[w3c/payment-handler] Use payment method manifest for registration-time validation? (#248)

@rsolomakhin,

An idea came up in a conversation today: could browsers make use of manifest information at payment handler registration time, to prevent registration of unauthorized payment handlers for URL-based payment methods?

This makes a lot of sense to me, and sounds superior to leveraging the information at matching time (during a transaction). In particular, you could alert the user to unauthorized payment apps sooner, potentially preventing them from giving credentials to malicious payment app distributors. You can't prevent that completely (because "download" is different than "register") but it might help. It would also be an opportunity for a better user experience at registration (understanding why registration fails) rather than during a transaction.

Thoughts?

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/248

Received on Tuesday, 6 February 2018 21:16:15 UTC