KEMBAR78
Changes stemming from privacy review by ianbjacobs · Pull Request #856 · w3c/payment-request · GitHub
Skip to content

Changes stemming from privacy review #856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2019
Merged

Changes stemming from privacy review #856

merged 1 commit into from
Apr 2, 2019

Conversation

ianbjacobs
Copy link
Collaborator

@ianbjacobs ianbjacobs commented Mar 25, 2019
edited by pr-preview bot
Loading

cc @plehegar, @swickr, @samuelweiler

  • Corrected bug by removing MUST language from the informative introduction.
  • Corrected bug by aligning the definition of requestBillingAddress (under 9. PaymentOptions dictionary) to look like the other definitions (and include "SHOULD").
  • Enhanced 19.6 Exposing user information by explaining more both the reason
    for PaymentMethodChangeEvent and the privacy implications. Enhanced the
    explanation by allowing for other ways to minimize data sharing, including
    an emerging idea for providing an "exclude" array (or similar) as payee
    request data that could be used by the payment method definition to
    limit which response elements are returned.

Relates to
w3c/payment-method-basic-card#72

The following tasks have been completed:

  • Confirmed there are no ReSpec errors/warnings.
  • Modified Web platform tests (link)
  • Modified MDN Docs (link)
  • Has undergone security/privacy review (link)

Implementation commitment:

  • Safari (link to issue)
  • Chrome (link to issue)
  • Firefox (link to issue)
  • Edge (public signal)

Optional, impact on Payment Handler spec?

If we merge this pull request, I would like to update that documentation to mention privacy protection around the event.

Preview | Diff

@ianbjacobs
Changes stemming from privacy review:
3b636f6 
- Corrected bug by removing MUST language from the informative introduction.
- Corrected bug by aligning the definition of requestBillingAddress (under 9. PaymentOptions dictionary) to look like the other definitions (and include "SHOULD").
- Enhanced 19.6 Exposing user information by explaining more both the reason
  for PaymentMethodChangeEvent and the privacy implications. Enhanced the
  explanation by allowing for other ways to minimize data sharing, including
  an emerging idea for providing an "exclude" array (or similar) as payee
  request data that could be used by the payment method definition to
  limit which response elements are returned.
@ianbjacobs ianbjacobs mentioned this pull request Mar 25, 2019
Closed
marcoscaceres
marcoscaceres approved these changes Mar 26, 2019
View reviewed changes
Copy link
Member

@marcoscaceres marcoscaceres left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with this change. It's handled at the handler level.

@mountainhippo
Copy link
Collaborator

@ianbjacobs - these changes look good to me. I think this PR will help address some of the questions raised by PLH and Ralph.

danyao
danyao approved these changes Mar 26, 2019
View reviewed changes
Copy link
Collaborator

@danyao danyao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@samuelweiler
Copy link
Member

My first impression is that these changes to do not resolve the concern I raised in #842. I am happy to discuss this further after the IETF meeting.

@marcoscaceres marcoscaceres merged commit 9a3c6d9 into gh-pages Apr 2, 2019
@marcoscaceres marcoscaceres deleted the privacy_20130325 branch April 2, 2019 04:27
@marcoscaceres
Copy link
Member

Got ok from W3C Director to merge this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adrianhopebailie adrianhopebailie adrianhopebailie approved these changes

@marcoscaceres marcoscaceres marcoscaceres approved these changes

@danyao danyao danyao approved these changes

@rsolomakhin rsolomakhin Awaiting requested review from rsolomakhin rsolomakhin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ianbjacobs @mountainhippo @samuelweiler @marcoscaceres @adrianhopebailie @danyao