13:51:25 <RRSAgent> RRSAgent has joined #wpwg
13:51:25 <RRSAgent> logging to http://www.w3.org/2016/10/27-wpwg-irc
13:51:27 <trackbot> RRSAgent, make logs public
13:51:27 <Zakim> Zakim has joined #wpwg
13:51:29 <trackbot> Zakim, this will be
13:51:29 <Zakim> I don't understand 'this will be', trackbot
13:51:30 <trackbot> Meeting: Web Payments Working Group Teleconference
13:51:30 <trackbot> Date: 27 October 2016
13:51:41 <Ian> Ian has changed the topic to: 27 Oct agenda -> https://github.com/w3c/webpayments/wiki/Agenda-20161027
13:51:43 <Ian> agenda: https://github.com/w3c/webpayments/wiki/Agenda-20161027
13:54:31 <betehess> betehess has joined #wpwg
13:55:05 <MattS> MattS has joined #wpwg
13:58:09 <rouslan> rouslan has joined #wpwg
13:58:31 <Ian> present+ Ian
13:58:41 <Ian> regrets+ dlongley
13:59:06 <MattS> present+ MattS
13:59:14 <rouslan> present+ Rouslan
14:01:06 <adamR> adamR has joined #wpwg
14:01:19 <Ian> doh
14:01:23 <Ian> sorry on the wrong room
14:01:24 <Ian> arriving
14:02:37 <adamR> present+ adamR
14:02:37 <Ian> present+ Alexandre
14:02:52 <Ian> regrets+ NickTR
14:03:03 <zkoch> zkoch has joined #wpwg
14:03:12 <zkoch> present+ zkoch
14:03:17 <betehess> present+ betehess
14:03:28 <Ian> present+ Pascal
14:03:43 <alyver> alyver has joined #wpwg
14:03:57 <Ian> topic: Money 20/20
14:04:07 <Ian> https://www.money2020.com/sessions/part-2-one-click-buying-new-w3c-standards-for-web-payments
14:04:37 <MaheshK> MaheshK has joined #wpwg
14:05:11 <Ian> present+ Mahesh
14:05:13 <ShaneM> present+ ShaneM
14:05:25 <Ian> topic: Detecting support for payment methods / apps
14:05:36 <adamR> Is Ian talking?
14:05:46 <adamR> I’ll have to reconnect
14:05:56 <pascal_bazin> Sorry I cannot join. Technical issues with audio.
14:06:05 <zkoch> Oh, interesting. I also hear nothing
14:06:11 <zkoch> hah
14:06:18 <zkoch> Reconnecting..
14:06:29 <Ian> https://github.com/zkoch/zkoch.github.io/blob/master/pr-detect-avail.md
14:06:42 <Ian> Zach, let me know when you are back
14:06:53 <Ian> present+ Andre
14:06:58 <adamR> rouslan: Can you hear Ian?
14:07:15 <rouslan> adamR: I can't hear anyone except beeps
14:07:16 <Ian> present+ Ken
14:07:32 <adamR> Okay, it looks like the VoIP stuff is flat out not working
14:07:32 <zkoch> No one can hear anyone
14:07:49 <adamR> I bet pascal_bazin can’t hear either
14:07:59 <pascal_bazin> no  I can't
14:08:02 <zkoch> just hear dyou
14:08:16 <zkoch> i hear rouslan
14:08:18 <adamR> well, it looks like we effecitvely have two bridges
14:08:23 <adamR> One for everyone on voiip
14:08:25 <pascal_bazin> I hear rouslan
14:08:27 <adamR> and one for everyone on the phones
14:08:30 <Ian> weird
14:08:32 <adamR> And they’re not connected to each other
14:08:48 <Ian> Let me kill the webex and start again
14:08:52 <Ian> sorry
14:09:12 <pascal_bazin> I hear Ian from time to time
14:10:27 <zkoch> ::hears things::
14:10:52 <Ian> https://github.com/zkoch/zkoch.github.io/blob/master/pr-detect-avail.md
14:11:05 <Ian> scribe: Ian
14:11:15 <Ian> zkoch: There are different use cases....
14:11:34 <Ian> ...I only want to call PR API if there is ANY form of payment available
14:11:44 <Ian> ...up to "I want to know all the payment methods that are supported"
14:12:17 <Ian> ...for privacy reasons, we don't want to leak information. We don't have information about merchants which could be a form of trust relationship.
14:12:25 <Ian> Proposal is for canMakeActivePayment()
14:12:44 <Ian> ...to avoid privacy issues, it is available once per origin in a window of time
14:12:54 <adamR> q+
14:13:22 <Ian> ack ad
14:13:26 <Ian> regrets: AdrianHB
14:13:35 <ShaneM> present+ ShaneM
14:13:38 <Ian> adamR: Regarding time-bound --- per origin across all windows/tabs?
14:13:43 <Ian> zkoch: Yes, generally.
14:13:53 <MaheshK> q+
14:14:08 <Ian> AdamR: Minor suggestion - allow it to be called with exactly the same payment types as quickly as possible
14:14:29 <Ian> ...if people are doing multiple transactions in multiple tabs, allow them to call for exactly the same payment methods
14:14:40 <Ian> ...I think the devil in the detail here will be what the time period is.
14:14:46 <dezell> dezell has joined #wpwg
14:14:55 <Ian> ...it might have to be on the order of 10s of minutes or hours to be effective as anti-fingerprinting
14:14:58 <Ian> zkoch: +1
14:15:28 <Ian> IJ: Please clarify - can you specify individual payment methods?
14:15:29 <dezell> Present+ dezell
14:15:35 <alyver> q+
14:15:39 <Ian> zkoch: Yes, via the instantiated payment request object
14:15:43 <Ian> ack Mah
14:16:18 <Ian> MaheshK: I agree with the background and requirements...we discussed a bit last week
14:16:35 <Ian> ...on this specific proposal I have a question - PR API can be called from an iframe
14:16:47 <Ian> ...so this new proposed API can be called from an iframe
14:17:03 <Ian> ...so a limit of one-per origin might not work...if multiple iframes are created and deleted
14:17:25 <Max> Max has joined #wpwg
14:17:35 <Ian> ...if merchants really want to, say, show two buttons but prioritize them and call the API twice, what would be the biggest issue
14:18:01 <Ian> zkoch: This proposal is that there is no definitive way to know for sure whether the user has a particular payment method instantiated.
14:18:23 <Ian> ...I don't think it makes sense to throw in the towel too quickly
14:18:46 <Ian> ...I recognize that there are some immediate needs..but I don't see the value for PR API of making it easy to provide multiple "buy with" buttons on sites
14:19:16 <Ian> ..regarding the multiple iframe risk, I think that is complex...and we can also look at limiting the API to the parent origin
14:19:22 <Ian> ack al
14:19:37 <adamR> +1 on associating with the top-level origin
14:19:44 <Ian> alyver: I think this is a huge step in the right direction. I see one problem from a Shopify perspective - lots of merchants come from the same origin
14:19:58 <rouslan> q+ to talk about shopify usecase
14:20:07 <Ian> ...so problem if a shopper is shopping on multiple shopify sites
14:20:15 <Ian> rouslan: In this case, is there an iframe in the site?
14:20:24 <Ian> alyver: No, the user is redirected
14:20:47 <Ian> rouslan: I think the answer lies in a cookie regarding availability of PR API
14:20:58 <Ian> ...the time boxing is per user
14:21:11 <Ian> alyver; but if the user is at multiple Shopify stores....
14:21:21 <Ian> rouslan: Just check the cookie
14:21:40 <Ian> zkoch: I will think more about this...cookies is one idea
14:22:05 <Ian> alyver: We do have merchants that use their own domains, but others still using the same domain
14:22:05 <Ian> q?
14:22:16 <Ian> ack rous
14:22:16 <Zakim> rouslan, you wanted to talk about shopify usecase
14:22:52 <Ian> zkoch: I am hearing "positive direction"
14:23:14 <Ian> MaheshK: Let's discuss further offline
14:23:39 <Ian> ACTION: zkoch to flesh out the proposal additionally, with more info about iframes, time window, Shopify use case
14:23:40 <trackbot> Created ACTION-39 - Flesh out the proposal additionally, with more info about iframes, time window, shopify use case [on Zach Koch - due 2016-11-03].
14:24:02 <Ian> IJ: Mahesh, are you happy with the direction?
14:24:19 <Ian> Maheshk: Yes, if I can talk with Zach and see if we can consolidate the proposals
14:24:45 <Ian> IJ: Put on agenda for next week's call?
14:24:53 <Ian> zach: Yes, maybe not PR ready yet
14:24:57 <Ian> q?
14:25:01 <MaheshK> Forgot to ask one last question, zkoch: this proposal targeting spec 1.0?
14:25:08 <zkoch> Yes
14:25:28 <Ian> zkoch: Yes, I think this has come up a lot
14:25:38 <Ian> (No Roy)
14:25:52 <Ian> Topic: Push payments
14:25:54 <Ian> https://github.com/w3c/browser-payment-api/pull/292/commits/af2d188ee7df21e9a8f35e57a73f828dc96d7923
14:27:20 <zkoch> q+
14:27:26 <Ian> ack zkoch
14:27:39 <Ian> zkoch: Editors discussed this week
14:27:56 <Ian> ...some of what AdrianB and I expressed (which we will also do via github)
14:28:10 <Ian> ...I recognize the use case.
14:28:23 <Ian> ...I am concerned about who is going to use the URL
14:28:40 <Ian> ...not clear who uses the URL
14:29:17 <Ian> ...seems also more request on the backend...unlike the payment request that comes back through the mediator, we don't have any control over the data that is sent back to the end point designated by the URL
14:29:25 <Ian> ...you don't have the benefit of payment request normalization
14:29:46 <Ian> ...also, AdrianB thought that the mediator should not create the transaction ID...rather pass it in from the merchant
14:29:55 <adamR> q?
14:29:57 <adamR> q+
14:30:10 <Ian> ack ad
14:30:10 <ShaneM> yes...  my original concept was that the merchant would generate an ID that meant something to them
14:30:28 <Ian> adamR: What is the perceived advantage of merchant-generated?
14:32:07 <Ian> https://www.w3.org/2016/10/18-wpwg-push-minutes.html
14:32:32 <MaheshK> q+ to point out may be an adv. of merchant-generated
14:32:33 <adamlake> adamlake has joined #wpwg
14:32:56 <Ian> ack Mah
14:32:56 <Zakim> MaheshK, you wanted to point out may be an adv. of merchant-generated
14:32:58 <alyver> q+
14:33:16 <MattS> q+
14:33:16 <Ian> adamR: My argument against merchant-generated was that merchants would have to do more
14:34:00 <Ian> MaheshK: There is an advantage to merchant-generated...e.g., merchant has integrated PayPal India
14:34:20 <adamR> q+
14:34:24 <Ian> ....the server understands the ID...when the button is integrated to the web site...merchant calls API from paypal and sends ID...
14:34:37 <Ian> ..so having the browser generate the ID means paypal india has to make changes
14:34:59 <Ian> q?
14:35:07 <Ian> ack alyver
14:35:23 <Ian> alyver: I think Ian is remembering an Andre/Ian conversation
14:35:54 <Ian> ...when is the ID returned by browser to the merchant...if returned "later" then there could be failure that causes merchant to not get it
14:36:22 <Ian> ...my initial preference was for the merchant to generate the ID...I think that many merchants are used to doing that
14:36:30 <Ian> ...e.g., Shopify creates IDs for merchants
14:36:38 <Ian> ...but other merchants almost always have to send a merchant transaction ID
14:36:40 <Ian> ack matt
14:36:52 <Ian> MattS: I agree with what has been said today. Some additional considerations:
14:37:10 <Ian> ...possibility for optionality..how can you guarantee that merchant scope does not interfere with another merchant's scope
14:37:34 <Ian> ....it's often useful to map IDs to a transaction. E.g., SEPA has concluded you may need multiple transaction IDs.
14:37:53 <Ian> ...so that would favor BOTH: optional merchant and mandatory browser-generated
14:38:06 <Ian> (IJ thinks you could scope ID by origin)
14:38:32 <Ian> MattS: You could argue that the merchant generated ID (optional) is method specific, which is how it's modeled for SEPA
14:38:52 <Ian> ...I like having a browser generated standard, but not everyone will be able to use it (or need to)
14:38:52 <Ian> q?
14:38:54 <Ian> ack ad
14:39:04 <Ian> adamR: +1 to MattS
14:39:15 <Ian> ====
14:39:18 <Ian> Summary:
14:39:30 <Ian>  - There are use cases for merchant-generated IDs
14:39:36 <Ian>  - Merchants often generate IDs already today
14:39:47 <Ian> - If they generate, then there's a scope issue on the server side (e.g., might be managed through origin information)
14:41:00 <Ian> IJ: If people do this all the time and scoping is possible, then is there a remaining big value to user agent generated
14:41:39 <Ian> IJ: Server could append origin information
14:42:26 <Ian> IJ: Are your concerns assuaged?
14:42:37 <Ian> MattS: I haven't thought through all the use cases..
14:42:45 <Ian> ...my gut thinks it is still useful to have both
14:43:04 <Ian> ...but I agree an ID is needed
14:43:07 <Ian> q?
14:43:18 <Ian> ACTION: Ian to point Roy and the editors at the discussion
14:43:18 <trackbot> 'Ian' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., ijacobs, ijmad).
14:44:11 <Ian> Topic: ISO 20022 data type alignment for basic card terms
14:45:04 <Ian> MattS: As part of SEPA / Credit Transfer spec work, we have aligned work with the SEPA standard...we've also done some work to map those terms back to ISO 20022 terms (which are less Web-friendly)
14:45:12 <Ian> ...we have not yet updated the Credit Transfer specification
14:45:28 <Ian> ...we also were wondering whether to do that mapping for Basic Card
14:45:37 <Ian> ...Kris is going to take the lead on this
14:46:03 <Ian> ..this may change nothing as far as implementation, but small changes might be possible to make life easier.
14:46:17 <Ian> ....one example....CVC is called "Card Security Code" in the specification
14:46:40 <Ian> ...my suggestion is that we align the terms...we've not done that yet but it's the plan
14:46:58 <adamR> +1 to consistency :)
14:47:41 <Ian> Topic: Upcoming meetings
14:47:48 <Ian> 3 Nov - TIME CHANGE
14:48:11 <Ian> Europeans heads-up!
14:48:43 <Ian> Topic: Upcoming FTF
14:48:52 <Ian> IJ: No progress on my action to write up a proposal
14:49:09 <Ian> Topic: Where are we?
14:49:29 <Ian>  - PR API issues
14:49:34 <Ian> ...query by merchant
14:49:39 <Ian> ...pending updates to PMI
14:49:52 <Ian> - Push payments
14:49:58 <Ian> ...we have a concrete proposal
14:50:03 <Ian> - Payment apps
14:50:11 <Ian> ...awaiting reviews from Max and Zach
14:50:45 <Ian> ...spec is evolving
14:50:59 <Ian> - Test suite
14:51:40 <Ian> - Basic Car
14:51:44 <Ian> ...alignment on terms
14:52:00 <Ian> IJ: Any other topics on people's minds I forgot?
14:52:24 <Ian> rrsagent, make minutes
14:52:24 <RRSAgent> I have made the request to generate http://www.w3.org/2016/10/27-wpwg-minutes.html Ian
14:52:26 <Ian> rrsagent, set logs public
14:52:39 <alyver> alyver has left #wpwg
15:01:59 <mountie> mountie has joined #wpwg
15:17:25 <betehess> betehess has joined #wpwg
15:47:34 <betehess> betehess has joined #wpwg
15:48:27 <betehess_> betehess_ has joined #wpwg
16:00:06 <adamlake> adamlake has joined #wpwg
16:52:39 <Zakim> Zakim has left #wpwg
17:09:59 <betehess> betehess has joined #wpwg
17:25:30 <betehess_> betehess_ has joined #wpwg
19:15:59 <betehess_> betehess_ has joined #wpwg
19:19:21 <adamlake> adamlake has joined #wpwg
20:20:30 <shepazu> shepazu has joined #wpwg
20:31:56 <shepazu_> shepazu_ has joined #wpwg
20:40:20 <betehess> betehess has joined #wpwg
21:03:17 <adamlake> adamlake has joined #wpwg
21:29:14 <adamlake> adamlake has joined #wpwg
23:22:32 <betehess> betehess has joined #wpwg
23:22:54 <mountie> mountie has joined #wpwg
23:27:46 <betehess_> betehess_ has joined #wpwg
23:59:44 <adamlake> adamlake has joined #wpwg