hi there
<gildas> can't connect audio at that time
<scribe> ACTION: Ian to find out what feature detection to do for payment_handler
<gildas> ont sure I will be able to join
<gildas> not
ok
<gildas> very very sorry
no worries. Any chance you can do a screencast yourself and share?
Tony: I would agree Hello looks
the best...would be great if the polyfill could work
... we can use different auth technologies under the covers
danny_russell: I like hello since
does facial recognition but falls back to pin
... I've kept 2-factor for USB key
John: Should you get updated
keys?
... support for CTAP?
danny_russell: The key works out of the box wonderfully, we debated whether PWD necessary
IJ: Will there be PIN?
John: Yes
IJ: Which polyfill, Tony, would you be interested in?
danny_russell: digital bazaar's
IJ: Would this work in the ecosystem in practice (e.g., given regulation around storage of credentials)?
Tony: I was wondering the same
questions as Ian
... Have you implemented other flows besides redirect?
... embedded flow?
Danny: OpenBanking is all about
the redirect
... I've also looked at the berlin group api
... starling has a long-running auth
... because I'm a trusted beneficiary simpler
OlivierM: You need to be able to fall back to PIN if biometric doesn't work
danny_russell: If we get an error, we fall back to SMS
OlivierM: Regarding Yubico, how
do you imagine bringing 2FA in solutions.
... will keys support biometrics?
John: We have not discounted biometric.
Tony: You can also do PIN with Yubico devices
Olivier: We added a message to
let people know they have registered a payment handler. We
found it disturbing to have no feedback.
... in our demo we use a hardware token
... so we have a process of enrollment shown in the demo
... step one (enrollment) took place on the banking web
site
... step two is the transaction
... the demo shows password then hardware token
... we combine PR API, PH API, and WebAuthN
IJ: any hurdles you encountered?
Olivier: No, not really
TonY: Which browsers?
Olivier: Just chrome
danny_russell: Like the
demo!
... I found the web authn standard difficult to follow
... I needed MS's samples
... and FF's samples
... and google's samples
... I had to reverse engineer from the sample code
Tony: Good feedback. We are getting ready to go to PR.
danny_russell: A sequence diagram
would have helped me
... those samples were really helpful to debug
... webauthn is about splitting bit arrays, some are base64
encoded, etc.
... so I needed to use debugging side-by-side etc
Olivier: I chatted with Liam who
is muted due to World Cup ;)
... Liam agrees that without sample code would have been
difficult
Tony: Good feedback for me and John
IJ: what other payment methods are you looking to experiment with?
Olivier: implementing wallets
(paylib)
... also wallets for belgium banks
... tokenization and encryption
... in this demo we wanted to illustrated how it would work for
the bank to create a payment handler
... how you enroll the customer as well
... the first time this window pops up for users it can
surprise users
... want to avoid scaring pop-ups and surprising redirects
danny_russell: I think the firefox messaging around web auth in the message bar was effective
IJ: Chrome 68 will have payment handler and webauthn
danny_russell: We have invoked basic card on Edge as well.
adrianhb: Does chrome payment handler support include basic-card?
Ian: I think so (based on Rouslan comment at some point)
adrianhb: handlers can do webauthn and return a virtual card
tony: In your webauthn demos you were pre-registered.
adrianhb: The use case I'm interested in is the bank does auth and the bank is also issuer of a payment handler
tony: +1
Tony: I would like to understand
some of the comments in more detail on spec usability
... all other comments on the APIs welcome (as we are in
CR)
... e.g., error conditions, etc.
... also want to look more into Edge demo to be able to do the
web authn demo
... possibly using polyfill
danny_russell: I can force it with "If Edge"
Tony: +1
IJ: I will look into feature
detection for payment handler
... I will also work on getting the video together
AdrianHB: It would be great (with chair hat on) for people to publicize what can be done with these APIs
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/the director/the redirect/ Present: DannyRussell Liam Olivier JonathanG JohnFontana Denis Tony adrianhb Regrets: DaveTonge zkoch No ScribeNick specified. Guessing ScribeNick: Ian Inferring Scribes: Ian WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: ian WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]