taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit 3bb8e8c374807cb245bbbceff68cbe94e4d6528d
parent f8fbc7437faff3c3523145d27a5053fce7e68f28
Author: Thien-Thi Nguyen <ttn@gnuvola.org>
Date:   Fri, 12 Mar 2021 02:54:30 -0500

rewrite claim token details per CG feedback

Diffstat:

Mtaler-mcig.rst | 24+++++++-----------------


1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/taler-mcig.rst b/taler-mcig.rst
@@ -190,27 +190,17 @@ are demonstrated in the next section.
 
 **claim token**
   The claim token is a sort of handle on the order and its payment.
-  With it, the customer can access the fulfillment URI from a different
-  device than the one where the wallet is installed.
-  FIXME: that is not the point. The point is that even if the
-  $ORDER_ID can be guessed, the claim token cannot. Thus, a
-  merchant can prevent a third party from claiming an order
-  (by guessing the order ID). Imagine selling concert tickets,
-  and your order IDs are 1,2,3,4,5,. I could try to hijack other
-  visitor's orders (before they have a chance to claim them),
-  using a claim token prevents this.
+  It is useful when the order ID is easily guessable
+  (e.g. incrementing serial number),
+  to prevent one customer hijacking the order of another.
+  On the other hand, even if the order ID is not easily guessable,
+  if you don't care about order theft (e.g. infinite supply, digital goods)
+  and you wish to reduce the required processing (e.g. smaller QR code),
+  you can safely disable the claim token.
 
   By default, Taler creates a claim token for each order.
   To disable this, you can specify ``create_token`` to be ``false``
   in :http:post:`[/instances/$INSTANCE]/private/orders`.
-  => needs guideance as to when to do this, i.e. when
-     there is no worry about people 'stealing' orders
-     compiled by others, either because the order ID is
-     high-entropy OR [[because there is an infinite supply
-     and we are not concerned about order-theft attacks
-     (say by a competitor trying to prevent legitimate
-      customers from claiming their orders) AND want the
-     QR code to get smaller / scan more easily.]]
 
 **refund deadline**
   The refund deadline specifies the time after which you will prohibit