>> I think this is up to us to define. We have introduced these names and icons, and it's up to us to define their entire life cycle.
>
> Can we spec it such that when the service worker is updated, the icons/other information will be updated as well?
My point is, I don't think we can even define how the browser gets the icons and labels without treading in dangerous security territory.
As a develop I can register a bunch of options that I want the user to be prompted with but ultimately, how those are rendered to the user is up to the browser. Will they have icons and labels at all?
Before we spend too many cycles figuring out how to specify the icons and labels let's agree that the browser will use them.
As a sidebar, and illustration of the security risks, PayPal is being phished extensively by scammers that have got SSL certs from LetsEncrypt and thereby showing the "green bar of safety" to users.
Any visual affirmation a user gets that a payment app published by a reputable brand should be carefully controlled, especially if it is shown inside browser generated UI.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/pull/104#issuecomment-284804388