Re: [w3c/browser-payment-api] How are web-based payment apps supported? (#39) from Wayne Carr on 2016-04-10 (public-webpayments-specs@w3.org from April 2016)

From: Wayne Carr <notifications@github.com>
Date: Sat, 09 Apr 2016 17:13:28 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/39/207889994@github.com>

Since Web pages don't have access to tamper proof execution on the user device, a Web page payment app would likely execute secure functions on a server. One means of doing that could be:

1. Web page Payment App registration can be done like service registration in Web Intents. User navigates to a Web page that offers a Web page Payment Application. Web page calls a registration API, passing a Web page payment app URL and indicates what payment methods it supports. Reregistration changes URL or payment methods or unregisters. (whatever WebIntents ended with)

2. Payment Mediator selects Payment Application as usual and can choose one registered as a Web page payment application

3. Browser (Payment Mediator) starts Web page Payment Application page in a tab if it has been chosen for a payment. The payment app can interact with the user to login with Web Authentication, etc.

4a. WG defines an additional, alternative payment request API that passes a JSON object that contains the same information that is passed to the other (currently proposed) payment request API that comes from and is, optionally, digitally signed by the merchant.

4b. Define a way to pass the JSON payment request object to the payment application Web page when it is opened in a tab. (e.g. the JSON payment request is placed in a defined location in the DOM)

4c. Define a way for the Web page Payment Application to return a JSON object with the payment response (confirmation that it was payed or else with the information about how to complete the payment) (where again the JSON object can optionally be digitally signed, this time by the entity paying). (e.g. in the object in the DOM the Web page payment app where it gets its input, there is an API for providing the result. That API fulfills the promise given in the payment request in the merchant page.)

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/39#issuecomment-207889994

Received on Sunday, 10 April 2016 00:14:23 UTC