- From: ianbjacobs <notifications@github.com>
- Date: Tue, 09 Aug 2016 09:58:14 -0700
- To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Received on Tuesday, 9 August 2016 16:58:55 UTC
In the spec up to now, we have defined "request_url" as serving two purposes: * service that accepts payment request messages via HTTP POST. * identifier for the app. I have made changes in the spec to distinguish these two functionalities by adding "payment_app_id" for the latter role. This allows, for example, multiple payment apps to reuse the same processing service. Adrian points out a couple of things: * If we want to use origin information to do security (or other) checks, the more URLs we use the higher the cost of cross-checking them all. * We need to discuss further what the expectations are for the payment_app_id URL. Is the expectation that one can dereference it, e.g., to fetch information about the payment app? Or to get registration data about the payment app? Ian --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/20
Received on Tuesday, 9 August 2016 16:58:55 UTC