-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should merchants be able to limit matching to trusted apps? #1
Comments
At the 10 August 2016 app task force call, the consensus was that we should not support merchant-specified app filtering. Ian plans to update the draft spec accordingly. |
adamroach
added a commit
that referenced
this issue
Aug 16, 2016
Merge pull request #25 from adamroach/gh-pages
I am adding to this issue some data from recent discussions:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From @ianbjacobs at w3c/webpayments#168
A new topic was raised at the July FTF meeting about merchant trust of payment apps. Today, merchants that support payment methods in checkout have established a relationship with all the parties (e.g., paypal) that might be involved in completing a payment. In the world of payment request API and third party payment apps, that could change:
I strongly support our effort to create an open ecosystem for third party apps. However, if it is the case that merchants might be reluctant to adopt the API because of concerns about not knowing the exact user experience in some cases, then we should try to address those concerns.
One idea for doing so extends the idea of "recommended payment app" that is discussed in the Payment App API [1]. As a reminder, we introduced this concept to help enable a smooth experience for installing payment apps, and also to help bootstrap the system when people don't yet have payment apps installed.
If we agree it is useful to codify the idea of "identifying payment apps" then another use of the mechanism would be to enable the merchant to express payment app preferences. Here is an example of the sort of algorithm we could consider to balance merchant and user preferences:
One way to "identify payment apps" is by origin (domain name). This has the advantage
of simplicity and extensibility. My hope is that merchants will say "I just need to know that
CompanyX published the App; I don't need to know specifics about the app" and that origin
is a sufficient piece of information. We could, of course, increase granularity by allowing people to identify apps (and specific versions) with URLs; that may increase brittleness at the same time (e.g., around case sensitivity, trailing slashes, etc.).
The text was updated successfully, but these errors were encountered: