Re: [w3c/payment-method-basic-card] Connecting to payment handler. (#50) from Marcos Cáceres on 2018-03-27 (public-webpayments-specs@w3.org from March 2018)

From: Marcos Cáceres <notifications@github.com>
Date: Tue, 27 Mar 2018 02:28:14 +0000 (UTC)
To: w3c/payment-method-basic-card <payment-method-basic-card@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-method-basic-card/pull/50/review/107120853@github.com>
marcoscaceres requested changes on this pull request.

This is really good, because it gave us a chance to think through the integration properly. 

I've suggested some changes we want to make here, and proposed changes to the Payment Request API to match.

@rsolomakhin, @stpeter, please take a look at what I've proposed. Once we have agreement, I'll send a pull request to the Payment Request API. I'll work with @rsolomakhin to clean up this pull request.  

>          <a>BasicCardRequest</a> <var>data</var> are given by the following
-        algorithm. If the end user inputs or selects a <a>card</a> that meets
-        the constraints of <var>data</var>, the algorithm returns a card as a
-        <a>BasicCardResponse</a>.
+        algorithm. If the payee invokes
+        <code>paymentRequest.canMakePayment()</code> or

Let's not mention Payment Request here at all. Instead, we want `.canMakePayment()` and `show()` to link into here instead. 

As above, I'll note that we need to make running this algorithm optional for `.canMakePayment()` and `show()`. In Firefox (as in Safari), we might make this a user controlled preference for privacy reasons (basically, it just returns "true" always - irrespective of what cards the user has... so merchants can't snoop on our user's cards). 

> @@ -231,16 +231,44 @@ <h2>
         Interfacing with a payment handler
       </h2>
       <p>
-        The <dfn>steps to constrain a payment handler</dfn> with
+        The <dfn>steps to filter payment handlers</dfn> with
         <a>BasicCardRequest</a> <var>data</var> are given by the following

The hook for this occurs at [step 6.1](https://w3c.github.io/payment-request/#canmakepayment-method):
> For each methodData in request.[[serializedMethodData]]:
>   If methodData.supportedMethods is a supported payment method identifier (including its payment method specific capabilities), resolve promise with true, and abort this algorithm.

Which should become (in the PR API):
    
> For each `methodData` in request.[[serializedMethodData]]:
> 1. Let <var>pmi</var> be `methodData.supportedMethods`.
> 1. If <var>pmi</var> has no associated payment handler, continue.
> 1. If the user has configured the user agent to allow requests to be handled by the payment handler corresponding to <var>pmi</var>, resolve promise with `true`.
> Note: we add note about privacy. 
> 1. Otherwise, run the "steps to check instrument support" with `methodData` for <var>pmi</var>. If  "steps to check instrument support" return true, resolve `promise` with true. Otherwise, continue.  
> Resolve promise with false.


> @@ -231,16 +231,44 @@ <h2>
         Interfacing with a payment handler
       </h2>
       <p>
-        The <dfn>steps to constrain a payment handler</dfn> with
+        The <dfn>steps to filter payment handlers</dfn> with

We probably want to call this "steps to check instrument support". We are not filtering "payment handlers", but rather, the instruments by capabilities. 

>        </p>
       <ol class="algorithm" data-link-for="BasicCardResponse">
         <li data-link-for="BasicCardRequest">Let <var>requestedNetworks</var>
-        be the result of filtering <var>data</var>["<a>supportedNetworks</a>"]
-        for <a>networks</a> that are <a>known</a> by this payment handler.
+        be <var>data</var>["<a>supportedNetworks</a>"].
+        </li>
+        <li data-link-for="BasicCardRequest">Let <var>requestedTypes</var> be
+        <var>data</var>["<a>supportedTypes</a>"].
+        </li>
+        <li>If the <a>primary account number</a> is not from one of the

We should say:

> For each <var>card</var> of the user's <a>cards</a>: 
>  1. if <var>card</var>'s <a>type</a> ...
>  1. if <var>card</var>'s <a>network</a>...

We don't need to talk about the "primary account number" because the concept of "network" should state that it's derived from the "primary account number"'s BIN.

> +        </li>
+        <li>If the <a>primary account number</a> is not from one of the
+        <a>networks</a> in <var>requestedNetworks</var> and
+        <var>requestedNetworks</var> is not empty, return <code>false</code>.
+        </li>
+        <li>Otherwise, if the <a>primary account number</a> is not from one of
+        the <a>types</a> in <var>requestedTypes</var> and
+        <var>requestedTypes</var> is not empty, return <code>false</code>.
+        </li>
+        <li>Otherwise, return <code>true</code>.
+        </li>
+      </ol>
+      <p>
+        The <dfn>steps to select a payment handler</dfn> are given by the
+        following algorithm. If the end user inputs or selects a <a>card</a>
+        that meets the constraints of <var>data</var>, the algorithm returns a

Nit: `<var>data</var>` should be `<a>BasicCardRequest</a> <var>data</var>`

> +        <li data-link-for="BasicCardRequest">Let <var>requestedTypes</var> be
+        <var>data</var>["<a>supportedTypes</a>"].
+        </li>
+        <li>If the <a>primary account number</a> is not from one of the
+        <a>networks</a> in <var>requestedNetworks</var> and
+        <var>requestedNetworks</var> is not empty, return <code>false</code>.
+        </li>
+        <li>Otherwise, if the <a>primary account number</a> is not from one of
+        the <a>types</a> in <var>requestedTypes</var> and
+        <var>requestedTypes</var> is not empty, return <code>false</code>.
+        </li>
+        <li>Otherwise, return <code>true</code>.
+        </li>
+      </ol>
+      <p>
+        The <dfn>steps to select a payment handler</dfn> are given by the

These are really the "steps to respond to a payment request". 

In Payment Request API, in [17.4 User accepts the payment request algorithm](https://w3c.github.io/payment-request/#user-accepts-the-payment-request-algorithm)  

We need to change: 

> 8. Set the details attribute value of response to an object containing the payment method specific object that will be used by the merchant to process or validate the transaction. The format of this response will be defined for each payment method.

To:

> 8. Set the details attribute value of response the result of running "steps to respond to a payment request" for the payment handler that is handling this request for payment. That will result in a payment-method specific object that is used by the merchant to process or validate the transaction. The format of this response is defined for each payment method (e.g., see "steps to respond to a payment request in [[!Payment-Method-Basic-Card]]).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/pull/50#pullrequestreview-107120853
Received on Tuesday, 27 March 2018 02:28:41 UTC