@adrianhopebailie --
> One way to counter this is to only allow the request to specify a "wildcard". i.e. A merchant can submit a request with the method bobpay.com and no filters and this will match a payment app that is registered to handle the bobpay.com payment method but does have additional filters specified.
I'll note that the algorithm I sketch out has this exact property: if a merchant specifies a filter, then the payment app must have a matching capability. If the payment app has a capability that the merchant hasn't requested, that makes no difference.
Also, I think it muddies the conversation to think of these as "filters" on the app side -- they're capabilities. The merchant is specifying a _filter_ that demands certain _capabilities_ of payment apps in order for those apps to match. If you think of them in that way, it makes it much easier to see how they should interact.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/96#issuecomment-276486592