- From: Danyao Wang <notifications@github.com>
- Date: Fri, 29 Jan 2021 14:01:37 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 29 January 2021 22:01:50 UTC
@hofman-stripe > _If_ we were to find a way to specify Payment Handlers in a way that data could be shared by the page with a handler before the user has expressed consent (e.g. to check for enrolled instrument), but prevent that handler to store or send any data anywhere (especially back to the page) until and unless the user has expressed consent, would that satisfy the text as proposed? IMHO, if we can ensure that the data shared with the handler never leaves the device, then it would satisfy the text. The challenge will be figuring out how to ensure the isolation, and that should be in scope for any design of payment handler technology, including Payment Handler API. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/936#issuecomment-770073739
Received on Friday, 29 January 2021 22:01:50 UTC