Re: [w3c/payment-request] Suggested emphasis of privacy protections (#628)

> @marcoscaceres - creating an api that includes the private data in the first place is not all you can do to protect privacy, you can not include it in the first place. The PaymentResponse (which is what I believe the payment handler would get)

They get a `PaymentRequest`, and they send back a `PaymentResponse`. No biggy tho. 

> doesn't need to have the fields and you can explicitly make it clear in the spec that payment processors should never get this data.

Yeah, that's already the design in Payment Handler spec. However, third-party payment handlers is different.  
 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/628#issuecomment-331797859

Received on Monday, 25 September 2017 07:23:54 UTC