- From: Peter Saint-Andre <notifications@github.com>
- Date: Mon, 05 Mar 2018 18:41:43 +0000 (UTC)
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/issues/476/370519873@github.com>
@ianbjacobs What exactly is the "matching algorithm"? We say that "a user agent can limit matching ... to payment handlers from the same origin as a URL payment method identifier" but that doesn't fully specify how matching works or even what matching is. For instance, a possible rule might be "a match occurs if the payment handler was obtained from the same origin as a URL-based payment method identifier" (I'm not sure if that's quite right, e.g., does the user agent need to keep track of the origin from which each payment handler was obtained?). How does matching work for non-URL-based payment method identifiers? What is "payment method specific capability matching" (e.g., does the user agent need to modify its matching algorithm depending on the payment method being invoked)? What is "payment method manifest authorization" (pointing to https://www.w3.org/TR/payment-method-manifest/ would help) and how is that kind of authorization different from (or a kind of) matching as defined here? What does payment _handler_ matching mean for a supplementary technique like EMVCo 3-D Secure that doesn't necessarily even define a handler but instead piggybacks on other handlers (e.g., `tokenized-card`)? Although I realize that perhaps we need to figure some of this out over time, I'm also sensing quite a bit of ambiguity here that will make life harder for implementers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/476#issuecomment-370519873
Received on Monday, 5 March 2018 18:42:08 UTC