Introduction

At TPAC 2015 this year, we listed issues that require the attention of the working group. This wiki is a temporary repository for them, allowing the group to edit them before formally adopting them.

Topics

Payment App

• See RegistrationTypes
• Are remote Payment Apps in scope (e.g., do we need to support their registration)?

Payment Mediator

• How to handle the case when there are no registered payment instruments?
• How might legacy flows be supported if no suitable Payment Apps available? Does the API deal with it or does this fall outside of scope (question on deployment/transition approach)?
• Where is currency matching done if Payment App supports different from merchant requesting?

Flows

• See Flows
• Should flows be different for different types of payment instrument (e.g. Knife, fork, Spoon analogy from Brad) as supported in CG proposal? Where would implementation be and what data would influence this decision, where would data come from?
• Should an API call for completion of payment instrument flow be supported?
• Do we need to support risk assessment provider somewhere in flows?
• Is there a REST-API based message flow?
• How is ISO20022 integrated into the flow? Is it? Is it only for backend flows?
• How are refunds handled?

Messages

• Data format: JSON or JSON-LD?
• How do organizations layer additional information in the core messages (e.g., JSON + IETF-like registry; JSON-LD + industry-specific vocabularies)

Security

• Should the API be available only for secure contexts?
• Is HTTPS the basic underlying communication semantics/protocol?
• How are messages trusted (e.g., secure channel between sender and receiver, digital signatures on some messages)?