15:28:56 <RRSAgent> RRSAgent has joined #wpwg
15:28:56 <RRSAgent> logging to http://www.w3.org/2017/07/11-wpwg-irc
15:28:58 <Zakim> Zakim has joined #wpwg
15:29:06 <Ian> Meeting: Tokenization Task Force
15:29:20 <Ian> Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2017Jul/0005.html
15:29:22 <Ian> Chair: Ian
15:29:58 <Ian> present+
15:30:02 <Ian> present+ oyiptong
15:30:05 <Ian> present+ Roy
15:31:54 <Ian> present+ Manash
15:32:03 <Ian> present+ Keyur
15:32:53 <Ian> present+ SimonDix
15:33:18 <Ken> Ken has joined #wpwg
15:34:07 <Ian> present+ Ken
15:34:29 <Ian> topic: Introduction to Simon Dix
15:34:40 <Ian> Simon: Hello! I am at Mastercard and do EMVCo tokenization specs
15:35:20 <Ian> Topic: Updated mission statement
15:35:21 <Ian> https://lists.w3.org/Archives/Public/public-payments-wg/2017Jul/0005.html
15:35:29 <Ian> https://github.com/w3c/webpayments-methods-tokenization/wiki
15:36:09 <MANASH_MC> MANASH_MC has joined #WPWG
15:36:50 <Ian> topic: Keyur updates
15:37:29 <Ian> [We go to webex screen share]
15:37:35 <Ian> Manash: after the call we'll update the wiki
15:38:29 <Ian> [We review diagram]
15:40:16 <Ian> Keyur: In some use cases, payment app may do a step-up authentication (after user has selected card to pay with)
15:40:26 <Ian> ....user may need to authenticate to the payment app
15:41:36 <Ian> Manash: This may be a requirement based on geography, region, scheme
15:42:02 <Ian> Keyur: Payment response is like for gateway tokens, with some additional information.
15:42:22 <Ian> ..token info in the diagram is always "one time use"
15:42:33 <Ian> ...on subsequent checkouts, the payment handler will always involve the payment app
15:42:47 <Ian> ...at least this would be the case for MC tokens for the time being
15:42:57 <Ian> Manash: But this could be extended to recurring transactions.
15:44:41 <Ian> IJ: I suggest saying "Mediator" instead of "paymentHandler" in the diagram
15:47:28 <Ian> q?
15:50:24 <Ian> IJ: We could put acquirer on the left and user between browser and payment app
15:50:25 <Ian> q?
16:02:49 <Ian> q?
16:03:04 <Ian> [We spend some time updating flow diagram]
16:03:31 <Ian> Gateway params page: => https://github.com/w3c/webpayments-methods-tokenization/wiki/gateway_params
16:04:19 <Ian> Please change "CardBrand" to "supportedNetworks'
16:06:31 <Ian> Keyur: Need amount and currency for various reasons.
16:07:21 <Ian> https://w3c.github.io/payment-handler/#the-paymentrequestevent
16:09:08 <Ian> IJ: remove total since that comes from PR API data set
16:09:54 <Ian> Keyur: publicKey is optional in case of network tokens
16:10:33 <Ian> oyiptong: I spoke to Stan (at Stripe) who told me that, at least in the client, they don't need the public key.
16:10:41 <Ian> ...however, some tokenization providers MIGHT need the public key
16:10:49 <Ian> ...to give them flexibility in terms of their infrastruture.
16:11:31 <Ian> ....I think "optional" is fine here
16:11:48 <Ian> Manash: Do we need to plan for tokenization with 3DS 2.0?
16:13:52 <Ian> [Repsonse]
16:13:59 <Ian> Keyur: I think cardholder name can be made optional
16:15:15 <Ian> Keyur: Payment token or instrument token?
16:15:43 <Ian> ...ultimately the token is for payment, so I moved it to "payment token"
16:16:16 <Ian> oyiptong: To me the token represents the instrument, rather than representing "this payment" or "a payment"
16:16:28 <Ian> IJ: What about just "token"?
16:16:33 <Ian> oyiptong: that could work
16:17:00 <Ian> IJ: what is diff between token and cryptogram?
16:17:05 <Ian> Manash: token usually is the DPAN
16:17:40 <Ian> .......you can have N DPANs for a given FPAN
16:18:27 <Ian> IJ: Olivier, did you mean "cryptogram" in your proposal?
16:18:39 <Ian> Oyiptong: Yes, but it may or may not be cryptographically determined.
16:19:44 <Ken> +Q
16:20:16 <Ian> ack Ken
16:20:37 <Ian> Ken: I'd like to advocate for keeping the terms "cryptogram" and "token" separately.
16:20:44 <Ian> ...cryptogram in payments is a well-defined term
16:20:51 <Ian> ...and cuts across tokenized and non-tokenized transactions
16:22:15 <Ian> IJ: Let's define the terms in the wiki!
16:22:32 <Ken> +q
16:25:20 <Ken> +Q
16:25:24 <Ian> IJ: Summary - the gateway and network inputs are (nearly) identical
16:25:29 <Ian> ...the responses look quite different.
16:25:33 <Ian> ack Ken
16:25:44 <Ian> IJ: Do we think this is a single payment method or two?
16:25:52 <Ian> Ken: Thanks Manash and Keyur (and Olivier)
16:26:34 <Ian> ..it could be useful to carve out when we are looking at "what happens in the app" v. "what happens on traditional rails"
16:27:37 <oyiptong> q+
16:30:46 <Ian> IJ: Do merchants tend to accept one type or the other type or both?
16:30:56 <Ian> ...if they are always accepting both, then let's define one identifier.
16:33:26 <Ian> ack oyiptong
16:35:18 <Ian> Ian summary:
16:35:25 <Ian>  - could use some additional definitions and terminology harmonziation
16:35:30 <Ian> - need to figure out 1 or 2 payment methods
16:36:12 <oyiptong> +1
16:36:30 <Ian> ACTION: Olivier and Keyur and Manash to do definitions and terminology harmonization and update the wiki
16:36:30 <trackbot> 'Olivier' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., omaas, oyiptong).
16:36:54 <Ian> Ken: Let's get worldpay and shopify input.
16:36:59 <Ian> ...especially one 1 payment method or 2
16:37:18 <Ian> Topic: Next call
16:37:24 <Ian> proposed: 18 July
16:38:13 <Ian> RRSAgent, make minutes
16:38:13 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/11-wpwg-minutes.html Ian
16:38:17 <Ian> RRSAGENT, set logs public
18:21:10 <zkoch> zkoch has joined #wpwg
18:56:47 <Zakim> Zakim has left #wpwg
21:20:48 <zkoch> zkoch has joined #wpwg