Re: [w3c/webpayments-payment-apps-api] Addition of new design considerations (#19)

> @@ -269,19 +269,66 @@
>      </ul>
>    </section>
>    <section>
> +    <h3>Decoupling and Trust</h3>
> +    <ul>
> +<li>    A goal of this system is to decouple the payment methods used to pay from the software (payment apps) that implement those payment methods. By decoupling, merchants (and their payment service providers) can lower the cost of creating a checkout experience, users can have more choice in the software they use to pay, and payment app providers can innovate without imposing an integration burden on merchants.</li>
> +<li>    Users may choose to use "open" or "proprietary" payment methods, so the payment app ecosystem must support both. Users must be able to register payment apps of their choosing. We expect the user to have greater choice of third party payment apps for open payment methods than for proprietary payment methods. Examples of open payment methods include card payment and SEPA credit transfer.</li>
> +<li>    For privacy, the design should limit information about the user's environment available to merchant without user consent. That includes which payment apps the user has registered. For open payment methods, the merchant should not receive information about which payment app the user selected to pay unless the user consents to share that information.</li>

"For open payment methods, the merchant should not receive information about which payment app the user selected to pay unless the user consents to share that information." - this may be difficult because the merchant needs to track the progress of, especially a push payment, with some entity (i.e. knowing the payment method may not be enough)

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/pull/19/files/f17221097d5b71d07091af0d6665c6d924616ba8#r73842772

Received on Monday, 8 August 2016 09:12:12 UTC