Re: [w3c/payment-handler] What happens when clearing site data? (#236) from Jake Archibald on 2017-12-05 (public-webpayments-specs@w3.org from December 2017)

From: Jake Archibald <notifications@github.com>
Date: Tue, 05 Dec 2017 09:02:34 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/236/349239515@github.com>

If `PaymentInstruments` is a persistent store, associated with the origin, that the origin can freely read/write to, surely it must be cleared along with other origin storage. Otherwise, you've just created a clear-site-data workaround.

> they clear their cookies/site data, etc. Then the next time they go to pay for something, they have no payment options and are either confused or frustrated (or both).

You have to also consider the frustration/confusion of "I cleared the site data for shittyPaymentsCorp but they still know who I am when I visit! Why can't I actually clear site data?"

You need to decide what a payment instrument is. Is it:

* **A general payment method owned by the user.** In which case it's similar to how Chrome stores card details today. It isn't origin specific, so it's reasonable to live beyond clearing site data. However, origins must not be able to read/write to this collection. Instead, an individual entry should be offered following user permission.
* **A payment method owned by the user, recorded by the origin.** In which case it's similar to iDB. The origin can inspect & modify the collection, but it must be cleared along with site data.
* **A payment method owned by the user, recorded by the payment handler.** In which case it's similar to push message registrations, which are stored with the service worker registration. This means each payment handler has its own store, the origin can inspect & modify the collection, but it must be cleared along with service worker unregistration.

In the cases where the origin can inspect/modify the collection, it can sync the data with a server.

It's possible to have both a browser-wide store, and a site-related store. The user could transfer items from the global store to the site, similar to how card autocomplete works today.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/236#issuecomment-349239515

Received on Tuesday, 5 December 2017 09:02:58 UTC