> On Apr 5, 2015, at 8:02 PM, Ryan Kelly <[email protected]> wrote:
> Internally we may implement it atop a more generic fxa-attached
> cloud-storage thing based on Tarek's team's ongoing work. But I like
> the idea of it appearing to the rest of the world as a separate
> "payments info" service with a purpose-specific API.
>
> What downsides do you see to implementing this as a special-purpose API?
We have to implement the API and auth around such an end point. Ideally we’d
want to make it as similar to all the other fxa services as possible. Which
means that there is more auth code, more bugs, more things to maintain, the
usual stuff.
>> The goal is not to do to much specific around payments in Firefox Accounts,
>> but in the end there's nothing special about an end-point like purchases.
>> Its just an end point in the profile server with particular ACLs around it.
>
> Are all of the users purchases represented on a single endpoint? Does
> this mean that Mozilla Concrete is able to see what I've purchased on
> other unrelated services?
Thats a good point and something that could be scoped down. With only one
client in the initial roll out and all other clients being Mozilla properties,
unrelated services don’t seem to be a huge concern.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
