Re: [w3c/payment-handler] topLevelOrigin is a weird name (#259)

Some more context...

The PH needs to know:
1. So it can present this to the user during the authorization of the payment and/or make risk or business process related decisions about the payee (are they blacklisted? are they a specific category of merchant that is restricted? does the user have a discount coupon for this merchant? etc)
2. So it can make risk decisions regarding the payment itself and the user's privacy (do I trust this processor for this payment method? do I need to sign/encrypt the payment response and if so how? etc)

For some use cases simply requiring the origin will not be enough. If we can safely say that knowing the origin is not enough for any of these use cases then maybe we can take this out? 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/259#issuecomment-379905481

Received on Monday, 9 April 2018 21:52:42 UTC