> I'm absolutely not proposing we would do that. I'm just proposing we use the PaymentRequest/PaymentResponse primitives in the service workers.
Actually i think you are. The PaymentRequest object contains all of the method specific data for all payment methods accepted by a website. It contains information that the merchant may not have intended any app except one that is permitted by the payment method to receive.
Example:
Bobpay.com can declare in it's manifest that only the Bobpay app can process payment requests for the payment method bobpay.com.
Fred installs a new payment app called OtherPay which supports basic-card payments.
Fred visits a website that supports bobpay.com and basic-card payments.
The payment request that is passed to the browser contains the bobpay.com payment method details including a merchant identifier etc.
Fred chooses to pay with OtherPay (he's never even heard of bobpay.com) so the request is passed to the OtherPay app which sees the bobpay.com data and stores this in it's competitor analysis system. Yay free competitor information!
This is the crux of #2 which provides good background to why the group took this decision.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/99#issuecomment-274953369