On 21 June 2018, Olivier Maas (Wordline) shared a pre-recorded demonstration in Chrome that featured three APIs being developed at W3C: Payment Request, Payment Handler, and Web Authentication (WebAuthn).
Step 1: Registration. In a first flow, the user logs into a bank account, adds a credit card, and registers (enrolls) a FIDO-compliant security key. Two-factor authentication is used as part of the registration process. The user will reuse the same security key for subsequent payments to the site.
Step 2: Payment. In a second flow, the user is shopping on a merchant Web site and pushes the "Pay" button, which invokes Payment Request API.
From there, the user selects a Web-based payment handler to make the payment. The user has previously registered this payment handler (from the user's bank) with the browser, via the Payment Handler API. The payment handler registration process informs the browser of the payment methods available through the payment handler.
The browser launches the selected payment handler, and the bank invokes two-factor authentication (via the WebAuthN API), requiring a password and the previously registered security key. The user provides the two factors. The payment handler returns payment method information (via the Payment Handler API) to the browser, which returns it (via the Payment Request API) to the merchant.
The pre-recorded video is Copyright © Worldline.
Questions? Please write to the Web Payments Working Group <email@example.com>. Please note this is a publicly archived mailing list.