From 06cd7c1bdcca34ec903494db39cf68b9e81fb183 Mon Sep 17 00:00:00 2001
From: Ian Jacobs <ij@w3.org>
Date: Wed, 10 Aug 2016 13:46:46 -0500
Subject: [PATCH 1/2] Removed concept of accepted payment app

Per 10 Aug discussion at payment app task force call
---
 index.html | 27 +++++++--------------------
 1 file changed, 7 insertions(+), 20 deletions(-)

diff --git a/index.html b/index.html
index 32dff1c..9c14508 100644
--- a/index.html
+++ b/index.html
@@ -278,24 +278,18 @@ <h3>Decoupling and Trust</h3>
 <li>    A goal of this system is to decouple the payment methods used to pay from the software (payment apps) that implement those payment methods. By decoupling, merchants (and their payment service providers) can lower the cost of creating a checkout experience, users can have more choice in the software they use to pay, and payment app providers can innovate without imposing an integration burden on merchants.</li>
 <li>    Users may choose to use "open" or "proprietary" payment methods, so the payment app ecosystem must support both. Users must be able to register payment apps of their choosing. We expect the user to have greater choice of third party payment apps for open payment methods than for proprietary payment methods. Examples of open payment methods include card payment and SEPA credit transfer.</li>
 <li>    For privacy, the design should limit information about the user's environment available to merchant without user consent. That includes which payment apps the user has registered. For open payment methods, the merchant should not receive information about which payment app the user selected to pay unless the user consents to share that information. See <a href="https://github.com/w3c/browser-payment-api/issues/224">issue 224</a> for discussion about how merchant may track progress of a push payment.</li>
-<li>    Although decoupling relieves merchants of implementing some aspects of the checkout experience, one consequence is that they give up some degree of control. This was already the case for proprietary payment methods, but for open payment methods such as cards, merchants (or their PSPs) will be entrusting some portion of data collection to third party payment apps, without knowing which app the user will select.</li>
-<li>    We recognize, therefore, a tension between user preferences (e.g., registered payment apps, ordering of display of payment apps, etc.) and merchant preferences (e.g., control of the user experience previously implemented in a Web page, ordering of payment apps, presence of merchant's own payment app, etc.).</li>
-<li>    The design should address this tension by enabling the merchant to express preferences for both payment methods and payment apps. The design should not constrain how browsers make use of these preferences, only provide guidance to browser vendors about taking into account both merchant and user preferences.</li>
-<li>    Here are preferences the system might support:
+<li>    Although decoupling relieves merchants of implementing some aspects of the checkout experience, one consequence is that they give up some degree of control. This was already the case for proprietary payment methods, but for open payment methods such as cards, merchants (or their PSPs) will be entrusting some portion of data collection to third party payment apps.</li>
+<li>The design therefore includes support for merchants to recommend payment apps and suggest the ordering of payment methods. The design should endeavor not to constrain how browsers make use of this information, only provide guidance to browser makers about taking into account both merchant and user preferences.</li>
+<li>Here are preferences the system might support:
   <ul>
 <li>        Accepted payment methods (payment methods the merchant accepts, and no others may be used; part of payment request API)</li>
 <li>        Preferred payment methods (merchant-specified order part of payment request API)</li>
 <li>        Recommended payment apps (payment apps the merchant prefers, but others may be used)</li>
-<li>        Accepted payment apps (payment apps the merchant accepts, and no others may be used). Note that this is the status quo since merchants either accept card information through UI that they control, or they redirect users to payment service providers with whom they have existing relationships. Note that if we allow merchants to restrict payment apps that might end up requiring the customer to register multiple payment apps for the same payment method, which would complicate the user experience for the same payment method.
-    <p class="issue" title="Should merchants be able to limit matching to trusted apps?">
-    See <a href="https://github.com/w3c/webpayments-payment-apps-api/issues/1">issue 1</a> about whether we should including filtering on accepted payment apps.
-  </p>
-</li>
   </ul>
 </li>
-<li> The browser uses this information in conjunction with user preferences to:
+<li> The browser can use this information in conjunction with user preferences to:
   <ul>
-    <li>   Filter payment apps (to matching payment methods and accepted payment apps)</li>
+    <li>   Filter payment apps (to matching payment methods)</li>
 <li>        Order payment apps (according to merchant specified order)</li>
 <li>        Display recommended payment apps (according to merchant recommended payment app order)</li>
     </ul>
@@ -338,7 +332,7 @@ <h3>Registration and Unregistration</h3>
   <section>
     <h3>Payment App Identification</h3>
     <ul>
-<li>    For both "recommended" and "accepted" payment apps, we will need payment app identifiers (PAIs).</li>
+<li>    For recommended payment apps we will need payment app identifiers (PAIs).</li>
 <li>    A PAI should include origin information. This origin information may be used in a variety of ways:
   <ul>
 <li>        The origin information could enable browsers to provide the user with useful services when the user is browsing a site with the same origin (e.g., putting that payment app at the top of a list or otherwise highlighted).</li>
@@ -460,12 +454,6 @@ <h3>Payment App Selection States</h3>
               The Working Group has not yet agreed that the system should support recommended payment apps.
               Inclusion might involve small changes to payment request API.</p>
       </dd>
-      <dt><dfn id="dfn-accepted-payment-app">accepted payment app</dfn></dt>
-      <dd>a payment app accepted by the payee. When the payee specifies one or more accepted payment apps, this is a signal that the payee <em>only</em> accepts these payment apps, and thus any matching is limited to these payment apps.
-          <p class="issue" title="Accepted Payment Apps is still under discussion">
-              The Working Group has not yet agreed that the system should support accepted payment apps.
-              Inclusion might involve small changes to payment request API.</p>
-      </dd>
       <dt><dfn id="dfn-displayed-payment-app">displayed payment app</dfn></dt>
 	  <dd>A <a>matching payment app</a> or <a>recommended payment app</a> with at least one selectable payment option (i.e. presented by the browser for user selection).</dd>
 
@@ -603,8 +591,7 @@ <h3>PaymentApp.register()</h3>
             <dt><code>request_url</code> parameter</dt>
             <dd>
                 <p>
-                    The <dfn id="payment-app-request-url"><code>request_url</code></dfn> is a string that
-                    represents the <dfn>request URL</dfn>, which is the <a>URL</a> that accepts
+                    The <dfn id="payment-app-request-url"><code>request_url</code></dfn> identifies a service that accepts
                     payment request messages via HTTP POST.
                 </p>
                 <p>

From e90e796c58f5cecf3c7ca5a286577d18cfae32de Mon Sep 17 00:00:00 2001
From: Ian Jacobs <ij@w3.org>
Date: Wed, 10 Aug 2016 14:01:44 -0500
Subject: [PATCH 2/2] Editorial adjustments to section on registration

* based on discussion at 10 August payment app task force call
---
 index.html | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/index.html b/index.html
index 9c14508..88e921d 100644
--- a/index.html
+++ b/index.html
@@ -299,7 +299,13 @@ <h3>Decoupling and Trust</h3>
   <section>
     <h3>Registration and Unregistration</h3>
     <ul>
-      <li>The user registers a payment app with the user agent, which provides developers with primitives for this
+      <li>Registration provides a way for browsers
+	to remain aware of the user's payment apps across transactions.</li>
+      <li>This design should not require registration as a
+	prerequisite for using a payment app. In particular, a user
+	should be able to pay with a merchant-recommended payment app
+	that the user has not yet registered.</li>
+      <li>When registration is desired, the user registers a payment app with the user agent, which provides developers with primitives for this
           purpose. For example, when using a Web-based payment app, the user can push a button to register the payment app.
           When using a native app, the native app can open a Web page that supports registration.</li>
       <li>During registration, information about enabled payment methods and available payment options is provided to the user agent.
@@ -307,8 +313,8 @@ <h3>Registration and Unregistration</h3>
           proposal, there are no requirements for a payment app to be able to respond to user agent queries for updated
           registration information. In this proposal, payment apps update the information that a user agent has stored about them
           by re-calling the registration API.</li>
-      <li>We expect registrations will happen at various times (e.g., outside and inside of checkout), and with differing levels of
-          user consent to modify their configuration within the user agent. A general rule is that explicit consent is not required
+      <li>We expect registrations to happen at various times (e.g., outside and inside of checkout), and with differing levels of
+          user consent to modify their configuration within the user agent. In general, explicit consent should not be required
           while the user is within the context of the payment request UI. Here are some examples:
         <ul>
           <li>When the merchant recommends a payment app and the user selects it, registration can happen in that moment without
@@ -318,15 +324,10 @@ <h3>Registration and Unregistration</h3>
               from the display of merchant-recommended apps).</li>
           <li>When the user installs native payment app, registration can happen as part of the app installation process and
               requires consent through the user agent it triggers the registration through.</li>
-          <li>Users visiting a Web site (e.g., merchant or bank) may wish to explicitly register payment apps and requires explicit
+          <li>Users visiting a Web site (e.g., merchant or bank) may wish to explicitly register payment apps, which would require explicit
               consent from the user.</li>
         </ul>
       </li>
-      <li>Registration is not required to invoke a payment app or process a response. If a payment app is included in the list of
-          recommended apps provided by the merchant and the user selects it during the checkout process then the app is not required
-          to register itself with the user agent, it can still walk the user through the payment process that it provides and in the
-          end provide a payment response to the user agent.</li>
-
     </ul>
   </section>
   <section>