-
Notifications
You must be signed in to change notification settings - Fork 20
/
index.html
345 lines (343 loc) · 11.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
<!DOCTYPE html>
<html>
<head>
<title>
Payment Method Identifiers
</title>
<meta charset='utf-8'>
<script src='https://www.w3.org/Tools/respec/respec-w3c' async class=
'remove'></script>
<script class='remove'>
var respecConfig = {
shortName: 'payment-method-id',
github: "w3c/payment-method-id",
specStatus: "ED",
group: "payments",
formerEditors: [
{
name: "Adrian Bateman",
company: "Microsoft Corporation",
w3cid: 42763,
},
{
name: "Domenic Denicola",
company: "Google",
w3cid: 52873,
},
{
name: "Zach Koch",
company: "Google",
w3cid: 76588,
},
{
name: "Roy McElmurry",
company: "Facebook",
w3cid: 88345,
},
],
editors: [
{
name: "Marcos Cáceres",
company: "Apple Inc.",
companyURL: "https://www.apple.com/",
w3cid: 39125,
},
],
crEnd: "2019-10-01",
prEnd: "2021-10-28",
previousMaturity: "PER",
previousPublishDate: "2021-09-30",
errata: "https://www.w3.org/Payments/WG/errata.html",
implementationReportURI: "https://w3c.github.io/test-results/payment-method-id/all.html",
// We can only indirectly test conformance, so we rely on certain tests
// in the Payment Request API.
testSuiteURI: "https://wpt.live/payment-method-id/",
xref: ["URL", "HTML", "FETCH", "INFRA"]
};
</script>
</head>
<body>
<section id='abstract'>
<p>
This specification defines payment method identifiers and how they are
validated, and, where applicable, minted and formally registered with
the <a href="https://www.w3.org/">W3C</a>. Other specifications (e.g.,
the [[[payment-request]]]) make use of these identifiers to facilitate
monetary transactions on the web platform.
</p>
</section>
<section id='sotd' class="updateable-rec">
<p>
The working group demonstrates implementation experience by producing
an <a href=
"https://w3c.github.io/test-results/payment-method-id/all.html">implementation
report</a>. The report shows two or more independent implementations
passing each mandatory test in the <a href=
"https://wpt.live/payment-method-id/">test suite</a> (i.e., each test
corresponds to a MUST requirement of the specification).
</p>
<p>
There has been no change in dependencies on other workings groups
during the development of this specification.
</p>
</section>
<section>
<h2>
Payment method identifiers (PMIs)
</h2>
<p>
A <dfn data-abbr="PMI" data-export="">payment method identifier</dfn>
is either a:
</p>
<ul>
<li>[=URL-based payment method identifier=],
</li>
<li>or a [=standardized payment method identifier=].
</li>
</ul>
<section>
<h3>
Validity
</h3>
<p>
Specifications that rely on [=payment method identifiers=] MUST
specify their own rules for handling invalid payment method
identifiers.
</p>
<p>
The steps to <dfn data-export="">validate a payment method
identifier</dfn> with a string |pmi:string| are given by the
following algorithm. It returns true if the |pmi| is valid.
</p>
<ol class="algorithm">
<li>Let |url:URL| be the result of running the [=basic URL parser=]
with |pmi|.
</li>
<li>If |url| is failure, [=validate a standardized payment method
identifier=] with |pmi| and return the result.
</li>
<li>Otherwise, [=validate a URL-based payment method identifier=]
passing |url| and return the result.
</li>
</ol>
</section>
</section>
<section>
<h2>
URL-based payment method identifiers
</h2>
<p>
A <dfn data-export="">URL-based payment method identifier</dfn> is a
[=URL=] that is valid as per the steps to [=validate a URL-based
payment method identifier=].
</p>
<div class="note">
<p>
Developers wanting to use a URL-based payment method identifier for a
third party payment handler are encouraged to read the <a href=
"https://github.com/w3c/payment-request-info/wiki/PaymentMethodPractice">
Payment Method Best Practice</a> document.
</p>
</div>
<section>
<h2>
Validation
</h2>
<p>
The steps to <dfn data-export="">validate a URL-based payment method
identifier</dfn> are given by the following algorithm. The algorithm
takes a [=URL=] |url:URL| as input and returns true if the URL is
valid:
</p>
<ol class="algorithm">
<li>If |url|'s [=url/scheme=] is not "https", return false.
</li>
<li>If |url|'s [=url/username=] or [=url/password=] is not the empty
string, return false.
</li>
<li>Otherwise, return true.
</li>
</ol>
<pre class="example js" title="valid and invalid URL-based PMIs">
const valid = [
{
supportedMethods: "https://example.com/pay",
},
{
supportedMethods: "https://example.com/pay?version=1",
},
{
supportedMethods: "https://example.com/pay/version/1",
},
];
const invalid = [
{
// ❌ Uses http://, a username, and a password.
supportedMethods: "http://username:password@example.com/pay",
},
{
// ❌ Uses unknown URI scheme.
supportedMethods: "unknown://example.com/pay",
},
];
</pre>
</section>
<section>
<h2>
Comparison
</h2>
<p data-tests="payment-request-ctor-pmi-handling.https.sub.html">
User agents MUST perform comparisons of [=URL-based payment method
identifiers=] using [[URL]]'s [=URL/equal=].
</p>
</section>
<section>
<h2>
Fetching (dereferencing)
</h2>
<p>
It is OPTIONAL for user agents to [=fetch=] a [=URL-based payment
method identifier=].
</p>
</section>
</section>
<section>
<h2>
Standardized payment method identifiers
</h2>
<p>
A <dfn data-export="">standardized payment method identifier</dfn> is a
string that represents a [=standardized payment method=].
</p>
<p>
The <dfn>syntax of a standardized payment method identifier</dfn> is
given by the following [[ABNF]]:
</p>
<pre class="ABFN">
stdpmi = part *( "-" part )
part = 1loweralpha *( DIGIT / loweralpha )
loweralpha = %x61-7A
</pre>
<p>
User agents MAY support zero or more [=standardized payment method
identifiers=] listed in section [[[#registry]]].
</p>
<section>
<h2>
Validity
</h2>
<p>
The steps to <dfn>validate a standardized payment method
identifier</dfn> are given by the following algorithm. The algorithm
takes a |string:string| as input and returns true if the identifier
is valid:
</p>
<ol class="algorithm">
<li>Return true if |string| conforms to the [=syntax of a
standardized payment method identifier=]. Otherwise, return false.
</li>
</ol>
<aside class="note">
<p>
When used in an API, the following method identifiers are all
ignored by the user agent. Some user agents might inform developers
that identifiers are invalid to help them fix issues.
</p>
<p>
The example below refers to the "basic-card" standardized payment
method identifier. Although the Web Payments Working Group has
discontinued that work, the identifier serves here as an example.
</p>
<pre class="example" title="Valid and invalid identifiers">
const valid = [
{
supportedMethods: "basic-card",
},
];
const invalid = [
{
// ❌ Contains Unicode character outside the valid ranges.
supportedMethods: "basic-💳",
},
{
// ❌ Contains uppercase characters.
supportedMethods: "Basic-Card",
},
{
// ❌ Contains Unicode characters outside the valid ranges.
supportedMethods: "¡basic-*-card!",
},
];
</pre>
</aside>
</section>
<section>
<h2>
Comparison
</h2>
<p data-tests="payment-request-ctor-pmi-handling.https.sub.html">
For [=standardized payment method identifiers=], user agents MUST
perform string comparisons using [=string/is=].
</p>
</section>
</section>
<section class="informative" id="registry">
<h3>
Registry of standardized payment methods
</h3>
<aside class="note">
<p>
There is no need to register a [=URL-based payment method
identifier=].
</p>
<p>
Organizations seeking to mint a new identifier for a payment method
are encouraged to <a href="https://www.w3.org/Consortium/join">join
the W3C</a> and follow the <a href=
"https://www.w3.org/Consortium/Process/">W3C process</a>.
</p>
</aside>
<p>
A <dfn>standardized payment method</dfn> is a payment method that has
undergone standardization at the W3C, and is listed in this registry.
</p>
<p>
At this time there are no [=standardized payment method identifiers=].
</p>
</section>
<section class="informative">
<h2>
URL-based PMI and third-party payment handlers
</h2>
<p>
Developers wanting to use a URL-based payment method identifier for a
third party payment handler are encouraged to read the
[[[payment-method-manifest]]] specification and the <a href=
"https://github.com/w3c/payment-request-info/wiki/PaymentMethodPractice">
Payment Method Best Practice</a> wiki page. Together, these documents
describe how to manage the ecosystem of authorized payment handlers for
a payment method, including just-in-time payment handler installation
by the browser.
</p>
</section>
<section>
<h2>
Security considerations
</h2>
<p>
This specification does not introduce any new security considerations.
</p>
</section>
<section>
<h2>
Privacy considerations
</h2>
<p>
There are no known privacy or security concerns to be taken into
considerations at this time.
</p>
</section>
<section id="conformance"></section>
<section id="index"></section>
</body>
</html>