<scribe> Scribe: Ian
--> https://github.com/w3c/webpayments/wiki/Agenda-20190321 Agenda
Feature discussion for after v1 of Web Authentication: how important is WebAuthn from an iframe?
Danyao: Question about importance
of use case of WebAuthn from an iframe.
... it's tricky to get the flow working correctly, so it could
be dropped if there's not a strong use case.
... most of the WebAuthn use cases are "top level"
... for iframe, the concern that I heard is that the dialog
pops up as a modal.
... and the user might be confused about which party is asking
them to authenticate
... in our payment scenarios, it's likely the payment service
providers that will want to authenticate, and thus through an
iframe
... so I speculate it might be an important use case for this
group.
nicktr: You are right that
currently iframes are used throughout payment experiences, but
one hope is that with payment handlers, that trend might
diminish
... if the payment method provider provides a web app, that
will live in a modal (with origin displayed)
... but you are correct that many or most hosted solutions are
provided through an iframe
danyao: I agree with you;
tradeoff between supporting use cases today and encouraging
transitions
... as the browser vendor, we are mostly listening to the
importance of the use case
(IJ thinks that for 3DS for a while it will be important)
nickTR: I am happy to write to
the WG to get more feedback via email
... and we should also give the question some air time at the
FTF meeting.
<scribe> ACTION: NickTR to write to the group and also add to the FTF agenda on this question of webauthn in iframe use case
<trackbot> Created ACTION-114 - Write to the group and also add to the ftf agenda on this question of webauthn in iframe use case [on Nick Telford-Reed - due 2019-03-28].
https://lists.w3.org/Archives/Public/public-payments-wg/2019Mar/0008.html
<nicktr> scribenick: nicktr
ian: this is primarily a chaser
to the group
... to date responses have been unanimously in support of
returning through CR
... due date is 25th March
... from a process perspective, I need to request time with the
director because we need to deal with the formal objection with
regard to privacy issues from Sam Weiler
... I hope we will be published before the F2F
... or shortly thereafter
... so then we need to focus on implementations
... and at the F2F we can look at new features
<Ian> scribenick: Ian
nicktr: Thanks to the Editors for getting the spec over the line!!
<nicktr> scribenick: nicktr
<Ian> https://lists.w3.org/Archives/Public/public-payments-wg/2019Mar/0008.html
<Ian> https://www2019.thewebconf.org/
ian: for teh past 30 years or so,
there has been a web conference (typically on research aspects
of the web)
... at each conference there is a w3c track
<Ian> https://www2019.thewebconf.org/schedule
ian: we typically give an update
on spec progress
... I was approached to see whether anyone in teh Bay area
would be interested in running a 30-60 minute session on the
payment specification work
... if you are interested, please contact Ian
nicktr: who are the typical attendees?
ian: it is mostly research focussed, rather than web developers
<Ian> https://github.com/w3c/webpayments/wiki/FTF-Agenda-201904
ian: we have more than 50 people
planning to attend
... we have reached our current capacity
... we have been tweaking the agenda
... earlier in the week we had a session on merchant needs and
the API ecosystem
... in particular, I heard that the payment flow is very simple
compared to "real world" examples
... to which I responded "please bring use cases for us to
examine"
... so we would ask anyone attending to bring use cases that
aren't well-handled
nicktr: can you give an example of a use case that isn't well-handled?
ian: EXAMPLE: different shipping
options within the same order
... EXAMPLE2: removing items within the order
... there is a thread with Richard Pag in a use case is
articulated where many parties are paid in a single
transaction
... which means that there may be multiple origins in the
transaction
<Ian> scribenick: Ian
nicktr: I can think of lots of
use cases with N disbursements, e.g., when you purchase an
airline ticket.
... that's not typically handled in the front end.
... another use cases is marketplaces (e.g., ETSY)
... the card environment handles that in a particular way
... I suspect the challenge is not API design but regulatory
requirements
... this use case is solved today but not in the front end;
instrumented through the principle payment acceptor
<nicktr> scribenick: nicktr
ian: we have added vkuntz to the
agenda with a new POC
... and a topic which we have added more explicitly is
3DS
... deadline in Europe is September 2019
... in a chat with Jonathan from MC yesterday, he was clear
that 3DS remains a separate topic from SRC
<Ian> scribenick:Ian
ken: The EU deadline is 2-factor
auth
... I would advocate at the higher level that it's about
auth
https://www.w3.org/2018/12/src-prapi/
IJ: I am positioning this more explicitly as 3DS since concretely we are working on a module; I wanted to resurface that
Ken: Also touch on the Web Payment Security IG
<nicktr> scribenick: nicktr
ian: any more demos that people
would like to show?
... jalpesh is working on dinner plans for day 1 (Tuesday 2nd
April)
<Ian> NickTR: Next meeting is the FTF meeting!
<Ian> ...look forward to seeing you there!