- From: Mark Richards <notifications@github.com>
- Date: Mon, 25 Sep 2017 12:58:07 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/issues/632/331994376@github.com>
Great to see there's been an assessment, but it doesn't seem to include the risks regarding payment descriptions (what people buy), so it needs some work. The security and privacy assessment also has open issues still cited against it. For shipping details it doesn't consider the use case that the recipient may not be the payer and the payer may not be legally be allowed to share the recipient information (ie: an employer in a trusted position, purchasing an item for an employee or someone buying items for a friend's daughter). It would appear that the security and privacy assessment needs to be upgraded with consideration for not just PCI-DSS but for wider privacy law. I would advise that to do this, personas are created (https://www.agilealliance.org/glossary/personas/) based on a matrix considering some at risk use cases (like minors, professions, demographic groups). The personas should explain the context of their risk. - minor: unable to give consent in some countries, may need delegated consent - professions: military, journalists, lawyers, doctors, etc may wish to hide information about what they are buying for other people, themselves or where they are. - demographic groups: if purchasing products for a religious occasion, like a gay wedding is it safe to have data on what was bought and who the recipient is? - average user: least concerns, but may have less regular privacy concerns like insurance/healthcare/medicinal services, official documents (passports), etc There should also be an items matrix, perhaps including items that would be sensitive to the personas and also a discovery exercise to establish whether there are any other considerations: court fines/bail bonds, sexual products, etc. Apply the two matrices in the context of what information is included in the display details, the requests and responses and what is available to third party scripts running in the user agent (service workers?). Then with some legal help, get the matrices cross-referenced with international privacy laws and hopefully if you care about privacy someone like the ACLU, EFF, ORG, ICO, etc to identify what needs to be protected. Then you have a requirements list to redefine your security and privacy assessment by and to improve on it until it is compliant. Then you can fix this spec. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/632#issuecomment-331994376
Received on Monday, 25 September 2017 19:58:46 UTC