Would it be possible taking a step back and return to the question which unfortunately created this tornado of moderately entertaining e-mails?
https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0166.html Since payment resources regardless if they reside in the browser, platform, or in the cloud do not have any a priori relation with merchants it seems that SOP isn't really applicable to Web Payments? It would be great if the yet to be launched Web Payment WG which is supposed to produce a Browser Payment API in the coming 6-18 months got some input in advance on this matter from the Web Architecture community. - Anders
