secure-payment-confirmation icon indicating copy to clipboard operation
secure-payment-confirmation copied to clipboard

Published 20 hours ago verified publisher icon w3c

Limitations for showing transaction data

Open kseybold opened this issue 1 year ago • 5 comments

In the SPC spec I can't find any limitations for the displayName field. If it is already defined , where is it defined? If not, maybe it should be defined...

Regarding the current implementation in Chromium:

Whats the max length? Can the displayName be multiline?

kseybold avatar Apr 09 '24 07:04 kseybold

For more context: https://groups.google.com/a/chromium.org/g/payments-dev/c/CN-FmELGMWs/m/6AGPP58kAAAJ

rsolomakhin avatar Apr 09 '24 14:04 rsolomakhin

We don't currently have limits set on PaymentInstrument.displayName or on any other field intended to be user visible in SPC, but we probably should have some guidance.

In general, the fields should all be viewed as short and specific pieces of information about the given item (whether thats the PaymentInstrument, the payeeName, etc). WebAuthn has similar strings, and has the following guidance section for user agents that includes the ability to arbitrarily truncate strings: https://w3c.github.io/webauthn/#sctn-strings

@ianbjacobs - #agenda? :D

stephenmcgruer avatar Apr 09 '24 15:04 stephenmcgruer

@stephenmcgruer, will do.

ianbjacobs avatar Apr 09 '24 23:04 ianbjacobs

Discussed at 25 April meeting

ianbjacobs avatar Apr 25 '24 14:04 ianbjacobs

Discussed at 25 April meeting

To summarize, the agreed upon outcome was to build character limits into the spec, based on the 3DS protocol requirements as a starting point. I own putting together a PR for that, to be reviewed at a future WG sync.

stephenmcgruer avatar Apr 29 '24 16:04 stephenmcgruer