandoned older more permissive extensions frameworks like XUL to standardize on WebExtensions, which specifically disallows this for extensions. It's more complex anytime you poke holes in someone security model. 

Whether payments apps will be browser extensions or web apps or entirely stand-alone native apps (or all of the above) is as yet unknown. To some extent it will be determined by the user agents but this group should at a minimum define a web interface to payment apps.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/109#issuecomment-204276498

Received on Friday, 1 April 2016 07:01:42 UTC