- From: ianbjacobs <notifications@github.com>
- Date: Fri, 20 Jan 2017 12:16:32 -0800
- To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments-payment-apps-api/issues/92/274169377@github.com>
@rvm4, I realize through your question that up to now the assumption has been "anybody can recommend any app." The ways that the payment method owners and payment app providers can control their usage include (1) the payment method manifest (cf digital signatures etc.) and (2) running and notifying the user that the payment app cannot be used for payment (as we've discussed on this thread). Your point raises another possibility: that only some parties can recommend some payment apps. This could be done with some data provided by the app owner, along the lines of: * no-recommend-origins: Dear mediator, if this origin tries to recommend me, ignore it. * no-match-origins: Dear mediator, if this origin initiates a payment request, do not include me in the list of matching payment apps. (One could also imagine positive expressions of these values: include lists.) I would have concerns about the user silently losing the ability to use a payment app at a particular origin. However, if the user were able to control these lists, that might be interesting. Thus: * If the payment app wanted to prompt the user with a recommendation to ignore a site, the user could agree and the payment app could update the registration information to not recommend or not match. * If the user wanted to simply not see some payment apps for some origins to simplify their view, this could be one way of doing it. Comments very welcome! Ian -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/92#issuecomment-274169377
Received on Friday, 20 January 2017 20:17:29 UTC