Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should the payment mediator pass all payment method data to the payment app or just relevant data? #157

Closed
adrianhopebailie opened this issue Apr 25, 2016 · 7 comments
Closed

Should the payment mediator pass all payment method data to the payment app or just relevant data? #157

adrianhopebailie opened this issue Apr 25, 2016 · 7 comments
Labels
Core Functionality help wanted Payment Apps Priority: High privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@adrianhopebailie
Copy link
Collaborator

Picked up from #154 where @ianbjacobs made the following assertion:

Once the user has chosen an app, the browser/mediator MUST NOT send more information than is necessary to the payment app for processing. The browser/mediator MUST NOT send the merchant's
full list of supported payment methods, or the optional data for irrelevant payment
methods.
@adrianhopebailie adrianhopebailie added question Core Functionality Doc:BrowserAPI Priority: Low privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. labels Apr 25, 2016
@dlongley
Copy link

I think all data should be passed. For example, if a browser is acting as a mediator, a user may want to install a Payment App that, itself, acts as a mediator for other Payment Apps. In this scenario, a user wants to use a Web-based payment mediator for some set of payment methods, that provides them with some benefits.

In another scenario, a Payment App may provide N ways to pay -- and only once that Payment App has launched will the user actually decide which method to pay with, based on some other kinds of information (eg: budgeting/whatever) that the app provides for them.

@dlongley
Copy link

In another scenario (likely a future case), a Payment App may allow a user to pay with more than one payment method at a time for a single request.

@ianbjacobs
Copy link
Collaborator

@dlongley,

My expectation is that through the dialog between mediator and user, the user's selected payment app will receive all the information that it needs. In the case (which I expect to be common at least initially) of a payment app that supports a small number of payment methods, the payment will will receive less information...but still all the information that it needs. In the case you describe, it sounds like the payment app would receive more information as a result of the dialog.

So I still think that amounts to the payment app receiving "necessary" information but no more.

Ian

@dlongley
Copy link

@ianbjacobs,

My expectation is that through the dialog between mediator and user, the user's selected payment app will receive all the information that it needs. In the case (which I expect to be common at least initially) of a payment app that supports a small number of payment methods, the payment will will receive less information...but still all the information that it needs. In the case you describe, it sounds like the payment app would receive more information as a result of the dialog.

I don't think the mediator necessarily knows all of the information that the Payment App needs. I think the mediator's only purpose is to help a user pick the Payment App to send the payment request message to.

What about the case that you don't know you want to use two payment methods until you've gotten to your Payment App and found out that an account for a particular payment method has insufficient funds ... but another method could supplement to fulfill the request? And so on.

I think the mediator role should just be considered a router -- it shouldn't get more invasive/controlling than that.

@adrianhopebailie
Copy link
Collaborator Author

Raised priority as this has relevance to #15 and #154

i.e. if the mediator is going to alter the input data anyway then there is not a strong argument to pass a complete payment request into the API as a single parameter

@adrianhopebailie adrianhopebailie added this to the 12 May milestone May 12, 2016
@adrianhopebailie
Copy link
Collaborator Author

Discussed during call on 12 May awaiting proposals to demonstrate both cases

@adrianhopebailie adrianhopebailie removed this from the 12 May milestone May 17, 2016
@ianbjacobs ianbjacobs mentioned this issue May 18, 2016
Closed
@adrianhopebailie adrianhopebailie modified the milestone: 26 May May 24, 2016
@adrianhopebailie adrianhopebailie removed this from the 26 May milestone Jun 15, 2016
@ianbjacobs
Copy link
Collaborator

Migrated:
w3c/payment-handler#2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Core Functionality help wanted Payment Apps Priority: High privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adrianhopebailie @dlongley @ianbjacobs