Re: [w3c/webpayments-payment-apps-api] Is the concept of payment app registration necessary? (#8)

@jnormore,

Thanks for starting this thread. It also picks up on some themes that our colleagues at Alibaba raised in London.

+1 to thinking about how to make registration minimally intrusive.

Note: In what follows, I use "registration" to mean "providing the browser with metadata about a payment app." There is no software installation. However, the metadata might include information about the user (e.g., credentials). (We can decide later whether it helps us solve any problems by limiting the term "registration" to the exchange of generic information only about the payment app and to use some other term to refer to "communicating to the browser some user-specific data held by the payment app.")
 Here are some scenarios (that you also touch upon):

 * Installation of a native app includes payment app registration in the browser, so no extra step is required.
 * When the user is presented with recommended payment apps, user selection of the payment app includes registration. I have in mind, by the way, the sort of experience you get on linkedin or
twitter when they suggest 47 people you might like to follow, and you easily click on the ones you want and can "dismiss" the rest. Please note that this would include both merchant-recommended and browser-recommended apps. 
 * When I visit the Web site of a provider of a payment app, they have a button or can prompt me to register their payment app.

The last bullet includes user consent, but here's a question: suppose I visit merchant.com's web site and they have an app. Should they be able to silently register their app as long as the payment app's origin is part of registration? On the one hand that would streamline app registration, but it might also create some spoofing opportunities. It would seem to me to be especially important to enable users to disable this automatic registration and delete this information and also not have it happen again for that site, etc. This sounds a bit complicated, but cookies might provide a model. I am instinctively reluctant to things that happen silently, but I support the goal of making registration painless. 

There may also be some interesting curation opportunities, including by the browser. But imagine I can visit a site I trust that (like linkedin, twitter, etc.) lets me register a bunch of payment apps easily that I might want to try out. 

Summary:
 * It seems inevitable that the browser needs to know payment app metadata.
 * They might know about that metadata a priori ("browser recommended payment apps") or from merchant recommendations. 
 * They might learn about the metadata through user action, but as part of another process (e.g., native app installation).
 * They might learn about the metadata through explicit user action ("register me!")

Ian

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/8#issuecomment-234396792

Received on Thursday, 21 July 2016 21:58:46 UTC