- From: ianbjacobs <notifications@github.com>
- Date: Tue, 30 Jan 2018 13:05:31 -0800
- To: w3c/3ds <3ds@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/3ds/issues/1/361733909@github.com>
@marcoscaceres wrote: "It seems like you are navigating the payment sheet to another domain (like you are showing an iframe). Browser's won't do that." I would like to get a better understanding of that. In this case, the browser has handed control to the payment handler. The payment handler may open a window [1] for user interaction; now we are no longer in the sheet we are in a payment handler controlled window. I believe that in the call to open the window, the origin of the new browsing context has to be the same as that of the payment handler (service worker). Questions: * Can the user navigate to another origin within that window (e.g., via a link)? * Can the payment handler include content from another origin (e.g., in an iframe)? * Can the payment handler open another window (e.g., for authentication by another origin such as bank.com in [2])? I don't know enough about the origin requirements/limitations related to the payment handler window. Also, it seems we want to reuse the service worker open window algorithm [3] and I know even less about that. Also, are there any relevant learnings from Web Authentication [4]? Ian [1] https://w3c.github.io/payment-handler/#dfn-open-window-algorithm [2] https://github.com/lyra-labs/poc-w3c-webpayments/blob/master/sequence-diagram-PRAPI-3DS2-proposal-with-domain.png [3] https://www.w3.org/TR/service-workers-1/#clients-openwindow [4] https://www.w3.org/TR/webauthn/ -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/3ds/issues/1#issuecomment-361733909
Received on Tuesday, 30 January 2018 21:06:21 UTC