15:32:22 <RRSAgent> RRSAgent has joined #wpwg
15:32:22 <RRSAgent> logging to http://www.w3.org/2017/08/22-wpwg-irc
15:32:28 <Ian> Topic: Tokenization Task Force
15:33:07 <Ian> agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2017Aug/0013.html
15:33:12 <Ian> Chair: Ian
15:33:22 <Ian> present+
15:33:25 <Ian> present+ oyiptong
15:34:06 <Ian> present+ Simon
15:34:12 <Ian> present+ alyver
15:34:17 <alyver> present+
15:34:22 <Ian> present+ manash
15:35:03 <Ian> regrets+ Roy
15:35:26 <Ian> present+ Ken
15:35:39 <adamR> adamR has joined #wpwg
15:35:40 <Ian> -> https://lists.w3.org/Archives/Public/public-payments-wg/2017Aug/0013.html Agenda
15:35:48 <Ken> Ken has joined #wpwg
15:36:04 <Ian> Wiki updated:  https://github.com/w3c/webpayments-methods-tokenization/wiki
15:36:11 <MANASH_MC> MANASH_MC has joined #WPWG
15:37:21 <Ian> https://github.com/w3c/webpayments-methods-tokenization/wiki#encrypted-card-payment-method
15:37:21 <Ian> https://github.com/w3c/webpayments-methods-tokenization/wiki#encrypted-card-payment-method
15:38:48 <Ian> IJ: (Recap of status)
15:39:03 <Ian> Manash: Should we look at tokenization in the browser?
15:40:06 <Ian> Q. Are browser vendors interested in implementing other payment methods than basic card?
15:40:46 <Ian> Q. If we have the ability to encrypt, could browser encrypt otherwise unencrypted info?
15:41:17 <Ian> Also: Encrypting might be generally useful across payment methods
15:42:34 <Ian> Topic: Encrypted Card
15:44:33 <Ian> Questions:
15:44:33 <Ian>     Are there gateways interested in consuming these encrypted blobs?
15:44:33 <Ian>     Encrypt PAN alone or the entire Basic Card data in the PR API response?
15:44:33 <Ian>     In theory a merchant could refer to multiple gateways, but, for simplicity, should we focus on one initially?
15:44:34 <Ian>     Should merchant pass a gateway key or a reference to such a key (to be fetched by the payment app that does the encryption)? We can leverage existing certificate mechanisms to increase security.
15:46:24 <Ian> IJ: Does this sound interesting?
15:46:55 <Ian> Manash: Are you envisioning a common encryption standard?
15:47:18 <cweiss> cweiss has joined #wpwg
15:47:18 <Ian> https://www.w3.org/TR/WebCryptoAPI/
15:47:21 <oyiptong> q+
15:48:08 <Ian> ack oy
15:48:16 <Ian> IJ: I don't know whether Web Crypto features into this
15:48:25 <Ian> oyiptong: We have not yet discussed how the encryption works
15:48:46 <Ian> oyiptong: I don't know whether web crypto is relevant here. We also talked to browser vendors about implementing this directly
15:49:06 <Ian> IJ: I meant web crypto for web-based payment apps
15:49:27 <Ian> Manash: Suppose that browser has stored card, and cvv is used for auth
15:50:00 <Ian> ...in the user experience you have in mind, will the browser store encrypted card, and pass on to merchant. Then the merchant passes the card data to the gateway directly, or will the merchant need to decrypt.
15:50:08 <Ian> oyiptong: I think encrypted blob is passed on directly to gatewy
15:50:24 <Ian> Mansh: And gateway decrypts.
15:50:27 <Ian> oyiptong: Yes
15:50:55 <Ian> Manash: Browser vendors could also convert card information to tokens
15:51:42 <Ian> IJ: Yes; that sounds like a different payment method
15:51:43 <Ian> q?
15:52:00 <Ian> IJ: Any other ideas / interest in encrypted card method?
15:52:24 <oyiptong> +1
15:52:36 <Ian> ACTION: Olivier to write down an encrypted card proposal
15:52:36 <trackbot> 'Olivier' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., omaas, oyiptong).
15:52:54 <Ian> Topic: Network tokens next steps
15:54:30 <Ian> IJ: How do we proceed? Should we base this on gateway (which has concepts like one-time and expiry) or existing network token spec?
15:54:52 <Ian> Manash: Agreed that one-time is relevant here (both input and output data)
15:55:25 <Ian> ...with the prototype that we are building for Money 20/20 we are hoping to implement in the response format; we'd like to align with our discussions here.
15:55:51 <Ian> ...summary: yes, we would like to work with our colleagues at Amex so that merchant use cases are documented
15:56:00 <Ian> ...and our prototype will give us some clarity on the spec
15:56:17 <Ian> IJ: What time frame do you have in mind?
15:56:39 <Ian> Manash: End of September
15:57:14 <Ian> https://github.com/w3c/webpayments-methods-tokenization/wiki/Network-Tokens
15:57:51 <Ian> ...we would like to experiment, then come back with proposal
15:57:56 <Ian> topic: Next meeting
15:58:38 <oyiptong> wait until the week after?
15:58:43 <alyver> +1 to Sept 5
15:58:43 <Ian> (5 Sep?)
15:58:51 <Ian> Resolved: 5 Sep next meeting
15:58:59 <Ian> RRSAGENT, make minutes
15:59:00 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-wpwg-minutes.html Ian
15:59:10 <alyver> alyver has left #wpwg
15:59:17 <Ian> https://github.com/w3c/webpayments-methods-tokenization/issues
16:07:50 <adamR> adamR has joined #wpwg
16:08:12 <Ian> RRSAGENT, make minutes
16:08:12 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-wpwg-minutes.html Ian
16:08:18 <Ian> RRSAGENT, set logs public
18:22:52 <hober> hober has joined #wpwg
18:27:59 <hober> hober has joined #wpwg
19:32:28 <Zakim> Zakim has left #wpwg
20:39:47 <cweiss> cweiss has joined #wpwg
21:08:00 <mararn1618> mararn1618 has joined #wpwg
21:24:04 <mweksler> mweksler has joined #wpwg
21:37:34 <mweksler> mweksler has joined #wpwg