- From: Adrian Hope-Bailie <notifications@github.com>
- Date: Thu, 07 Dec 2017 00:38:00 -0800
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 December 2017 08:38:24 UTC
@ianbjacobs I think the risk is lower here because we are not sharing the data with the merchant until the user selects an address and it gets sent so they can calculate shipping. That said, how does the payment handler know (without revealing data about the user) if they can trust this merchant with the address data? I think this is less risky if we redact the address data as proposed in https://github.com/w3c/payment-request/issues/648 @rsolomakhin What happens if the browser has no addresses so the default selected address is one provided by a payment handler? I assume this needs to immediately be passed to the merchant to calculate shipping? I think we'd need some explicit language that says: 1. There is no selected address in this case and the user must explicitly select the address before it is passed to the merchant 2. The user is able to see where that address comes from so they know how to edit/delete it if it is wrong -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/issues/123#issuecomment-349899426
Received on Thursday, 7 December 2017 08:38:24 UTC