[w3c/browser-payment-api] How do the payer and payee agree on the payment obligation as part of the flow? (#113)

There was some discussion on this topic at the face to face and an interesting point was made by @mattsaxon and @vkuntz about the need for a user to confirm exactly what they are authorizing.

This could be inferred by the payment app which could make sure appropriate UI is rendered for the user to assist them but there needs to be some control from the payee in defining "what they are requesting".

It was suggested that the payee be able to provide a string that should always be displayed to the user and the payment app or user agent should ensure the user acknowledges this string and confirmthat they accept it.

This will be a requirement for some jurisdictions but may not be for others so it should be optional.

Examples:
* "Pay $50 to XYZ Store for invoice ABC123"
* "Reserve $300 for payment to ABC Car Rental"
* "Create a new recurring payment to Bob's DIY Magazine for $25 per month"

It was also suggested that the payee be able to provide a link to some T&Cs and request that the user click a check-box to acknowledge that they have read these.

My proposal is that we:

A. Include the request to acknowledge T&Cs in the payment options as this is something the user agent can handle and doesn't need to be done by the payment app.

The payment options might look like this:

```javascript
{
  "requestShipping": true
  "requestTermsConfirmation" : true // displays a checkbox that the user must tick
  "termsURL" : "https://xyzstore.com/terms"
}
```

B. Include an obligation in the payment details that can be used by the payment app.

The payment details might look like this:

```javascript
{
  "items": [
    {
      "id": "total",
      "label": "Total due",
      "amount": { "currencyCode": "USD", "value" : "60.00" }, // US$60.00
    }
  ],
  "obligation": "Payment for order 123 from XYZ Stores."
}
```
The payment app may then have some way to sign and time-stamp this with a user specific key to prove that the user accepted the proposed obligation.

@mattsaxon , @vkuntz : Is this sensible?

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/113

Received on Friday, 1 April 2016 10:07:41 UTC