Re: [w3c/browser-payment-api] [api] Section 11 PaymentResponse seems to be missing shippingAddress (#75)

Hmm, this is tricky. We cannot (in general) determine final pricing without knowing where the product is going which necessitates passing addresses to the client before authorization occurs, but we cannot get to the authorization screen without determining final pricing.

If I suppose that payment mediators are likely to implement this by presenting address forms prior to payment methods/apps, then I would argue that this is no less secure that standard practices today and consumers are used to the risk of providing an address. 

For privacy sake though, I would suggest we only pass in vague address information until payment has been authorized. For instance, giving the client country, state, and zip code is generally enough for any shipping purposes and does not leak very sensitive information (these are things you may already be able to deduce).

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/75#issuecomment-208047421

Received on Sunday, 10 April 2016 19:22:00 UTC