diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-03-12 02:54:30 -0500 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-03-12 02:54:30 -0500 |
commit | 3bb8e8c374807cb245bbbceff68cbe94e4d6528d (patch) | |
tree | b7196aff1b6ae27dbe2a08273332d3ffb8e714d6 | |
parent | f8fbc7437faff3c3523145d27a5053fce7e68f28 (diff) | |
download | docs-3bb8e8c374807cb245bbbceff68cbe94e4d6528d.tar.gz docs-3bb8e8c374807cb245bbbceff68cbe94e4d6528d.tar.bz2 docs-3bb8e8c374807cb245bbbceff68cbe94e4d6528d.zip |
rewrite claim token details per CG feedback
-rw-r--r-- | taler-mcig.rst | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/taler-mcig.rst b/taler-mcig.rst index 5c8f9187..57ca4b1f 100644 --- a/taler-mcig.rst +++ b/taler-mcig.rst @@ -190,27 +190,17 @@ are demonstrated in the next section. **claim token** The claim token is a sort of handle on the order and its payment. - With it, the customer can access the fulfillment URI from a different - device than the one where the wallet is installed. - FIXME: that is not the point. The point is that even if the - $ORDER_ID can be guessed, the claim token cannot. Thus, a - merchant can prevent a third party from claiming an order - (by guessing the order ID). Imagine selling concert tickets, - and your order IDs are 1,2,3,4,5,. I could try to hijack other - visitor's orders (before they have a chance to claim them), - using a claim token prevents this. + It is useful when the order ID is easily guessable + (e.g. incrementing serial number), + to prevent one customer hijacking the order of another. + On the other hand, even if the order ID is not easily guessable, + if you don't care about order theft (e.g. infinite supply, digital goods) + and you wish to reduce the required processing (e.g. smaller QR code), + you can safely disable the claim token. By default, Taler creates a claim token for each order. To disable this, you can specify ``create_token`` to be ``false`` in :http:post:`[/instances/$INSTANCE]/private/orders`. - => needs guideance as to when to do this, i.e. when - there is no worry about people 'stealing' orders - compiled by others, either because the order ID is - high-entropy OR [[because there is an infinite supply - and we are not concerned about order-theft attacks - (say by a competitor trying to prevent legitimate - customers from claiming their orders) AND want the - QR code to get smaller / scan more easily.]] **refund deadline** The refund deadline specifies the time after which you will prohibit |