On 6/04/2015 18:13, Tarek Ziade wrote: > On Mon, Apr 6, 2015 at 5:02 AM, Ryan Kelly <[email protected] > <mailto:[email protected]>> wrote: > > [...] > > Mozilla Concrete will now need to query and find out if she has > purchased a product. There are a few different ways of doing this: > > > > 1) payments stands up an API that can receive the appropriate bearer > token for that user or > > I suspect it's not the solution you intend to advocate, but at first > glance, this feels like the right shape for the public-facing API of > this thing. > > Internally we may implement it atop a more generic fxa-attached > cloud-storage thing based on Tarek's team's ongoing work. But I like > the idea of it appearing to the rest of the world as a separate > "payments info" service with a purpose-specific API. > > > Even if the payment app has its own server and specific endpoint - I > really like the idea of having all your "My Firefox Data" reachable from > the same endpoint. I think it can be done even if each collection of > data is separated. > e.g. > > /files > /applications/payment > /applications/readinglist > /profile > /... > > with specific per-app permissions (how it works is to be defined). This > is very close to Dropbox' model.
Yes, I agree there's something very compelling and "Mozilla-ish" about such a model. We should definitely work towards it. The security question is simpler in this case since we can assume the user is only accessing their own data, and potentially in a read-only view. Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
