Re: [w3c/webpayments-payment-apps-api] Payment app identifier to manifest filename mapping (#48)

@jakearchibald 
> All of this depends on the intended user flow. If recommended payment apps can be registered via a special payments browser UI, there's a security concern as we're adding an origin level permission without ever showing the user the origin.

I don't think anyone would be against showing the origin of the recommended payment app along with the icon and label. If we prominently display the origin of each recommended payment app, does that take care of your security concerns, or is there more to it?

If you feel that the description in the current specification, on the subject of recommended payment apps, is a bit thin, then you're absolutely right. The reason for this is that we are in the middle of figuring out how everything is supposed to work. We have identified that there is a desire/need for something like recommended payment apps, but the fine details are left to be discussed. The good news is that we're discussing it right now, and I think we're getting somewhere :smile:

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/48#issuecomment-274795524

Received on Tuesday, 24 January 2017 12:54:52 UTC