Skip to content

Commit 9a3c6d9

Browse files
ianbjacobsmarcoscaceres
authored andcommitted
Changes stemming from privacy review: (#856)
- Corrected bug by removing MUST language from the informative introduction. - Corrected bug by aligning the definition of requestBillingAddress (under 9. PaymentOptions dictionary) to look like the other definitions (and include "SHOULD"). - Enhanced 19.6 Exposing user information by explaining more both the reason for PaymentMethodChangeEvent and the privacy implications. Enhanced the explanation by allowing for other ways to minimize data sharing, including an emerging idea for providing an "exclude" array (or similar) as payee request data that could be used by the payment method definition to limit which response elements are returned.
1 parent 0358fb3 commit 9a3c6d9

File tree

1 file changed

+41
-24
lines changed

1 file changed

+41
-24
lines changed

index.html

Lines changed: 41 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -228,14 +228,6 @@

228228
that results in a <a>dictionarya> or <a data-cite=
229229
"WEBIDL#idl-object">objecta> or null.
230230
p>
231-
<p>
232-
A <a>payment handlera> that defines <a>steps for when a user
233-
changes payment methoda> MUST redact the <a>address linea>,
234-
<a>organizationa>, <a>phone numbera>, and <a>recipienta> from
235-
any <a>PaymentAddressa> included in the
236-
<a>PaymentMethodChangeEventa>'s <a data-link-for=
237-
"PaymentMethodChangeEvent">methodDetailsa> attribute.
238-
p>
239231
dd>
240232
dl>
241233
<p>
@@ -2147,14 +2139,15 @@

21472139
<dfn>requestBillingAddressdfn> member
21482140
dt>
21492141
<dd data-link-for="PaymentMethodChangeEvent">
2150-
A boolean that instructs the <a>user agenta> to get the billing
2151-
address associated with a <a>payment methoda> (e.g., the billing
2152-
address associated with a credit card). Typically, the user agent
2153-
will return the billing address as part of the
2154-
<a>PaymentMethodChangeEventa>'s <a>methodDetailsa>, albeit
2155-
possibly with parts of the address redacted for privacy reasons. A
2142+
A boolean that indicates whether the <a>user agenta> SHOULD collect
2143+
and return the billing address associated with a <a>payment
2144+
methoda> (e.g., the billing address associated with a credit card).
2145+
Typically, the user agent will return the billing address as part of
2146+
the <a>PaymentMethodChangeEventa>'s <a>methodDetailsa>. A
21562147
merchant can use this information to, for example, calculate tax in
2157-
certain jurisdictions.
2148+
certain jurisdictions and update the displayed total. See below for
2149+
privacy considerations regarding <a href="#user-info">exposing user
2150+
informationa>.
21582151
dd>
21592152
<dt>
21602153
<dfn>requestPayerNamedfn> member
@@ -5273,21 +5266,13 @@

52735266
p>
52745267
section>
52755268
<section>
5276-
<h2>
5269+
<h2 id="user-info">
52775270
Exposing user information
52785271
h2>
52795272
<p>
52805273
The <a>user agenta> MUST NOT share information about the user with
52815274
a developer (e.g., the shipping address) without user consent.
52825275
p>
5283-
<p>
5284-
One way that the API supports limited information sharing is through
5285-
the "<var>redactListvar>" associated with the creation of
5286-
<a>physical addressesa> throughout the API. This feature enables
5287-
user agents to provide the payee with enough information to compute
5288-
shipping costs or tax information, while limiting the payee's ability
5289-
to identify the payer via the address.
5290-
p>
52915276
<p>
52925277
The <a>user agenta> MUST NOT share the values of the <a data-lt=
52935278
"PaymentDetailsBase.displayItems">displayItemsa> member or
@@ -5296,6 +5281,38 @@

52965281
member with a third-party <a>payment handlera> without user
52975282
consent.
52985283
p>
5284+
<p>
5285+
The <a>PaymentMethodChangeEventa> enables the payee to update the
5286+
displayed total based on information specific to a selected
5287+
<a>payment methoda>. For example, the billing address associated
5288+
with a selected <a>payment methoda> might affect the tax
5289+
computation (e.g., VAT), and it is desirable that the user interface
5290+
accurately display the total before the payer completes the
5291+
transaction. At the same time, it is desirable to share as little
5292+
information as possible prior to completion of the payment.
5293+
Therefore, when a <a>payment methoda> defines the <a>steps for when
5294+
a user changes payment methoda>, it is important to minimize the
5295+
data shared via the <a>PaymentMethodChangeEventa>'s
5296+
<a data-link-for="PaymentMethodChangeEvent">methodDetailsa>
5297+
attribute. Requirements and approaches for minimizing shared data are
5298+
likely to vary by <a>payment methoda> and might include:
5299+
p>
5300+
<ul>
5301+
<li>Use of a "<var>redactListvar>" for <a>physical addressesa>.
5302+
The current specification makes use of a "<var>redactListvar>" to
5303+
redact the <a>address linea>, <a>organizationa>, <a>phone
5304+
numbera>, and <a>recipienta> from a <a data-link-for=
5305+
"PaymentRequest">shippingAddressa>.
5306+
li>
5307+
<li>Support for instructions from the payee identifying specific
5308+
elements to exclude or include from the <a>payment methoda>
5309+
response data (returned through
5310+
<a>PaymentResponsea>.<var>detailsvar>). The payee might provide
5311+
these instructions via <a>PaymentMethodDataa>.<var>datavar>,
5312+
enabling a <a>payment methoda> definition to evolve without
5313+
requiring changes to the current API.
5314+
li>
5315+
ul>
52995316
<p>
53005317
Where sharing of privacy-sensitive information might not be obvious
53015318
to users (e.g., when <a data-lt=

0 commit comments

Comments
 (0)