Changes

The only default supported value of <tt>type</tt> at this writing is <tt>email</tt>; the value, in this case, is a verified email address. ==== privacy-protecting receipts ==== To protect user privacy, a receipt can be issued to a user without identifying them by email address. For this purpose, <tt>type</tt> is <tt>directed-identifier</tt>, and <tt>value</tt> is a unique user ID. The unique user ID should be scoped to the app's origin. In other words, a given user will show up as a different userID for each app she purchases. However, if a new receipt is issued to a user for a given origin, then the <tt>directed-identifier</tt> should remain the same. For implementation purposes, it is suggested that the userID be generated either as a random string stored by the marketplace once and kept indefinitely, or deterministically as  HMAC(secret, email || "." || origin) where the secret must be stored indefinitely.