- From: Marcos Cáceres <notifications@github.com>
- Date: Sun, 04 Feb 2018 21:17:48 -0800
- To: w3c/3ds <3ds@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/3ds/issues/1/362984106@github.com>
I wrote: > "It seems like you are navigating the payment sheet to another domain (like you are showing an iframe). Browser's won't do that." Let me clarify - the payment sheet displayed to the user is a "privileged security context": we cannot insert any iframes or html into it. Think of it like a native app - you can pass it data (e.g., JSON or an IDL Dictionary), but definitely not HTML, and definitely can't display an iframe. > In this case, the browser has handed control to the payment handler. The payment handler may open a window [1] for user interaction; @ianbjacobs, @romandev, respectfully, I would like us to work through this without bringing in the Payment Request API or any API (we are not there yet, but soon!) - let's focus on the core use case of what we want to solve from a user-flow/user experience perspective. Thus, Let's put PR API aside and focus on Basic Card (not the API, but just on "I have a credit card, I wanna buy a thing!"), as 3DS has most immediate relevance there. If we are just going to be opening new windows/tabs, etc. then they user experience is going to be confusing to users (and no better than what we have today!). Ideally, we want the payment sheet to perform the 3DS second factor authentication, right? @glelouarn, wrote: > Simplest answer at a browser point of view is that it get the URL from the merchant. Ok, there are two options here: 1. the merchant can pass the URL. 1. the browser could hold something like https://www.bindb.com, no? We already need to ship a subset of that identify the type of card (i.e., "is it credit, debit, prepaid? what's the network?" ) . You are correct that 1 (merchant passes the URL) would be easier, and it's already what is expected by 3DS, right? So, let's continue from here: 1. Does the merchant need to be holding the user's credit card number to determine the 3DS URL? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/3ds/issues/1#issuecomment-362984106
Received on Monday, 5 February 2018 05:18:11 UTC