01:54:41 RRSAgent has joined #wpwg 01:54:41 logging to https://www.w3.org/2018/10/23-wpwg-irc 01:56:02 rrsagent, bye 01:56:25 rrsagent, this meeting spans midnight 04:24:47 dlehn has joined #wpwg 04:38:29 agektmr has joined #wpwg 04:39:02 agektmr has joined #wpwg 04:40:48 Eiji has joined #wpwg 04:58:21 marcosc has joined #wpwg 05:00:24 dlehn has joined #wpwg 05:03:32 canton has joined #wpwg 05:03:32 pea13 has joined #wpwg 05:48:04 pranjal has joined #wpwg 06:01:01 marcosc has joined #wpwg 06:10:59 marcosc has joined #wpwg 06:11:58 Zakim has left #wpwg 06:12:41 marcosc has joined #wpwg 06:18:59 marcosc has joined #wpwg 06:19:25 QingAn has joined #wpwg 06:22:41 pranjal has joined #wpwg 06:30:48 Giulio has joined #wpwg 06:32:13 Rouslan has joined #wpwg 06:32:30 horiuchi has joined #wpwg 06:33:23 horiuchi has joined #wpwg 06:45:22 Zakim has joined #wpwg 06:45:27 Meeting: Web Payments Working Group 06:45:31 Chair: NickTR 06:45:37 Scribe: Ian 06:47:28 marcosc has joined #wpwg 06:50:13 SofianeB has joined #wpwg 06:54:44 cwarnier has joined #wpwg 06:56:39 takashi has joined #wpwg 06:58:13 Herve_Robache has joined #wpwg 06:58:21 present+ 06:58:34 Krystosterone has joined #wpwg 06:59:14 mikeo has joined #wpwg 06:59:17 CyrilV has joined #wpwg 06:59:21 present+ 06:59:28 Yaohua_Wu has joined #wpwg 07:00:19 present+ 07:02:38 estes has joined #wpwg 07:03:34 horiuchi has joined #wpwg 07:03:46 Lin_Li_ has joined #wpwg 07:03:47 vkuntz has joined #wpwg 07:04:03 horiuchi has joined #wpwg 07:04:42 present+ Vincent_Kuntz 07:06:25 present+ 07:06:57 AdrianHB has joined #wpwg 07:07:02 Topic: Agenda bash and welcome 07:07:09 mdadas has joined #wpwg 07:07:14 NickTR: Welcome WebAuthN WG! 07:07:15 present+ Mohammed 07:07:24 present+ AdrianHB 07:07:38 bryanluo has joined #wpwg 07:08:24 frank has joined #wpwg 07:08:46 [We do agenda review] 07:09:01 How many people going to the AC meeting? 07:09:05 (12 or so) 07:09:14 present+ 07:09:37 present+ 07:09:43 present+ 07:09:48 gildas has joined #wpwg 07:09:49 present+ 07:09:49 bryanluo has joined #wpwg 07:09:50 jonathan has joined #wpwg 07:09:50 dezell has joined #wpwg 07:09:51 MattS has joined #wpwg 07:09:53 present+ gildas 07:09:54 present+ 07:09:56 Dongwoo has joined #wpwg 07:09:58 Bastien has joined #WPWG 07:09:58 present+ 07:10:00 present+ dezell 07:10:00 JeffW has joined #Wpwg 07:10:00 present+ BryanLuo 07:10:00 present+ MattS 07:10:01 present + 07:10:04 halo has joined #wpwg 07:10:04 phila has joined #wpwg 07:10:05 present+ 07:10:06 MattPi has joined #wpwg 07:10:06 Marek has joined #WPWG 07:10:08 present+ 07:10:11 present+ 07:10:16 Present + 07:10:16 present+ Marek_Kurylko 07:10:18 Cheryl has joined #wpwg 07:10:21 jyrossi has joined #wpwg 07:10:21 present+ 07:10:28 nage has joined #wpwg 07:10:36 Rolf has joined #wpwg 07:10:42 present+ Jean-Yves_Rossi 07:10:49 present+ Nathan_George 07:10:54 present+ 07:10:55 Chris_Michael has joined #wpwg 07:10:59 ken has joined #wpwg 07:11:01 present+ 07:12:14 present+ Ken Ebert 07:12:19 carol has joined #wpwg 07:13:35 marconi has joined #wpwg 07:13:47 present 07:15:02 Rouslan has joined #wpwg 07:15:08 Ken_ has joined #wpwg 07:15:12 present + 07:15:29 Rolf_ has joined #wpwg 07:15:31 present+ 07:16:44 Roy_ has joined #wpwg 07:16:46 present+ 07:16:53 present+ Roy 07:17:19 bryanluo has joined #wpwg 07:17:35 q+ 07:18:01 AdrianHB has joined #wpwg 07:18:30 JeffW has joined #WPWG 07:19:58 bryanluo has joined #wpwg 07:20:19 AdrianHB has joined #wpwg 07:21:53 nage has joined #wpwg 07:22:03 mweksler1 has joined #wpwg 07:22:20 horiuchi has joined #wpwg 07:22:20 ack estes 07:22:54 ian: presents slides 07:23:54 anthony: can wrap up attestations as signals 07:24:02 Mark_Cline has joined #wpwg 07:24:07 ian: can that be done without registation? 07:24:21 Manoj has joined #wpwg 07:24:21 Zouhir has joined #wpwg 07:24:27 present+ 07:24:46 present+ 07:25:02 scribeassist: Adrianhb 07:25:06 horiuchi_ has joined #wpwg 07:25:15 IJ: It would be useful to tease out use cases 07:25:28 Present+ Michel_Weksler 07:25:49 John: There is a spec in dev at IETF called "Token Binding" which binds a token to a user agent 07:26:21 ... this covers use cases similar to how cookies are used today 07:27:14 ... there is a bit more of an ecosystem that we can consider in evaluating if WebAuthn addresses our use cases 07:27:54 [ian covers additional ideas slide] 07:28:14 SofianeB has joined #wpwg 07:28:42 IJ: A device data api could provide data in a controlled and verifiable manner with user consent 07:28:57 ... also vouched for as accurate by UA 07:30:09 wanli_yang has joined #wpwg 07:30:54 Rolf: Why consider additional ideas before we have precluded Web Authn? Also, this is easily spoofable and nowhere near as valuable as cryptographically signed and attested data 07:31:04 Hwchaixx has joined #wpwg 07:31:25 IJ: Didn't mean to preclude WebAuthn. Keen to discuss further 07:32:05 John: One of the biggest challenges that Web Authn solves for is protection of private keys which can't work if the same key is simply distributed with all browsers 07:32:37 [Ian explains user confidence score] 07:32:55 mweksler1 has joined #wpwg 07:33:05 q+ 07:33:08 Rolf: We know there many risk signals but the reality is they are all very weak and easy for an attacker to spoof 07:33:41 ... they are also very noisy. Strong signals require cryptography 07:34:16 ... it is essential to bootstrap the trust using keys rooted in hardware 07:34:37 IJ: What if the data is signed by Google.com? 07:34:54 mdadas has joined #wpwg 07:35:05 Rolf: It's impossible to do this with software alone? 07:35:30 jfontana has joined #wpwg 07:35:58 MWeksler: Even a server based solution can be compromised because it could be queried by a compromised browser 07:36:48 mdadas_ has joined #wpwg 07:36:56 NickTR: The challenge we have in the payments industry is a balance between getting strong signals and reducing friction 07:37:33 q? 07:37:33 SofianeB has joined #wpwg 07:38:02 Rolf: It would be useful to separate the bootstrapping discussion from the friction discussion. 07:38:04 sangrae has joined #wpwg 07:38:11 Marek_ has joined #WPWG 07:38:24 Anthony: There are actually already a lot of existing platform authenticators out in the world already 07:38:24 espadrine has joined #wpwg 07:38:30 q? 07:40:37 John: We are also looking at using parts of WebAuthn to attest which application is making calls to services 07:40:43 ... so there are other things like this that may be useful 07:40:58 ack "EAT" 07:41:03 EAT work in IETF 07:41:10 Athony: IETF also working on the Entity Attestation standard 07:42:05 q? 07:42:21 ackmweksler 07:42:24 Mark_Cline_ has joined #wpwg 07:42:35 carol__ has joined #wpwg 07:42:35 s/ackmweksler// 07:42:37 mweksler: In my mind the Javascript sniffing is the current way to do "attestations" in the absence of anything better. However even with Web Authn we still have an issue with enrollment. 07:42:42 ack m 07:42:48 q+ 07:42:52 3DS may be the solution 07:43:12 vkuntz has joined #wpwg 07:43:15 present+ 07:43:27 horiuchi has joined #wpwg 07:43:49 mweksler1 has joined #wpwg 07:44:24 pengxing has joined #wpwg 07:44:39 jonathan has joined #wpwg 07:45:58 scribe: Ian 07:47:25 ack Ken_ 07:49:41 IJ: Let's walk through scenarios 07:50:00 Jonathan: We walked through some scenarios yesterday, talking about tokenization and consumer authentication 07:50:11 ...having the possibility to leverage WebAuthn is great 07:50:28 ...I'm sure that we can walk through different possibilities to leverage WebAuthn 07:50:40 ...one easy example: auth results are fed into the 3DS protocol 07:50:51 ...that would avoid the issuer (re-)authenticating the consumer. 07:51:04 ...that's one way to combine 2-factor auth with risk analysis 07:51:39 ...I think we have a lot of foundations with the WebAuthn and FIDO work ... even if more work needs to be done on how concretely to feed into the rails. 07:51:47 horiuchi_ has joined #wpwg 07:51:52 ...Ian made a second comment on other signals from the browser. 07:52:11 ...outside of WebAuthn discussion merchants may know the consumer (e.g., the user is logged in and there's a history of successful transactions) 07:52:21 ...that's a big asset from the issuer to get that data. 07:53:08 ...today that exists as a user signal, but we've had the idea that the browsers also know the users and perhaps they can provide that confidence signal instead of merchants 07:53:12 AdrianHB has joined #wpwg 07:53:18 BrianP: We need to separate the authentication into the endpoints 07:53:25 ...we look at issuer view and merchant view 07:53:46 ..what the merchant knows, unless and until it's known by the issuing bank, the bank needs to know whether to transfer the funds 07:54:29 Tony: Do you care about the provenance of the authentication, where it happened? 07:54:29 falken has joined #wpwg 07:54:37 Tony: Do you care about the freshness of the authentication? 07:54:49 ...are there transitions (e.g., of lower value) that don't require freshness? 07:54:58 ...I also understand you are interested in offline situations 07:55:01 ...is that correct? 07:55:22 ...are there transactions where all you need to do is check the freshness? 07:55:32 Jonathan: Would you still capture the auth and send through the network in this case? 07:55:42 Jonathan: Note that under PSD2 no auth required under 30 Euros 07:56:03 ...is putting fingerprint on phone considered friction? 07:56:13 ...can it be avoided in some cases (e.g., under 30 Euros) 07:56:23 Tony: We don't have silent authenticators in WebAuthn 07:56:33 ...that is no gesture required 07:56:58 ...we have those in FIDO but not in WebAuthn yet because things happen in the browser and people may not want signature to happen e.g., due to injected JS 07:57:15 huangweichai has joined #wpwg 07:57:34 ...we ARE looking at other means to provide time-based or similar something that let's you do confirmation without doing the gesture (e.g., you've already authenticated and it's less than 2 minutes later) 07:58:06 Jonathan: If you really want issuer to take this into account you need to capture the gesture. ...but agree that "recently authed" is an interesting possibility. 07:58:19 Jonathan: but some regulation require auth when you see the final amount 07:58:32 ...PSD2 will want you to authenticate only upon seeing the total 07:58:33 q? 07:59:30 q+ 07:59:34 ack nick 07:59:58 NickTR: First, thanks everyone. We've been talking mostly about cards here, but there's also a lot of non-card payments 08:00:17 ...some technologies related to offline (e.g., Alipay and WeChat Pay) are push...they are using web technology for physical world payments 08:00:32 ...the Web is becoming a transport network for all sorts of payments. 08:01:01 Ken_ has joined #wpwg 08:01:14 ....3DS2 asks for a lot more data (than 3DS1) 08:01:32 ...this conversation kicked off for us at our last FTF meeting where there were concerns expressed about the amount of data 08:01:44 q+ 08:01:49 ack Ken 08:02:03 Ken: +1 let's keep offline as not a priority 08:02:44 q+ 08:03:13 Tony: We are also talking about lifecycle issues (e.g., what to do when device is lost) 08:03:23 ..that becomes more important as you are trying to do authentication 08:03:25 ack me 08:04:02 Ian: The fundamental issue that drove 3DS design was reduced friction where possible (I think) 08:04:55 ...what are the other optimisations? Time-based, multiple domains? 08:05:19 John: We have restrictions on domains currently; but that's based on credential management 08:05:37 ..but we are starting to look at using Feature Policy to allow us to go outside of the top level domain 08:06:06 q+ 08:06:31 IJ: Is freshness or shared auth useful to schemes or issuing banks? 08:06:33 ack nicktr 08:06:40 nicktr: It's also a legislative challenge 08:07:20 ..in the EU market, the way SCA is defined, using time-based attestations would not be satisfied 08:07:26 ...PSD2 requires the real-time authentication 08:07:34 BrianP: It requires that you display the merchant and amount at that time 08:07:46 nicktr: The consumer has to authenticate the amount of the transaction in real-time 08:08:15 Rolf: WebAuthn can be used to auth to merchant or to the issuer, so there's a lot of flexibility for those parties to make use of web authn 08:08:23 ...if you need a fresh signature, you just ask for it 08:08:34 q? 08:08:40 ...if the issuer has the channel to talk to the consumer ... ask for auth via WebAuthn 08:08:45 (Ian notes: "Payment Handler") 08:09:10 rolf: We don't need to standardize who does what; each party has the flexibility to use web authn in a way that they need. 08:09:33 ...you can make risk decisions based on strength of authenticator via the attestation 08:09:49 ...we would argue that you can increase both security and convenience at the same time 08:09:58 ...protects against phishing 08:09:59 q? 08:10:05 q? 08:10:35 [Next opportunity: w3c workshop on strong auth and identity - 10-11 December in Redmond] 08:12:04 daehee has joined #wpwg 08:12:05 John: We are starting to roll out a public key ecosystem via Web Auth; we want to avoid one device per activity that you are doing 08:12:08 AdrianHB has joined #wpwg 08:12:15 ....we want to be able to accommodate different scenarios. 08:12:41 IJ: What are top things you plan to do in WebAuthn? 08:12:49 John: We will likely extend charter to Sep 2020. 08:12:55 ...top items are: 08:12:57 - The domain issue 08:13:00 - Blockchain authentication 08:13:11 - Increasing ability to select authenticator 08:13:34 - Looking at EAT work 08:13:38 - Attestation work 08:17:28 IJ: Is the limiting factor in Europe more a regulatory issue or more technology? 08:17:37 Herve: In my experience it's more technology. 08:18:03 ...API can transport authentication results 08:18:13 ChrisMichael: I don't think it's a regulatory issue 08:18:22 ...the regulation is pretty straightforward....dynamic linking 08:18:44 ...banks do use whatever factor they want as long as it's SCA 08:19:03 ...the regulators need have called out that it needs to be consistent in different scenarios 08:19:11 ...banks are allowed to allow some exemptions 08:19:18 ...it's not clear what an exemption from SCA means 08:19:27 ...some have interpreted it to mean "1 factor suffices" 08:19:36 ...others have interpreted it to mean ":no auth is required" 08:19:43 ...so long-lived consent would work in that framework. 08:20:17 ...I think regulators would probably come down with a consistency approach; not penalizing APIs over direct customer interaction 08:20:28 q? 08:21:02 NickTR: I would like to hear from browsers about views on data gathering 08:21:02 Zouhir has joined #wpwg 08:21:11 zakim, who's here? 08:21:12 Present: Herve_Robache, CyrilV, nicktr, Vincent_Kuntz, Ian, Mohammed, AdrianHB, estes, frank, Krystosterone, gildas, MattS, Bastien, dezell, BryanLuo, cwarnier, Dongwoo, phila, 08:21:16 ... Marek_Kurylko, MattPi, Jean-Yves_Rossi, Nathan_George, Lin_Li_, Giulio, Ken, Ebert, Rouslan, Roy_, Manoj, Mark_Cline, Michel_Weksler, vkuntz 08:21:16 On IRC I see Zouhir, AdrianHB, daehee, Ken_, huangweichai, falken, horiuchi_, jonathan, vkuntz, carol__, Mark_Cline_, espadrine, sangrae, jfontana, wanli_yang, nage, bryanluo, 08:21:18 ... Roy_, Rolf_, Rouslan, marconi, ken, jyrossi, Cheryl, MattPi, phila, halo, Bastien, Dongwoo, MattS, dezell, gildas, frank, Lin_Li_, estes, Yaohua_Wu, CyrilV, MasayaIkeo, 08:21:18 ... Krystosterone, Herve_Robache, takashi, cwarnier, marcosc, Zakim, Giulio, pranjal, QingAn, pea13, canton, dlehn, agektmr, RRSAgent, hober, rbyers, yoav, mkwst, jungkees, JakeA, 08:21:18 ... emschwartz_ 08:21:23 present+ Zouhir 08:21:32 Rouslan: Silent fingerprinting is not the best option 08:21:38 ...user has no control over what happens 08:21:52 ...we definitely think that WebAuthn is the future and where we should end up 08:22:19 ..but few users have the hardware today or understand how to use it, so I think it would be useful in the meantime to provide some kind of signal to the financial services industry about the device and user 08:22:27 ...while understanding that this signal is fallible 08:22:35 q+ 08:22:51 ...so any signal would be need to be weighted appropriately 08:23:10 ...and the three options we've discussed (1) score (2) hash (3) attributes about the devicer 08:23:27 ...those are middle ground between silent javascript fingerprinting and WebAUthn 08:23:30 ...we haven't landed yet 08:23:32 ack mark 08:23:33 ack mar 08:23:45 marcos where are you 08:24:07 Jeffw has joined #Wpwg 08:24:17 AdrianHB: On browser signaling concept..one way I can see that being more palatable is if it's only available in the payment API 08:24:28 ...as opposed to being available to anyone 08:25:17 estes: I agree mostly with Rouslan; we are working to reduce fingerprinting surface area 08:25:22 ...we'd also prefer webauthn solution 08:25:28 q+ 08:25:52 ack MattS 08:25:53 SofianeB_ has joined #wpwg 08:26:10 MattS: +1 to Rouslan and Andy 08:26:26 ...would like to have both webauthn and ability to query device data 08:27:13 jonathan_ has joined #wpwg 08:27:37 MattP: We are currently at an in-between state....webauthn and attestation is key...I think in 3-5 years we may not need the other signals as much 08:27:54 AdrianHB has joined #wpwg 08:28:28 IJ: Does WebAuthn WG do adoption work, or is that mostly distributed among the vendors? 08:28:33 Tony: Mostly among the vendors 08:28:50 ...we've gotten the technology into the platforms and the browsers 08:28:51 Sofianeb__ has joined #wpwg 08:28:58 ...now it's up to the platforms how they want users to use it 08:29:03 ...in the case of Microsoft it's in Hello 08:29:55 Rolf: Many more deployment discussions happen in FIDO where the vendors are 08:30:10 nicktr: EMVCo is working with FIDO to enhance the relationship....and WebAuthn is built on FIDO 08:30:18 ...is there an opportunity to close the triangle? 08:30:27 ....along with 3DS 08:30:38 BrianP: We are working on the Secure Web Payments Interest Group proposal 08:31:25 RRSAGENT, make minutes 08:31:25 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 08:31:56 horiuchi has joined #wpwg 08:45:49 pranjal has joined #wpwg 08:49:19 Yaohua_Wu has joined #wpwg 08:49:29 bryanluo has joined #wpwg 08:54:08 benoit has joined #wpwg 08:54:29 maybe this is the right channel for the plenary? 08:54:46 takashi has joined #wpwg 08:56:32 Giulio has joined #wpwg 08:57:07 horiuchi has joined #wpwg 08:57:47 horiuchi has joined #wpwg 09:00:46 MasayaIkeo has joined #wpwg 09:01:37 Roy_ has joined #wpwg 09:01:37 pranjal has joined #wpwg 09:04:46 Krystosterone has joined #wpwg 09:05:53 gildas has joined #wpwg 09:06:37 AdrianHB has joined #wpwg 09:07:41 Rouslan has joined #wpwg 09:11:17 horiuchi_ has joined #wpwg 09:11:34 Giulio has joined #wpwg 09:11:35 bryanluo has joined #wpwg 09:11:36 estes has joined #wpwg 09:11:50 phila has joined #wpwg 09:11:58 horiuchi_ has joined #wpwg 09:12:21 Topic: Merchant Adoption 09:12:38 mweksler has joined #wpwg 09:12:51 igrashi has joined #wpwg 09:13:03 Krystian: Will present findings from Shopify's A/B experiments using Payment Request 09:13:07 jonathan has joined #wpwg 09:13:15 ...this experiment is mostly around the basic card implementations in browser 09:13:31 ...the numbers you see are medians across merchants 09:13:46 deck in webex? 09:14:11 -> https://docs.google.com/presentation/d/1WN-E6OG6wJUlYx0L-XJxccs5Q0ANKmKMcOnTdvURrFE/edit?usp=sharing Krystian's slides 09:14:14 Mark_Cline has joined #wpwg 09:14:47 Krystian: Hypothesis....market is ready for users of our platform 09:15:06 ...this experiment ran only on our card page; user would see PR API half of the time 09:15:18 daehee has joined #wpwg 09:15:22 ian: yes; thanks 09:15:32 ...we chose large merchants (most traffic) 09:15:46 ...for buyer to be eligible the browser needed to support PR API 09:16:12 ...our traffic was mostly around Chrome's implementation 09:16:34 ...then 50% of eligible buyers would go through our experiment group (PR API) and other half through our regular card checkout 09:17:30 ..final caveat - we dealt with gift cards by allowing users to go through regular checkout 09:17:43 [Findings] 09:17:57 ...upon clicking checkout button until redirect to thank you page... 09:18:36 ...median times with canMakePayment() true was 2:16 09:19:07 ...canMakePayment() false was 3:13 median time...so much faster with canMakePayment true, 09:19:13 and both faster than usual check out 09:19:28 ...we saw a drop in completion rates but that demands context 09:20:05 ...but remembering that we have dedicated to a full team for 7 years to our checkout flow compared to new Payment Request API, this is actually not that bad 09:20:20 ...most interestingly we tracked progress through the payment sheet 09:20:32 ...we have two event listeners - address, shipping option 09:20:42 ...we also checked opening the sheet, canceling out of the sheet 09:20:46 ....but basically: 09:20:58 60^ of customers drop out without interacting with their shipping contact information or providing shipping methods 09:21:03 jyrossi has joined #wpwg 09:21:12 present+ 09:21:17 ...that is 60% of all buyers who initiated a flow 09:21:41 Giulio: How many had a shipping address in there? 09:21:47 Krystian: We don't have visibility into that 09:21:59 ...all we can say is that 60% did not interact with shipping address/methods 09:22:23 35% of buyers who dropped out preferred clicking on either regular checkout link or discount code 09:22:32 ...most of those (85%) clicked on discount link 09:22:37 vkuntz has joined #wpwg 09:22:50 ...so that might mean they didn't see the link initially or didn't realize they could enter discount through either flow 09:22:56 ...or something else was going on that we still haven't identified 09:23:20 32% initiated a payment, and 28% dropped out for other reasons (e.g., cvc error, decline) 09:23:26 [Other numbers] 09:23:30 CyrilV has joined #wpwg 09:23:36 present+ 09:23:40 30% of customers tried 1 or 2 times to go through payment rqeuest 09:23:45 ...so that's encouraging 09:23:55 ...they were not put off by the experience 09:24:00 7% tried 2 or more times 09:24:11 [Feedback from merchants] 09:24:29 Krystian: We gave feedback directly to browser vendors 09:24:38 about UX 09:24:43 vkuntz_ has joined #wpwg 09:25:02 ...merchant feedback: they were not used to it and it's different from what they are used to....BUT they remained in many cases benefits of the new checkout experience 09:25:25 ...so we might address this with some branding or other merchant adoption initiatives 09:25:26 q? 09:26:00 q+ 09:26:11 vkuntz__ has joined #wpwg 09:26:17 present+ 09:26:30 Krystian: We were excited to try it out. It is not quite yet market ready for our platform; we don't plan to expose it for now but would like to explore further as we address UX features, as payment handlers take hold, as we work on branding, etc. 09:26:42 ack Rousan 09:26:45 ack R 09:26:57 marconi has joined #wpwg 09:26:58 q 09:27:00 jonathan has joined #wpwg 09:27:01 Rouslan: Thank you so much for the study! We welcome this type of feedback from everyone to improve the procut 09:27:04 q+ marconi 09:27:11 q+ 09:27:23 q+ 09:27:27 Rouslan: We are making changes to the UX to take into account the situations that you described, e.g., when the user does not have information yet 09:27:30 ...new flow coming soon 09:27:44 ...the question I have is "is there anything in the API that we could change to improve the user experience?" 09:27:51 ...beyond payment handler 09:27:52 AdrianHB has joined #wpwg 09:28:05 ...or for example, are more detailed error messages required? 09:28:14 ....would that help with analytics? 09:28:15 q+ 09:28:29 ...another thing we could look into is canMakePayment() semantics 09:28:45 ....we have come up with two modes for it (1) payment method available (2) payment method has credential 09:28:58 ...does this mean that we need another query to understand presence of shipping address? 09:29:01 q? 09:29:07 QingAn has joined #wpwg 09:29:35 Krystian: For shipping address, you are correct - I think "enrolled" query could take into account shipping address. 09:29:39 AdrianHB has joined #wpwg 09:29:57 ...I think "ready to pay" should include all the things needed to make payment (including shipping address) 09:30:19 AdrianHB: Is the use case at all resolved by the ability for the merchant to provide shipping addresses? 09:30:20 jonathan_ has joined #wpwg 09:30:20 q+ 09:30:24 ..e.g., for a repeat shopper? 09:30:30 Krystian: Partly yes 09:30:34 ack marconi 09:30:53 marconi: For customers who had ship to/bill to provision, could you quantify how much faster than standard checkout flow? 09:31:24 Krystian: can't share that detail 09:31:26 ack marco 09:31:27 ack phila 09:31:43 phila: Thank you; sounds like some of the negative comments might be addressed through education. 09:32:06 ack Giulio 09:32:58 Giulio: Thanks, Krystian! How did canMakePayment() false work? 09:33:14 marcosc has joined #wpwg 09:33:28 Krystian: Was a blended rate between both true and false 09:33:37 Giulio: What did a customer see during the path? 09:34:07 marcosc has joined #wpwg 09:34:12 Krystian: They would see normal checkout .... in some cases there were branded buttons above and below 09:34:15 q+ 09:34:24 Giulio: That might entice some users to go with something they are more familiar with 09:34:26 ack Beno 09:34:49 no problem 09:34:54 wanli_yang has joined #wpwg 09:35:28 David Benoit (Remotely): What kind of customization of the sheet would merchants like to see? 09:35:55 Krystian: Good question - definitely one piece of feedback is respecting the favicon...that's a must for the merchants 09:36:13 ....the merchants may also wish to change the primary or secondary colors of the sheet to match their site 09:36:25 ...in more extreme cases, some of them wanted a header image in payment request 09:36:39 ...IMO that's a bit too extreme, but definitely controlling some visual aspects would be a must for them 09:36:41 ack Ken 09:37:29 Ken: Do you think outcome would have been different with branded buttons? 09:37:42 Krystian: We couldn't have done Apple Pay in the sheet due to Apple branding requirements 09:38:23 q+ 09:38:29 ...we think setting expectations for the buyer upstream helps with conversion 09:38:31 ack Roy 09:38:47 Roy: You mentioned the 7% drop was a mix of true/false...was there a diff between the two? 09:38:51 Krystian: 1% 09:38:53 ack estes 09:39:19 estes: Had you considered A/B offering apple pay to some users and PR API to others? 09:39:32 Krystian: The difficulty now is that Apple Pay is available to all merchants on our platform 09:39:39 ...so might be too late 09:40:01 q? 09:40:13 mdadas has joined #wpwg 09:40:15 Manoj has joined #wpwg 09:40:23 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 09:41:03 scribe assist: AdrianHB 09:41:10 Krystosterone has joined #wpwg 09:43:02 IJ: We kicked of iteration 2 of Visual Identity TF 09:43:24 ... last year we identified the need to provide something that users can recognise across websites 09:43:53 ... response after iteration 1 was "lukewarm" 09:45:05 ... Facebook hired a designer to help and new iteration started in July 09:45:33 ... Heath (designer) did brand analysis and produced logos which the TF refined over many iteration 09:46:08 ... TF was expecting a final round of logos before now but IJ only got them this morning so we're all seeing them for the first time 09:46:30 ... not being shared publicly until finalized and necessary paperwork is done 09:46:54 ... goal (if WG agrees) is to get these out in line with release of standards 09:46:58 q? 09:47:14 ... 3 key messages that emerged through iterations 09:47:21 ... 1. A wallet 09:47:29 ... 2. A globe (global) 09:47:52 ... 3. Exchange (commerce) 09:47:52 [IJ shows logos] 09:48:29 [Crowd goes wild] 09:49:09 IJ: Opening wallet is unique (not used in other payments branding) 09:49:33 ... adding colour further distinguishes the design from existing logos 09:49:51 ... scales well 09:50:35 ... Using the logo within the phrase Web Pay has been cleared by legal for use 09:51:02 ... Logo in the middle breaks words 09:51:21 ... Intent regards policy is for use of colours to be flexible 09:51:50 [IJ shows logo in existing sheets] 09:51:56 q+ 09:52:26 ... Discussion to date is that the button is confusing for users 09:52:36 q? 09:52:45 ... Need to tie button on page to sheet 09:53:32 ack Rouslan 09:53:51 ... Need to obviously discuss with browsers where this could be added to sheet 09:54:01 q+ 09:54:28 q+ 09:54:34 ack marconi 09:54:59 q+ 09:55:16 ... want to show the logo used as a checkout button (although need to get designer to mock this up) 09:55:28 q? 09:55:33 marconi: Logo looks a but like old ISIS mobile payment logo 09:55:50 ... looks like a phishing scam 09:56:30 IJ: The perceived need is a common browser experience without a way for UX designers to signal that this is what users should expect when clicking the button 09:56:55 ... analogous to RSS logo in some respects. Signals to users that the website has a feature 09:57:09 ... challenge is that it's NOT a payments system 09:57:50 ... so trying to balance fitting into the expected flow vs being a payment method 09:58:36 ack Eiji 09:59:06 Eiji: I think Web Pay won't be a trademark issue as it's a payment company in Japan that was bought and no longer trades under that name 09:59:07 q+ 09:59:25 IJ: Legal stuff is still a big TODO 09:59:27 ack Krystosterone 10:00:37 Krystosterone: Great initiative. Not sure about wallet. I don't think it will age well. Eg. Icon for "SAVE" is still a 3.5 inch disk which is legacy tech 10:01:05 ... Buyers on our platform associate X Pay with a payment method so that may add to confusion 10:01:15 Ack phil 10:01:48 q+ 10:01:50 Phil: Aspect ratio is different to other buttons so may be hard to include in checkout pagees 10:01:53 q+ 10:02:12 IJ: Work to still do to figure out how it might sit on checkout page 10:02:21 Phil: Internationalization? 10:02:38 ack Zouhir 10:02:59 IJ: Haven't got into how the words could be changed. I suspect they could be 10:03:19 q+ to answer the browser question 10:03:50 Zouhir: Have you explored using the icon in the browser chrome, e.g. like the lock for secure websites 10:03:55 NHK 10:04:04 q? 10:04:21 IJ: Could have no button but some other browser chrome that triggers sheet? 10:04:51 sorry mistake to type, please remove 10:04:53 Zouhir: There needs to be some hint before checkout that suggests to the user that the page supports paymentRequest 10:05:00 s/NHK// 10:05:26 ... or perhaps only show the logo when the flow is kicked off 10:05:29 q? 10:05:36 q+ 10:05:51 q- 10:06:00 IJ: Could do more in the browser chrome to suggest that a payment is in progress 10:07:16 benoit: Web may be a term that, especially younger users, don't understand. Also the wallet is maybe a little too "Western male" 10:07:57 matts: I think this can help solve the "suprise" users are reporting when paying with payment request. 10:08:18 ... over time users get comfortable with the new method and associate it with seeing this logo on the website 10:08:36 q? 10:08:41 ack benoit 10:09:20 q+ 10:09:24 ack matts 10:09:50 nicktr: this is just the beginning so feedback appreciated 10:10:36 ij: we recognised the need for signalling and helping users understand the connections between the mix of "domains" that a user goes through using PR API 10:10:53 +1 for Matt's suggestion of exploring elevating the checkout button into the browser chrome rather than a web page UI element 10:11:36 adrianHB: I am more inclined to see this as a symbol rather than a brand - like the lock is seen across the web is seen as denoting "secure" 10:11:47 ...this is why I like the wallet as a very simple design 10:12:28 ...so it can provide hints (like when "canMakePayment" is called causing the wallet to appear in the address bar) 10:12:33 pranjal has joined #wpwg 10:13:03 ...This is similar to the transition from http to https 10:14:06 Jonathan: I agree with this concept - I am concerned about the notion of trust which will vary between payment methods 10:14:29 AdrianHB: this should be a hint only 10:14:56 IJ: (Ian shows brand analysis) 10:16:05 IJ: we debated what the logo should show - we went with a wallet rather than an abstract image 10:16:30 IJ: We have come to the conclusion that this is related to payments 10:16:33 JeffW has joined #Wpwg 10:16:50 mweksler has joined #wpwg 10:17:12 Jonathan: As Rouslan says, this is either a "chrome" thing or a "web payments" thing 10:17:24 q+ 10:17:25 IJ: But Users don't know what "browsers" are 10:18:14 IJ: It's not just about the browser - it needs to work across the browser ecosystem 10:18:27 mweksler has joined #wpwg 10:18:40 IJ: I am concerned that "web" is outdated 10:18:46 q? 10:18:54 q- AdrianHB 10:18:55 AdrianHB has joined #wpwg 10:18:57 ack Rouslan 10:19:14 stpeter has joined #wpwg 10:19:17 Rouslan: from the perspective of an engineer, I like the wallet. 10:19:45 Rouslan: I would like to put this all over the place 10:20:03 Rouslan: +1 to showing after "canMakePayment" is called 10:20:32 ...it would be a good indicator that something magical is about to happen 10:21:09 Ken has joined #wpwg 10:21:12 (strawpool to show whether we should continue) 10:21:39 (about half the room in favour of continuing, about 5 to stop) 10:21:44 benoit_ has joined #wpwg 10:21:59 (second strawpool) 10:22:07 continue 10:22:17 q+ 10:22:45 ack k 10:22:45 (likes as is = 2)(ditch =0)(continue to develop = about 20% of the room) 10:23:18 Roy has joined #wpwg 10:23:27 Ken: merchants will do what they want with their check out experience - the logo will be used inconsistently 10:24:03 ...also big companies don't need/want help with branding. But SME/SMBs _do_ need help - does this help this community? 10:24:16 q+ 10:26:05 q+ 10:26:16 q- 10:26:19 Ian: in the future, can we have the browser render the pay button (issue #777) 10:27:11 nicktr: Consistent "hint" across browsers / a cue 10:27:26 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 10:28:09 q- 10:29:16 AdrianHB: two topics - web monetization and generalised payment tokens 10:29:29 AdrianHB: introduces Coil 10:29:44 (shows slides) 10:30:52 AdrianHB: the way this works, there would be an API that allows the website to request a stream of money (send or receive) 10:31:32 ...very small amounts (e.g. thousandths of a cent) - over something analogous to a web socket 10:32:14 AdrianHB: the role of the provider is to throttle the stream of micropayments 10:32:31 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 10:32:32 ...the hope is that websites could then be (for example) ad-free 10:32:57 scribenick: Ian 10:33:08 AdrianHB: proposed specification -> https://interledger.org/rfcs/0028-web-monetization/ 10:33:12 AdrianHB: The provider chooses how much money and the provider 10:33:20 ....that's where we think the competitive space will be 10:33:29 ...Coil charges users flat rate of $5/month 10:33:34 marcosc has joined #wpwg 10:33:34 ...others can choose other models 10:34:17 ...our hope is that users will appreciate experience with monetization provider 10:34:20 [Demo] 10:35:08 [The demo shows AHB visiting a web site, and money slowly streams to the site 10:35:25 ...AHB has access to content having monetized the site through the API] 10:35:40 q+ 10:36:21 AdrianHB: We are interested in bringing a Web Monetization API to w3c that gives payees access to monetization streams. 10:36:29 ...is there interest from this forum on Web Monetization? This API? 10:36:29 q+ 10:36:38 ack phil 10:36:42 q+ 10:37:00 phila: Very interesting. Would this support a freemium model? 10:37:08 ...would it support data services over the Web? 10:37:14 AdrianHB: I don't see anything preventing that 10:37:22 ...the API establishes a link between the provider and the funds 10:37:35 ...once it has been established, you could put other protocols on top of that. 10:37:51 IJ: Does it use WebRTC for p2p? 10:38:00 AdrianHB: Not currently; that is something we've looked at. 10:38:08 ack Rouslan 10:38:11 ...it's not really browser to browser it's browser to servewr 10:38:25 Roulsan: Overall, the idea of micropayments and monetization is really interesting 10:38:32 ...I would be interested in exploring it somehow 10:38:50 AdrianHB: For the purposes of the working group, having a task force might be a start 10:38:59 [IJ thinks "Workshop"] 10:39:03 ack Roy 10:39:21 Roy: I can readily see consumer demand from a paywall perspective 10:39:27 ...do you have any data? 10:39:37 Rolf has joined #wpwg 10:39:52 s/Roulsan/Rouslan/ 10:39:58 AdrianHB: We don't have a lot of data yet. You can use it on Youtube and Twitch 10:40:05 ..paywalls are a bit more challenging 10:40:18 ...we had a conversation with someone in the past, and one issue with some types of media is that 10:40:44 q+ 10:40:45 ..the cost of some types of content (like an investigative column) is too high for small monetization streams 10:40:56 ...but might be interesting to experiment with bundled content 10:41:26 ack Rouslan 10:41:29 AdrianHB: Users may be ok with ads on some sites, monetization through streams on others 10:41:51 Rouslan: Proliferation of ad blockers suggests people are not happy to see a lot of ads...some other monetization approaches would be good for the health of the whole ecosystem. 10:42:12 ...I see the point of giving options to publishers for monetizing different types of content. 10:42:26 ...you also need user protections like "instant refund" if the user is not satisfied with the content. 10:43:24 AdrianHB: This is an aggregation model; on aggregate, if I a happy with the service overall, I am ok to pay the money. If you are unhappy with content you pick a better provider rather than recuperate money from a particular site. That, at least, is our model. 10:43:27 q+ 10:43:58 michel: Refunds are still going to need to happen...even if from the aggregator. 10:44:15 ...users may need more recourse than "I don't like my provider" 10:44:37 ack Rouslan 10:44:42 AdrianHB: Provider might refund user based on complaints, for example. You can even use underlying dispute models (e.g., if backed by card payments) 10:45:01 rouslan: I would like to hear opinions from payment handlers and financial industry participants in the room....have they encountered other challenges? 10:45:05 q+ 10:45:20 nicktr: Micropayments is hard due to the cost of friction. 10:45:34 ...disputes requires an overarching system with arbitration, and that's a cost to be borne 10:45:46 ...micropayments is unsolved, in my view 10:46:07 ...I'm not aware of extensive work going on in the mainstream financial services industry around micropayments 10:46:34 ...there was some interest in cryptocurrency world, but those are not real-time and there is other friction and transaction fees, so not the panacea 10:46:44 q? 10:46:46 ...sidechains also tried, but there's a cost there as well. 10:46:48 ack Zou 10:47:35 Zouhir: Web Monetization is important. There are simple categories of payments, like up front and in-app 10:48:12 ...I think can reward users with fewer ads in games if monetized in other ways 10:48:19 ...there is also what Brave Browser is doing. 10:49:13 q? 10:49:44 marcosc has joined #wpwg 10:49:46 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 10:49:54 Topic: Generic Payment Tokens 10:50:42 -> http://www.w3.org/2018/Talks/ahb_tokens_20181023.pdf Adrian's tokenization slides 10:50:53 +1 for "token" being overloaded :) 10:51:06 AdrianHB: The word "token" is overloaded. Here's what I think it means: 10:51:12 - represents the authorization of a payment 10:51:22 - redeemable by the payee on a specific network 10:51:33 - produced by the payment authorization authority 10:51:39 - network rules dictate how the token is redeemed 10:51:48 - token data is mostly opaque to payee systems 10:52:03 marcosc has joined #wpwg 10:53:08 AdrianHB: I'd like to come up with something generic on the web, that could be used across multiple networks 10:53:59 q? 10:54:29 AdrianHB: Push payments bother me generally. 10:54:39 ...I think the experience is less than ideal. 10:54:48 ..merchants lose control of flow 10:54:48 ...no retry our cancel 10:54:54 ...integration at multiple places in the flow 10:55:02 ...recurring payments...HA! 10:55:42 AdrianHB: A pattern I like is pre-authorized push payments. 10:55:53 ....they are push payments that feel pull-like 10:56:04 ..this gives merchant more control 10:56:16 ....bank doesn't do push payment, they return a token 10:56:28 ...then the payee submits that token to actually cause the payment to happen 10:56:45 ...so there are two phases: (1) authorize payment then (2) initiate payment (with token) 10:57:04 ...this allows merchants to manage their flows 10:57:14 AdrianHB: Proposal for a tokenization spec 10:57:31 ....as simple as saying "I accept tokens from a variety of networks" 10:57:39 ...the underlying data depends on network 10:57:48 ...some common metadata (e.g., "one-time use" 10:58:14 ...a typical response might be as simple as three pieces of information: label, network, token 10:58:27 q? 10:58:48 AdrianHB: So is there appetite for a single tokenization spec (more generic than card tokenization spec) 10:58:50 ...leaves specifics to the networks. 10:58:58 ...this would make browser implementation sipler 10:59:07 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 10:59:10 rrsagent, set logs public 10:59:13 q+ 10:59:33 Russell: I am interested (but cf IPR) 10:59:47 q+ 11:00:02 zakim, close the queue 11:00:02 ok, Ian, the speaker queue is closed 11:00:21 ack Roy 11:00:48 Roy: What's the substantive difference between token with network options and a bunch of specific payment methods? 11:01:00 AdrianHB: I think this is an easier integration path 11:01:14 ..just one method since they don't care about the differences between the different types 11:01:45 marcosc has joined #wpwg 11:01:49 ..implementation is simpler for the browser 11:02:06 ...they just need to implement one spec and filter on networks 11:02:06 +q 11:02:21 ...browser doesn't need to differentiated based on instrument type 11:02:35 ack Rouslan 11:02:37 Rouslan: Do you envision the browser keeping track of tokens, balances, 11:02:51 AdrianHB: No, only which networks the user can give tokens for. 11:03:31 ack ben 11:03:34 AdrianHB has joined #wpwg 11:04:09 davidBenoit: We stopped using the term "token" and started using the word "contract" instead 11:04:10 MasayaIkeo has joined #wpwg 11:04:47 ....so +1 to moving to networks that don't have to create their own tokenization method 11:04:50 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 11:05:26 horiuchi has joined #wpwg 11:05:54 I have made the request to generate https://www.w3.org/2018/10/23-wpwg-minutes.html Ian 11:07:27 horiuchi_ has joined #wpwg 11:21:28 horiuchi has joined #wpwg 11:28:09 mweksler has joined #wpwg 11:29:07 pranjal has joined #wpwg 11:34:07 phila has joined #wpwg 11:36:58 pranjal has joined #wpwg 11:37:00 pranjal has joined #wpwg 11:37:13 phila has left #wpwg 11:42:20 pranjal has joined #wpwg 11:47:03 MasayaIkeo has joined #wpwg 11:52:40 MasayaIkeo has left #wpwg 11:57:13 pranjal has joined #wpwg 11:59:47 marcosc has joined #wpwg 12:01:09 marcosc has joined #wpwg 12:02:35 horiuchi has joined #wpwg 12:04:03 mweksler has joined #wpwg 12:08:38 cwarnier has joined #wpwg 12:08:59 Cheryl has joined #wpwg 12:09:25 addison has joined #wpwg 12:09:58 Rouslan has joined #wpwg 12:10:08 bryanluo has joined #wpwg 12:10:13 r12a has joined #wpwg 12:11:49 horiuchi has joined #wpwg 12:12:27 [Resuming] 12:12:39 Topic: Internationalization Joint Session 12:12:41 david_clarke has joined #wpwg 12:12:44 daehee has joined #wpwg 12:13:44 Giulio has joined #wpwg 12:13:57 Krystosterone has joined #wpwg 12:14:02 MattS has joined #wpwg 12:14:05 Bert has joined #wpwg 12:14:16 AdrianHB has joined #wpwg 12:14:18 [Contezt] 12:14:44 Marcos: In order to implement languageCode other browsers would have had to use a particular library (from Google) 12:14:58 ...we didn't want to have a dependency on a library, and we had a hard time specifying 12:15:39 Rouslan: The use case - addresses can be formatted different ways in some countries; usually there is a default way....but when it is formatted for English, the address might be formatted differently 12:15:50 ...e.g., from less to more specific or vice versa 12:16:08 ...in Chrome we had some guesswork and suggested that others do the same guesswork 12:16:17 horiuchi has joined #wpwg 12:16:19 ...we then tried to specify something correct. 12:16:26 Marcos: The conclusion was to remote it from the spec. 12:17:18 CyrilV has joined #wpwg 12:17:20 Addison: The kind of things you are talking about (e.g., complexity of postal addresses in a global environment), have different presentational formats that can be applied 12:17:22 present+ 12:17:23 s/[Contezt]/[Context]/ 12:17:49 present+ 12:17:58 takashi has joined #wpwg 12:18:07 Addison: Our group would still like to see a language tag to do display but also things like font selection 12:18:20 ...I think the current state is that you removed languageCode. 12:18:42 q 12:18:44 q? 12:18:48 q+ 12:18:53 zakim, open the queue 12:18:53 ok, Ian, the speaker queue is open 12:19:00 Rouslan: Can you simply look at Unicode code points? 12:19:01 q+ 12:19:12 Addison: If you have two distinct writing systems; yes 12:19:18 ..but for determining the language of something, no. 12:19:29 ...e.g., overlap in characters between Japanese and Chinese 12:19:47 q? 12:20:05 ack ian 12:20:06 jyrossi has joined #wpwg 12:20:08 present+ 12:20:13 ian: I have a scoping question 12:20:15 estes has joined #wpwg 12:20:51 ...we say here's a piece of data, it's up to the merchant to know what to do with it 12:21:10 ...so information is lost if you just have a string of text 12:21:50 addison: by not providing language and direction tags, downstream applications can't do a good job 12:22:47 ...whereas if you capture metadata at point of entry, you can do useful things downstream 12:22:59 Roulsan: Eiji and I analyzed several shipping APIS. 12:23:10 ...first, they don't include all the fields we think we should include 12:23:22 ...but 0% of them have language tag or direction as input to the APIs 12:23:35 ...how can we deal with that? 12:23:45 Addison: I am confronting that in my day job at Amazon 12:24:14 ...the state of affairs is somewhat broken since the APIs are often optimized for local shipping / first mile / last mile 12:24:20 SofianeB-CC has joined #WPWG 12:24:49 Rouslan: So if we provide this data, those APIs would drop it on the floor? 12:24:59 Addison: Yes, but other consumers might make use of it. 12:25:11 Richard: If you don't provide the information at all, you can't improve the situation. 12:25:30 Rouslan: Do you think the quality of the data from the browser is high enough? 12:25:34 ...all we have is user locale 12:26:00 ...the user might have en-us as their locale....we have to guess they are "probably typing in English" 12:26:24 Addison: We would assume the form is localized; not just the browser's localization 12:26:39 Addison: There are guessing thing you can do (as we discussed github) 12:26:55 ....no individual thing is a sufficient solution 12:27:10 ...but to a motivated developer it's straightforward to add direction and language 12:27:40 ...I know it's a hard problem; aware of PayPal and other companies doing extensive work in this space 12:28:28 Rouslan: One issue we have is that the guesswork was kind of subpar....was critiqued by I18N group 12:28:43 ...are there are any algorithm descriptions that say the right way to do things? 12:29:16 ..in particular, with BCP 47 there's a lot of info 12:29:35 Addisson: BCP 47 is about language/locale, but not specific to address 12:29:54 mweksler has joined #wpwg 12:31:40 Rouslan has joined #wpwg 12:31:43 IJ: Are there user experiences that could be good approximations like "format for this country" 12:33:28 q? 12:33:40 pranjal has joined #wpwg 12:33:50 IJ: Does shipping country suffice? 12:35:18 IJ: can you say "I'm looking at what's being typed, and it's being sent to Japan, so this is the format that I need"? 12:35:50 IJ: Could you approximate by looking at characters and target country (eg., see latin characters and JP and that tells you how to format) 12:36:02 Richard: Lots of addresses will have a mix. 12:36:21 q? 12:37:04 s/Richard/r12a/ 12:37:20 IJ: How many variations are there? Big endian/small endian 12:37:35 Addison: Small number of variations....big endian / small endian 12:37:56 ...but the next level of granularity has to do with fields that COULD be filled in by the user but you don't want. 12:38:10 ...e.g., Germany has regions but you don't see them when formatted in postal codes. 12:39:25 Richard: My wife might put JAPAN in English but the rest of the address in Japanese (at the bottom) 12:40:43 Richard: We recommend not breaking addresses into small pieces 12:41:19 Rouslan: We talked about giving merchant plain text blob to merchants...but many merchants have restrictions like "don't ship to Alaska and Hawaii" 12:41:25 ..."or extra fee to ship to this city" 12:41:48 ...we don't split into house number 12:42:04 Giulio has joined #wpwg 12:42:10 ...allow for "in care of" 12:43:01 pranjal has joined #wpwg 12:43:23 marconi has joined #wpwg 12:43:48 IJ: What is missing? 12:43:59 Addison: You need the country to be a country code 12:44:14 ..with that you could as a merchant use a library to format it in virtually all cases 12:44:28 ...with the proviso that it will sometimes look odd where there are more formats in a country 12:44:51 ...if you were to provide formats for a country, they would still need templates 12:45:17 Marcos: It's not clear to me that we as Mozilla can do better than the merchant 12:45:43 Addison: If the fields are regionally neutral and you have country code you do formatting 12:45:47 For context, these topics were also discussed on GitHub, see https://github.com/w3c/payment-request/pull/764#issuecomment-418879354 and https://github.com/w3c/payment-request/pull/764#issuecomment-418904998 as well as https://github.com/w3c/payment-request/issues/608#issuecomment-414510456 12:45:51 q+ 12:46:19 Richard: You might need to know the language of the text (e.g., Japanese v. Chinese) to do right formatting 12:46:39 Richard: If you are shipping to Israel or Egypt you probably need to know the base direction of the text. 12:46:40 q+ 12:47:14 Richard; There are l-t-r flows within r-t-l text 12:47:22 ....e.g., acronyms or numbers 12:47:32 horiuchi has joined #wpwg 12:47:36 ...and some variations between Gulf states 12:47:50 Rouslan: Some info will be encompassed in country code 12:48:02 Rouslan: Does Unicode not include direction? 12:48:11 Addison: Yes, of individual characters 12:48:21 mweksler has joined #wpwg 12:48:28 horiuchi has joined #wpwg 12:48:44 [Some complex RTL text] 12:49:09 ack stpeter 12:49:22 horiuchi has joined #wpwg 12:49:32 stpeter [remotely]: I want to echo Richard's comments...in the GitHub thread we noted some things we really should have in PR API 12:49:47 ...I think we came to some conclusions such as the languageCode we had was not addressing some known issues 12:50:06 ...there is some work that we need to do ... I want to make sure we get on the table what those are and develop a plan 12:50:19 Marcos: It sounds more like "what is the language of the payment sheet"? 12:50:27 Rouslan: Is that exposed through accept-languages 12:50:52 Marcos: We say in the spec that when you open the payment sheet, it SHOULD use the document language as the language of the sheet. 12:51:08 ...we don't, however in practice ship every language 12:51:34 horiuchi_ has joined #wpwg 12:51:34 ...having said that, we don't expose the language information for privacy's sake 12:51:52 ..we could send through the API the primary language and direction of the form 12:52:20 ...but the page knows already their language and direction 12:52:58 pranjal has joined #wpwg 12:53:17 Addison: You want the language information and direction for the address.