TPAC 2016: Payment Apps Task Force Update
Ian Jacobs, W3C
Payment Apps Task Force Update
Overview
About the Task Force
Primary spec changes since July
Key topics for discussion
Proposal
About the Task Force
Alibaba: Dapeng, Kepeng
Amex: Ben
Facebook: Roy
Gemalto: Laurent
Google: Rouslan
Mozilla: Adam
Ripple: AdrianHB
Samsung: Mahesh, Dongwoo
Shopify: Andre, Jason
Worldpay: Conor
W3C: Ian
Convened 8 meetings since July FTF.
Primary Spec Changes Since July
See
Payment App API
:
Addition of
4. Payment App Model and Design Considerations
following request for design rationale at July FTF meeting
Addition of Service Workers approach to registration and communication (sections 6, 7, 10)
Addition of material to
10. Security and Privacy Considerations
Primary Spec Changes Since July (continued)
Clarified concept of registration (including that registration is not always required)
Added some
more examples
of how browsers might display selectable payment apps
Removed: concept of "accepted" payment apps, concept of "browser-recommended" payment app
TPAC Discussion Topics
Service Workers
Payment Methods and Payment Apps
User Experience Harmonization
Protocol Questions
Native Payment Apps
See
Issues List
Service Workers
For registration, updates, unregistration
Provide security advantages (origin-based)
Provide offline use / enable management of network failures
Do we agree that we should take a service workers approach?
Payment Methods and Payment Apps
Relationship between identifiers
Role of URLs and dereferenceability
Inclusion of payment app info in payment method manifest
User Experience Harmonization
User Experience Descriptions
Specifically:
Optimization for one-match
Handling recommended, enabled, supported, ...
What are requirements (and what is left to browsers)?
Related issues:
38
,
14
,
16
Continue
discussion on display order
(
23
)
Protocol Questions
Push payment support
Issue 37
: Browser based apps canceling payment
Issue 6
: Enable merchants to query browser to see if same origin app registered?
Relation to other query questions: any apps registered? required payment methods supported?
See
Max propsal re: security
Native Payment Apps
Expectation is that proprietary payment method owners authorize who can distribute payment apps that support that payment method. (
Please confirm
)
Authenticity (see
Max's proposal
)
How do we talk about registration, invocation?
Proposal
Advance
Payment App API
to FPWD
Thank you