Re: [w3c/webpayments-crypto] Mapping between claims and response data elements (#13) from Adrian Hope-Bailie on 2018-06-01 (public-webpayments-specs@w3.org from June 2018)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Thu, 31 May 2018 18:08:22 -0700
To: w3c/webpayments-crypto <webpayments-crypto@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-crypto/issues/13/393728431@github.com>

## PROPOSAL

As suggested above I believe we should move away from using individual claims for each data element as this places additional requirements on payment method specs to define mappings between data elements and claims.

Rather, I propose that we define a single claim that can be used by all payment methods to hold their response data as a JSON string. This can be called `payment_response` and registered in IANA's [JWT claims registry](https://www.iana.org/assignments/jwt/jwt.xhtml).

Payment methods that wish to map specific data to claims (perhaps because they are using an existing, claims based system or well-known claims) can still do so but for payment methods that don't have this requirement they can simply define the schema of the response object.

Here is an example of definitions that might appear in an 'encrypted-card' spec.

The request is similar to 'basic-card' but includes an element for the website to specify the key to use for encryption (Note, the specifics of key exchange are still TBD).

```
dictionary EncryptedCardRequest {
  sequence<DOMString> supportedNetworks;
  sequence<BasicCardType> supportedTypes;
  required DOMString keyProviderURL;
};
```

The response provides display data and an element that holds the JWE

```
dictionary EncryptedCardResponse {
  DOMString displayMaskedCard;
  DOMString displayLast4;
  required DOMString displayExpiryMonth;
  required DOMString displayExpiryYear;
  required DOMString displayNetwork;
  required DOMString encryptedCard;
};
```
When the JWE is decrypted there will be a custom claim called `payment_response` which will be a JSON object that follows the following schema:

```
dictionary EncryptedCard {
  required DOMString       cardNumber;
  DOMString       cardholderName;
  DOMString       cardSecurityCode;
  DOMString       expiryMonth;
  DOMString       expiryYear;
  PaymentAddress? billingAddress;
};
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-crypto/issues/13#issuecomment-393728431

Received on Friday, 1 June 2018 01:08:53 UTC