297
edits
Security/Reviews/CloudServices/Marketplace Payments: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/CloudServices/Marketplace Payments (view source)
Revision as of 03:18, 25 March 2015
, 25 March 2015→Architecture Diagram: added payment flow tables
(→Architecture Diagram: adding payment security contexts) |
(→Architecture Diagram: added payment flow tables) |
||
| Line 179: | Line 179: | ||
===== Payment | ===== Marketplace App Payment Flows ===== | ||
Payments flows are initiated from the Marketplace which is under Mozilla’s control | |||
===== Desktop ===== | ===== Desktop ===== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Line 190: | Line 190: | ||
|| Popup | || Popup | ||
|- | |- | ||
| 2. || Provider payment entry || Popup | | 2. || Provider payment entry || Popup, page hosted by payment provider | ||
|- | |- | ||
| 3. || Communication with popup || Javascript library: fxpay | | 3. || Communication with popup || Javascript library: fxpay | ||
|} | |||
===== Firefox OS / Android ===== | |||
{| class="wikitable" | |||
|- | |||
! ID !! Actions !! Element | |||
|- | |||
| 1. || Pre-provider flows PIN creation/enter/reset etc (Same domain as marketplace) | |||
|| Trusted UI | |||
|- | |||
| 2. || Provider payment entry || Trusted UI, page hosted by payment provider | |||
|- | |||
| 3. || Open and communicate with Trusted UI || JavaScript platform function: navigator.mozPay() | |||
|- | |||
| 4 || Open and communicate with MozPay || JavaScript library: fxpay | |||
|} | |||
===== In-App Payment Flows ===== | |||
Payment flows are initiated from 3rd party app domains - Mozilla no control over the apps or domains. They have been approved by and have a payments account on the Marketplace, but can change their code at any time (for hosted apps). | |||
===== Desktop ===== | |||
{| class="wikitable" | |||
|- | |||
! ID !! Actions !! Element | |||
|- | |||
| 1. || Pre-provider flows PIN creation/enter/reset etc (3rd party app domain) | |||
|| Popup, page hosted by payment provider | |||
|- | |||
| 2. || Provider payment entry || Popup, page hosted by payment provider | |||
|- | |||
| 3. || Communication with popup || Javascript payments library run from 3rd party app domain: fxpay | |||
|} | |||
===== Firefox OS / Android ===== | |||
{| class="wikitable" | |||
|- | |||
! ID !! Actions !! Element | |||
|- | |||
| 1. || Pre-provider flows PIN creation/enter/reset etc (Same domain as marketplace) | |||
|| Trusted UI | |||
|- | |||
| 2. || Provider payment entry || Trusted UI, page hosted by payment provider | |||
|- | |||
| 3. || Open and communicate with Trusted UI || JavaScript platform function: navigator.mozPay() | |||
|- | |||
| 4 || Open and communicate with MozPay || JavaScript library: fxpay | |||
|} | |} | ||