These flows all feel very dangerous to me because they potentially allow a site to access information about me that I have not explicitly allowed.
Take the web hosting example; naively if I visit any site hosted by that company, can they detect that I have an account and am logged in to my hosting account? That feels like a dangerous amount of leakage, and you're relying on the hosting website to make the correct restrictions rather than having it structurally embedded in the user agent.
The shared payment system feels even worse -- is it then possible for a random website to get a payment through this system, or extract information about my payment account?
Take the web hosting example; naively if I visit any site hosted by that company, can they detect that I have an account and am logged in to my hosting account? That feels like a dangerous amount of leakage, and you're relying on the hosting website to make the correct restrictions rather than having it structurally embedded in the user agent.
The shared payment system feels even worse -- is it then possible for a random website to get a payment through this system, or extract information about my payment account?