The problem with the spec as written is that it doesn't require capture of all the fields that are necessary to make a payment in most common use cases. Therefore the payment application (or browser) needs to have the knowledge in it to decide what to capture, however this is not captured in the specification at all. On the flip side, the payment applications doesn't have all the context to decide what the merchant needs to complete the payment, commonly this is dictated by if the merchant has Address Verfication or CSC checking enabled, so the payment app needs to play it safe in the absence of this information and assume it needs to capture this data, which could be considered a privacy concern. (see issues #5). My proposal would be: 1. Highlight in the spec that different instruments have different data 2. Make the payment application responsible for understanding that and by default returning all the data that may be needed for a payment 3. Allow the merchant to specify in the paymentrequest a set of fields that it doesn't want (most usually y billing address and/or CSC) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-card/issues/26#issuecomment-291110514
Received on Monday, 3 April 2017 10:55:23 UTC