Web Payments Working Group

21 Mar 2019



Ian Jacobs (W3C), Dean Ezra (Barclays), Matt Detert (MAG), Frank Hoffmann (Klarna), Danyao Wang (Google), Fawad Nisar (Discover), Nick Telford-Reed, Ken Mealey (Amex), Rouslan Solomakhin (Google)


<scribe> Scribe: Ian

--> https://github.com/w3c/webpayments/wiki/Agenda-20190321 Agenda

Web Authentication use cases

Feature discussion for after v1 of Web Authentication: how important is WebAuthn from an iframe?

Danyao: Question about importance of use case of WebAuthn from an iframe.
... it's tricky to get the flow working correctly, so it could be dropped if there's not a strong use case.
... most of the WebAuthn use cases are "top level"
... for iframe, the concern that I heard is that the dialog pops up as a modal.
... and the user might be confused about which party is asking them to authenticate
... in our payment scenarios, it's likely the payment service providers that will want to authenticate, and thus through an iframe
... so I speculate it might be an important use case for this group.

nicktr: You are right that currently iframes are used throughout payment experiences, but one hope is that with payment handlers, that trend might diminish
... if the payment method provider provides a web app, that will live in a modal (with origin displayed)
... but you are correct that many or most hosted solutions are provided through an iframe

danyao: I agree with you; tradeoff between supporting use cases today and encouraging transitions
... as the browser vendor, we are mostly listening to the importance of the use case

(IJ thinks that for 3DS for a while it will be important)

nickTR: I am happy to write to the WG to get more feedback via email
... and we should also give the question some air time at the FTF meeting.

<scribe> ACTION: NickTR to write to the group and also add to the FTF agenda on this question of webauthn in iframe use case

<trackbot> Created ACTION-114 - Write to the group and also add to the ftf agenda on this question of webauthn in iframe use case [on Nick Telford-Reed - due 2019-03-28].

Payment Request API status


<nicktr> scribenick: nicktr

ian: this is primarily a chaser to the group
... to date responses have been unanimously in support of returning through CR
... due date is 25th March
... from a process perspective, I need to request time with the director because we need to deal with the formal objection with regard to privacy issues from Sam Weiler
... I hope we will be published before the F2F
... or shortly thereafter
... so then we need to focus on implementations
... and at the F2F we can look at new features

<Ian> scribenick: Ian

nicktr: Thanks to the Editors for getting the spec over the line!!

<nicktr> scribenick: nicktr

<Ian> https://lists.w3.org/Archives/Public/public-payments-wg/2019Mar/0008.html

<Ian> https://www2019.thewebconf.org/

ian: for teh past 30 years or so, there has been a web conference (typically on research aspects of the web)
... at each conference there is a w3c track

<Ian> https://www2019.thewebconf.org/schedule

ian: we typically give an update on spec progress
... I was approached to see whether anyone in teh Bay area would be interested in running a 30-60 minute session on the payment specification work
... if you are interested, please contact Ian

nicktr: who are the typical attendees?

ian: it is mostly research focussed, rather than web developers

FTF meeting

<Ian> https://github.com/w3c/webpayments/wiki/FTF-Agenda-201904

ian: we have more than 50 people planning to attend
... we have reached our current capacity
... we have been tweaking the agenda
... earlier in the week we had a session on merchant needs and the API ecosystem
... in particular, I heard that the payment flow is very simple compared to "real world" examples
... to which I responded "please bring use cases for us to examine"
... so we would ask anyone attending to bring use cases that aren't well-handled

nicktr: can you give an example of a use case that isn't well-handled?

ian: EXAMPLE: different shipping options within the same order
... EXAMPLE2: removing items within the order
... there is a thread with Richard Pag in a use case is articulated where many parties are paid in a single transaction
... which means that there may be multiple origins in the transaction

<Ian> scribenick: Ian

nicktr: I can think of lots of use cases with N disbursements, e.g., when you purchase an airline ticket.
... that's not typically handled in the front end.
... another use cases is marketplaces (e.g., ETSY)
... the card environment handles that in a particular way
... I suspect the challenge is not API design but regulatory requirements
... this use case is solved today but not in the front end; instrumented through the principle payment acceptor

<nicktr> scribenick: nicktr

ian: we have added vkuntz to the agenda with a new POC
... and a topic which we have added more explicitly is 3DS
... deadline in Europe is September 2019
... in a chat with Jonathan from MC yesterday, he was clear that 3DS remains a separate topic from SRC

<Ian> scribenick:Ian

ken: The EU deadline is 2-factor auth
... I would advocate at the higher level that it's about auth


IJ: I am positioning this more explicitly as 3DS since concretely we are working on a module; I wanted to resurface that

Ken: Also touch on the Web Payment Security IG

<nicktr> scribenick: nicktr

ian: any more demos that people would like to show?
... jalpesh is working on dinner plans for day 1 (Tuesday 2nd April)

<Ian> NickTR: Next meeting is the FTF meeting!

<Ian> ...look forward to seeing you there!

Summary of Action Items

[NEW] ACTION: NickTR to write to the group and also add to the FTF agenda on this question of webauthn in iframe use case

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/03/21 14:36:18 $