= $all-$resolved ?> Open; = $resolved ?> Resolved; = $all ?> Total (0% complete)
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
The goal of the Web Payments architecture is to allow Open Web Apps to initiate a payment (or a refund) from the user for a virtual good via the
The normal usage is as follows:
- The app initiates a payment by signing a JWT request and calling
- This starts the buyflow in a content iframe inside a trusted dialog ("chrome dialog").
- A purchasing flow is served from the Payment Provider's server as an HTML5 document inside the trusted dialog.
- The buyer is authenticated by the Payment Provider (via the network (radio) or BrowserID assertion in the B2G scenario).
- The buyer completes or cancels the purchase. (Note that the Payment Provider might require an authorization step).
- The app serser receives a signed POST request with a Payment Provider transaction identifier indicating that the purchase was completed successfully.
See the following pages for further detail:
What solutions/approaches were considered other than the proposed solution?
- marketplace to proxy other payment providers
Why was this solution chosen?
- Transfer risk to payment providers, rather than in the client or Mozilla managed services.
Any security threats already considered in the design and why?
|Action Item Status||In Progress|
|* Who :: What :: By when (Keep in mind all these things will be bugs that block the review bug, that blocks the feature bug)
pauljt:: Review trusted modal dialog js ::asap
|Tracker Bug||https://bugzilla.mozilla.org/show_bug.cgi?id=767818">bug 767818</a>|
|Status||Green (Green, Yellow, Red?)|
|Product manager||Andreas Gal?|
|Engineering lead||Fernando Jiménez Moreno|
|Security lead||Raymond Forbes|
|Product marketing lead||-|
Stage 1: Definition
Include brief summary of feature/project, and link back to core feature/product pages. Links:
- <a href="https://docs.google.com/document/d/1NLKbHVPQXa9uvDBC3cfgOD7sIrtIxi0qDoXMQrxcCsI/edit">Draft Specification</a>
See specification document above.
- <a href="">Developer registration flow</a>
- <a href="">High level data flows</a>
- [todo add detailed data flows]