- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 24 Feb 2014 06:06:49 -0500
- To: public-webpayments@w3.org
On 02/24/2014 03:42 AM, Mountie Lee wrote: > from the list of mechanisms requesting payment, the spec mentions > only "POST" which means webapp will lost control of app operation. Keep in mind that this specification outlines just one approach. There are other approaches that would allow the payment request to be digitally signed by the buyer and sent to the vendor/webapp. This would allow the web app to stay in control of the entire process. Also note that not many people have been asking for this sort of flow. The WebApp not being in control of the entire buy process is important because the approval of the payment should really be up to the buyer and payment processor, not the web app / vendor. If we approach the problem from this direction, it allows the payment processor to implement many other types of protection on the purchase (like two factor auth, biometrics, etc.) > if the payment vendor use DOMRequest, XHR, windows.postMessage or > other transmission mechanisms, we can expect some conflict with > spec. That's a bit too vague for me to follow. The POST will require a UI interaction between the buyer and payment processor, which means that DOMRequest and XHR can't be used (for the interactive portions anyway). windows.postMessage would probably be fine (depending on the implementation). The end result of the POST should be the following flow: 1. User Agent POSTs purchase request to payment processor. 2. Buyer is redirected to payment processor and approves/denies payment. 3. Digital receipt is created and is POSTed back to digital receipt service on vendor's site by the User Agent. This ensures that we can polyfill the process and bootstrap the ecosystem using Javascript while allowing browser vendors to add their own protection/enhancements to the buyflow in the future by providing native implementations of navigator.transact.pay(). -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Worlds First Web Payments Workshop http://www.w3.org/2013/10/payments/
Received on Monday, 24 February 2014 11:07:20 UTC