Things I did:
- Ping Apple to learn about encryption of their ApplePay.js responses
- Ping W3C staff for an example of leveraging crypto and how to specify inputs, etc.
Peter: No progress
(Ian and Peter continue their actions)
https://w3c.github.io/webpayments-methods-tokenization/index.html
IJ: I did an update
=> moved from https://github.com/w3c/webpayments-methods-tokenization/wiki/Tokenized-Card
IJ: I propose we close 28
stpeter: thanks
... +1 to closing 28
Manash: I hope to have an example response by our next meeting.
IJ: what do people have as a
vision for the FTF meeting?
... e.g., working prototype?
Manash: For that we'd need a spec
ready for FPWD
... we wanted to create a completely working prototype
IJ: Could we use a URL-based id for now?
Manash: We'd like to create an
end-to-end prototype
... we'd like to get the *Pay orgs into the conversation
IJ: What are the priority issues
to address, Reviews to get, details to examine between now and
April?
... e..g., 5 weeks to close issues
... 1 week to get WG review
... discuss at FTF meeting
Manash: with respect to the open
issues on our side (1) token crypto types
... I'll work with Keyur to clarify that.
... and (2) response data example
... would also be interesting to get a sample response from
Amex team as well
Ken: Yes, we can do that.
... I get the sense that we've heard from browsers except from
Apple
PROPOSED:
* Schedule tokenization discussion for 8 March WPWG call...get key people to attend
tokenization issues => https://github.com/w3c/webpayments-methods-tokenization/issues
encryption issues => https://github.com/w3c/webpayments-crypto/issues
Manash: Someone should take
ownership of what we should do re: public key encryption (and
align with *Pay)
... I am happy to take an action to compare our response data
model with those from *Pay's to help get alignment
<scribe> ACTION: Manash to analyze response data models from ApplePay, GooglePay, SamsungPay to compare with tokenization response data model
<trackbot> Created ACTION-84 - Analyze response data models from applepay, googlepay, samsungpay to compare with tokenization response data model [on Manash Bhattacharjee - due 2018-02-20].
<scribe> ACTION: Ian to schedule 8 March discussion of the tokenization proposal and wrangle participation from various vendors
<trackbot> 'Ian' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., IFSF-EFT-WG-Lead, ijacobs, ijmad).
Ken: Who will reach out to Visa
to get their review?
... will Discover review it as well?
Kristina: I'm going to look internally at getting review (will check with Amanda)
Ian: I will include outreach to Visa in the planning of an 8 March call
Three pieces:
* CanMakePayment() token characteristics in the request data
* Response data model
* Encryption
* Get reviews
Summarizing actions:
- manash/keyur on canMakePayment() + response model comparisons
- peter and Ian re: encryption good practice
- Ken + Kristina for reviews
- Ian to organize 8 march call and gather participants
stpeter: Looking through the
issues and thinking about tokenization while out last
week...there are various kinds of tokens that people talk
about
... it seems that the tokenization spec is focused on issuer
tokens
... and the encryption spec talks about encrypting data to the
processor
... it would be helpful for us to more clearly describe in the
tokenization spec what the intention is,
and what the landscape of tokens is
scribe: it would also help us keep front of mind what assumptions we have in mind
[discussion of scope]
IJ: currently limited to network (issuer) tokens based on history of discussion
stpeter: Is there a possibility
of multiple encryptions?
... we need to be crisper about the architectural expectations
so we know what entities are involved in those operators
Tuesday, 27 Feb