From c09677cab29d84fb0cda9bec51b2cbf672ea3933 Mon Sep 17 00:00:00 2001
From: Shane McCarron
Date: Mon, 26 Sep 2016 10:29:45 -0500
Subject: [PATCH] Use 'user agent' all the time
The spec was inconsistent in the use of browser vs user agent. This change switches over to user agent everywhere except in the definition itself, where it is appropriate to describe a user agent as a browser or other...
---
index.html | 60 +++++++++++++++++++++++++++---------------------------
1 file changed, 30 insertions(+), 30 deletions(-)
diff --git a/index.html b/index.html
index 38ec31b..b93af79 100644
--- a/index.html
+++ b/index.html
@@ -125,7 +125,7 @@ Introduction
How the user agent invokes a payment app, communicates input/response data with it, and returns the response data to the underlying Payment Request API.
Payment apps may be implemented in a variety of ways: as Web applications, native operating system applications,
- browser extensions, built-in user agent components, interface-less Web services, or a combination.
+ user agent extensions, built-in user agent components, interface-less Web services, or a combination.
This specification does not cover every aspect of communication on every platform.
The Web Payments Working Group has used the term
"mediator" to refer to the software (here, the user agent) that carries out the activities defined in this
@@ -327,7 +327,7 @@
Decoupling and Trust
Users may choose to use "open" or "proprietary" payment methods, so the payment app ecosystem must support both. Users must be able to register payment apps of their choosing. We expect the user to have greater choice of third party payment apps for open payment methods than for proprietary payment methods. Examples of open payment methods include card payment and SEPA credit transfer.
For privacy, the design should limit information about the user's environment available to merchant without user consent. That includes which payment apps the user has registered. For open payment methods, the merchant should not receive information about which payment app the user selected to pay unless the user consents to share that information. See issue 224 for discussion about how merchant may track progress of a push payment.
Although decoupling relieves merchants of implementing some aspects of the checkout experience, one consequence is that they give up some degree of control. This was already the case for proprietary payment methods, but for open payment methods such as cards, merchants (or their PSPs) will be entrusting some portion of data collection to third party payment apps.
-The design therefore includes support for merchants to recommend payment apps and suggest the ordering of payment methods. The design should endeavor not to constrain how browsers make use of this information, only provide guidance to browser makers about taking into account both merchant and user preferences.
+The design therefore includes support for merchants to recommend payment apps and suggest the ordering of payment methods. The design should endeavor not to constrain how user agents make use of this information, only provide guidance to user agent makers about taking into account both merchant and user preferences.
Here are preferences the system might support:
- Accepted payment methods (payment methods the merchant accepts, and no others may be used; part of payment request API)
@@ -335,7 +335,7 @@ Decoupling and Trust
- Recommended payment apps (payment apps the merchant prefers, but others may be used)
- The browser can use this information in conjunction with user preferences to:
+ The user agent can use this information in conjunction with user preferences to:
- Filter payment apps (to matching payment methods)
- Order payment apps (according to merchant specified order)
@@ -347,7 +347,7 @@ Decoupling and Trust
Registration and Unregistration
- - Registration provides a way for browsers
+
- Registration provides a way for user agents
to remain aware of the user's payment apps across transactions.
- Registration is not a
prerequisite for using a payment app. In particular, a user
@@ -360,7 +360,7 @@
Registration and Unregistration
- When registration is desired it might happen in a variety of ways:
- This working group will define an API available for all types of payment apps.
- - Native apps and browsers may have platform-specific ways to achieve the same (or similar) result.
+ - Native apps and user agents may have platform-specific ways to achieve the same (or similar) result.
- We expect registrations to happen at various times (e.g., outside and inside of checkout), and with differing levels of
@@ -380,7 +380,7 @@
Registration and Unregistration
proposal, there are no requirements for a payment app to be able to respond to user agent queries for updated
registration information. In this proposal, payment apps update the information that a user agent has stored about them
by re-calling the registration API. (See issue 36.)
- - We expect browsers to distinguish themselves in how they balance different ease of registration and security.
+ - We expect user agents to distinguish themselves in how they balance different ease of registration and security.
- It is important for merchants and users to be able to trust the
authenticity of payment apps. A starting point is to rely on origin information (e.g., if a payment app is registered on a Web site). In contexts where origin binding is not available (e.g., potentially in the case of recommended payment apps) other mechanisms should be considered to help establish authenticity (e.g., invocation-time confirmation of a digital signature of a claimed origin).
@@ -391,8 +391,8 @@ Payment App Identification
- For recommended payment apps we will need payment app identifiers (PAIs). See discussion around issue 35.
- A PAI should include origin information. This origin information may be used in a variety of ways:
-- The origin information could enable browsers to provide the user with useful services when the user is browsing a site with the same origin (e.g., putting that payment app at the top of a list or otherwise highlighted).
-- For a "proprietary" payment method with an associated origin, the browser can do some (security) checks by comparing the origin of the payment method and the payment app.
+- The origin information could enable user agents to provide the user with useful services when the user is browsing a site with the same origin (e.g., putting that payment app at the top of a list or otherwise highlighted).
+- For a "proprietary" payment method with an associated origin, the user agent can do some (security) checks by comparing the origin of the payment method and the payment app.
- A PAI should allow for granularity (e.g., payment app versioning); we should consider URLs.
@@ -410,7 +410,7 @@ Payment App Matching
payment options for selection by the user. The user agent may also display payee-recommended payment apps, which are
displayed distinctly for the user. This mechanism is intended to support use cases such as a merchant
recommending their own payment app to the user, or a payment app that they trust for a proprietary payment method.
- The user agent may offer features to facilitate selection (e.g., launch a chosen payment app or option every time the
+
The user agent may offer features to facilitate selection (e.g., launch a chosen payment app or option every time the
user wants to pay at a given Web site); those features lie outside the scope of this specification.
The user selects a payment option to make a payment. The user may also select a recommended payment app.
@@ -420,8 +420,8 @@ User Experience
- The system should minimize user interaction for payment app registration, payment app selection, and payment credentials selection. Ideas include:
- - When only one payment app matches, the browser does not require user selection to launch it.
- - The browser displays payment options for direct selection by the user, avoiding the need for the user to make a second selection within the payment app context. The payment app provides the browser with sufficient information to display payment options. It is still possible to launch the payment app upon selection of a payment option, and in some cases the payment app may return a response without further user interaction, depending on the nature of the payment method.
+ - When only one payment app matches, the user agent does not require user selection to launch it.
+ - The user agent displays payment options for direct selection by the user, avoiding the need for the user to make a second selection within the payment app context. The payment app provides the user agent with sufficient information to display payment options. It is still possible to launch the payment app upon selection of a payment option, and in some cases the payment app may return a response without further user interaction, depending on the nature of the payment method.
- It is likely that this specification will include guidance rather than requirements about specific user experience optimizations.
@@ -464,10 +464,10 @@ Definitions
Payment App Implementation Technology
- -
- browser-based payment app
- - a payment app that runs in a browser. Browser-based
+
-
+ user agent-based payment app
+ - a payment app that runs in a user agent. User agent-based
payment apps may elect to display a user interface, or to operate without
any user interaction. This decision is made at runtime, and may vary based
on criteria of the app's choosing (such as how long it has been since the
@@ -489,7 +489,7 @@
Payment App Implementation Technology
- payment app window
-
- A service worker
WindowClient
used by browser-based
+ A service worker WindowClient
used by user agent-based
payment apps to interact with the user when doing so is necessary to
complete the payment transaction.
@@ -534,7 +534,7 @@ Payment App Selection States
Inclusion might involve small changes to payment request API. The group has also discussed the idea of user agent-recommended payment apps, for example, when the user agent is aware of an app for a proprietary payment method. The current specification does not provide for user agent-recommended apps but could be extended to do so.
displayed payment app
- A matching payment app or recommended payment app with at least one selectable payment option (i.e. presented by the browser for user selection).
+ A matching payment app or recommended payment app with at least one selectable payment option (i.e. presented by the user agent for user selection).
selected payment app
the payment app whose option has been selected by the user to make a payment, but not yet invoked.
@@ -611,7 +611,7 @@ Payment App Invocation and Response Data
Overview of Service-Worker-Based Approach
In this specification we use service workers
- to connect browsers with browser-based payment apps. We do so for
+ to connect user agents with user agent-based payment apps. We do so for
several reasons:
@@ -629,7 +629,7 @@ Overview of Service-Worker-Based Approach
- The use of service workers restricts browser-based payment apps so
+ The use of service workers restricts user agent-based payment apps so
that they must run only in secure contexts. The introduction of this
restriction is deliberate, due to the sensitivity of the role that payment
apps play.
@@ -640,11 +640,11 @@
Overview of Service-Worker-Based Approach
Through registration, a service worker is created and
associated with payment methods
(and associated metadata).
- When the payment request API
is called, the browser
+ When the payment request API
is called, the user agent
displays a list of registered service workers associated
with matching payment methods (along with any other payment apps
- that may be available to the browser).
- When the user selects a browser-based payment
+ that may be available to the user agent).
+ When the user selects a user agent-based payment
app, the corresponding service worker is activated, and
it receives a PaymentRequestEvent.
Once active, the payment app performs whatever steps are
@@ -751,7 +751,7 @@
- Register the payment app with the browser for future use,
+ Register the payment app with the user agent for future use,
associating manifest's label
and
icon
with the payment app for user reference.
@@ -901,7 +901,7 @@
Registration Example
-
The following example shows how to register a browser-based payment
+ The following example shows how to register a user agent-based payment
app:
navigator.serviceWorker.register('/exampleapp.js')
@@ -1029,7 +1029,7 @@ Examples of Ordering of Selectable Payment Apps
Enable the user to set a default payment app for a Web site (e.g., the payment app distributed by that
retailer), and display that payment at the top of a list for that
site.
- Based on how frequently the user has selected a payment app, the browser can automatically display that one closer to the top of a list.
+ Based on how frequently the user has selected a payment app, the user agent can automatically display that one closer to the top of a list.
If the user initiates a purchase on a site with the same origin as that associated with a payment app, display that app at the top of a list.
@@ -1250,7 +1250,7 @@ Payment App Invocation
Payment apps are invoked when a payee requests a payment
by calling PaymentRequest.show()
and the user selects a
payment app (or has one implicitly selected by previously established
- user preferences). If the user selects a browser-based payment
+ user preferences). If the user selects a user agent-based payment
app to service the request, the service worker corresponding
to that application receives an event with the
PaymentAppRequestData containing information about the payment
@@ -1316,12 +1316,12 @@
Upon receiving a payment request by way of
PaymentRequest.show()
and subsequent user selection of a
- browser-based payment app, the user agent MUST run
+ user agent-based payment app, the user agent MUST run
the following steps or their equivalent:
- Let registration be the service worker
- registration corresponding to the browser-based payment app
+ registration corresponding to the user agent-based payment app
selected by the user.
- If registration is not found, reject the Promise that
@@ -1372,7 +1372,7 @@
worker is allowed to open a window.
- The actual rendering of a payment app window is a browser
+ The actual rendering of a payment app window is a user agent
implementation detail. While opening an entirely new window is possible,
it is more likely that the contents will be rendered in a way that makes
it more obvious that the interactions pertain to the payment
@@ -1611,7 +1611,7 @@
Data Validation
Private Browsing Mode
- - When the Payment Request API is invoked in a "private browsing mode," the browser should launch browser-based payment apps in a private context. This will generally prevent sites from accessing any previously-stored information. In turn, this is likely to require either that the user log in to the payment app or re-enter payment instrument details.
+ - When the Payment Request API is invoked in a "private browsing mode," the user agent should launch user agent-based payment apps in a private context. This will generally prevent sites from accessing any previously-stored information. In turn, this is likely to require either that the user log in to the payment app or re-enter payment instrument details.