Re: [w3c/webpayments-payment-apps-api] Multiple payment apps per origin (#98) from Adrian Hope-Bailie on 2017-01-25 (public-webpayments-specs@w3.org from January 2017)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Tue, 24 Jan 2017 23:27:05 -0800
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/98/275037783@github.com>

We must differentiate between the permission a user grants to an origin to "handle payment requests" and the ability of a payment app (a Service Worker with a scope under that origin) to handle payment requests for a specific payment methods.

Therefor there are two things that happen:

  1. An origin requests and is granted/denied permission to handle payment requests
  2. A payment app notifies the browser that it can handle payments for  a specific payment method

I think we must still decide if 2. requires user consent, this feels like a separate issue.

Concrete proposal to close THIS issue:

  1. Update the registration process to explicitly ask the user if they grant permission for the calling origin to handle payment requests (similar to existing permission requests like location etc)
  2. Resolve whether or not a user must consent to a payment app altering the set of payment methods it supports.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/98#issuecomment-275037783

Received on Wednesday, 25 January 2017 07:27:39 UTC