Comments (8)
ianbjacobs
commented on May 18, 2024
Centralized registration data is convenient but IMO not mandatory for v1.
Could be done with a centralized payment app manager that invokes the API? The user tells the payment app manager: "Please keep the following browsers I have installed aware of my payment apps" and the manager invokes the API for each browser.
Ian
from payment-request.
mattsaxon
commented on May 18, 2024
@adrianhopebailie, re: comment on PR #73 I think this depends on the view of the WG with regard to the following statement in the Architecture document
We expect that user agents will primarily act as payment mediators in this architecture.
This really is saying that browser will act as payment mediators, but I believe we should be allowing ,in the architecture, for a way for a user-agent to delegate to a 3rd party mediator. Furthermore the allowance for a user to choose to register a 3rd party mediator could be part of the conformance to the specification. This would create a more open ecosystem.
If we interpret the statement literally, whilst browser may be the "primary mediator", we must, to fulfil the architecture allow for an extensibility mechanism as I describe above, i.e. to enable non-primary mediators.
from payment-request.
ianbjacobs
commented on May 18, 2024
It is already the case that any piece of software could implement the API. You could be in the middle of your favorite photo editing tool and pay for some filters using the API if the photo editing tool supports the API.
Delegation of the mediator role does not seem to me to be a v1 feature in any case.
Ian
from payment-request.
mattsaxon
commented on May 18, 2024
I'm suggesting that user-agent and mediator in the architecture are different actors and we should define an interface between them.
from payment-request.
mattsaxon
commented on May 18, 2024
I'd be happy with this not being V1 though, but we really do need to update our (the IG) use cases documents to track these V2+ items. Or create an alternative approach to tracking requirements.
from payment-request.
adrianhopebailie
commented on May 18, 2024
I'm suggesting that user-agent and mediator in the architecture are different actors and we should define an interface between them.
I would state this differently. User agent and mediator are different roles and may be different actors depending on the deployment scenario. I think that in the traditional web browser scenario that the user agent and mediator will be the same actor and we don't need to define an interface between them.
That is not to say that browsers may not provide an extension point to allow users to use a different external mediator however I don't think we can mandate this in the spec any more than we can mandate that browsers allow any other extension.
I'd like the HTTP interfaces to be defined for both mediators and apps and then if a browser offered the ability to configure an external mediator they'd likely use the HTTP interface.
from payment-request.
ianbjacobs
commented on May 18, 2024
In the extensibility notes [1], Manu indicated that ";While it's true that sharing of registration information is not required with other mediators, that said, centralizing the information isn't the only way to solve the problem. Not saying we can do this for v1, but I think we should be strongly opposed to centralized solutions unless there is no other viable alternative."
Consequently, I am closing this issue which is about "shared between different browser brands".
@msporny, are you ok if we raise a different issue about how mediators remain aware of updates to payment apps?
UPDATE: We have an issue on this already:
w3c/webpayments#111
Ian
[1] https://github.com/w3c/webpayments/wiki/Extensibility_Notes
from payment-request.
burdges
commented on May 18, 2024
I missed this issue before, but I should point out :
There is a serious security threat in sharing payment app registrations between different browsers and different profiles of the same browsers because people do manage their web exposure by using different browsers. It's easy to click too far through common menus and accidentally reveal a shipping address to a site that you want to buy from but must not learn your address.
Examples :
- It's not so strange to configure different browsers differently, or use browser profiles, for different sorts of activities, like to isolate Google+, Gmail, etc. from Google Maps.
- Anyone using Tor Browser probably has a normal browsers they use in special contexts.
- It's reasonable to imagine a family machine separating users using browser profiles instead of system users.
from payment-request.
Related Issues (20)
- User activation et webauthn HOT 3
- PaymentRequest critical data HOT 2
- payment method data storage
- PaymentRequest api on Safari/IOS v15.6.4 HOT 1
- Localization and string metadata for descriptions HOT 16
- ISO 4217 note commentary HOT 6
- Non-US examples HOT 2
- Localizability of errors HOT 6
- Note about localization of payment sheet HOT 2
- Remove "standardized payment method identifier" content HOT 3
- window.PaymentRequest returns undefined randomly HOT 1
- Use "registrable domain" instead of "eTLD+1"
- Istanbul
- Custom .data validation during construction of PaymentRequest HOT 1
- Mine
- Allow custom data for the active payment method to be provided to `PaymentResponse.prototype.complete` HOT 12
- .hasEnrolledInstrument() throws exception "NotAllowedError: Exceeded query quota for hasEnrolledInstrument" HOT 1
- Manually trigger payment event. HOT 2
- is PaymentRequestUpdateEvent still needed?
- "current settings object's relevant global object" is not defined
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from payment-request.