https://www.w3.org/securepay/wiki/Meeting/Oct2020 -> 6-7 Oct WPSIG
https://github.com/w3c/webpayments/wiki/2020-TPAC-WPWG-agenda -> 19-22 Oct WPWG
https://github.com/w3c/webpayments/wiki/2020-TPAC-WPWG-agenda -> 19-22 Oct WPWG
IJ: Can we fill a 30-minute with WebAuthn updates?
JeffH: Sure!
... work on SPC is of interest
IJ: (1) deployment status updates? (2) status of level 2?
(3) attestation?
JeffH: Attestation more for WPSIG
IJ: Any other requests?
Danyao: I am also curious about
hot topics in WebAuthn WG
... even if not payment related
IJ: I am leaning toward WPSIG for the topic of "Helping risk engines in the face of privacy changes to browsers}
https://github.com/w3c/webpayments/wiki/QR_2020 QR codes
JeffH: QR codes are not
magic
... e.g., represent URL
... depending on the type of ceremony where you want to use
them, if you are doing an authentication ceremony, just
employing a QR code may not convey phishing resistance
... depends on how the entire ceremony is constructed
Gerhard: I think there are 3 categories of interest:
a) Joining of a device
b) Authentication (e.g., Alibaba to refresh a session)
c) Payments
Gerhard: We used a QR code in our
demo for joining a device (seeding info about a user)
... we should look at the interplay between the industry QRs
that exist today
JeffH: Like QR codes conveying SKUs?
Gerhard: We want the merchant to
be able to say "I support these payment rails" and enable the
user to select one that they prefer
... How can the merchant learn that the user can do, e.g.,
PayPal,a nd the merchant generates the PayPal QR code
<AdrianHB> +1 that we should stay scoped on payments for TPAC discussion
danyao: As browser vendors, I
think we are interested in understanding what QR codes solve in
the wild, and what can they solve uniquely?
... can we have pointers to background information, or a short
document that describes a problem statement?
<AdrianHB> QR as fallback for SPC is interesting where user has FIDO-capable mobile device and is paying on desktop browser
Gerhard: EMVCo (Bastien) did a
presentation in S.A. recently on QR codes; really
helpful.
... there's also a European effort around QR codes
<jeffh> +1 to Danyao's request for details wrt the use cases in which QR codes are being proposed as a solution component
<AdrianHB> +1
AdrianHB: Agreed we should not have nebulous discussion about broad tool that is QR codes
JeffH: +1 to both Danyao and Danyao
IJ: Would it help to get speakers for education on use cases?
JeffH: The focus is on use cases...and why QR codes are being proposed to solve them
<kenrb> AdrianHB: The use case you mention above (desktop browser fallback to a mobile device) sounds like a good idea, and I'd also note that it doesn't require any client support.
IJ: Which orgs should I start reaching out to? Any suggestions?
Gerhard: Entersekt is happy to
give a "consumer" perspective
... Today there are QR codes and issuers of them (e.g., Walmart
Pay, Starbucks, Alipay, ...). There seems to be proliferation.
Is there a way to simplify the checkout experience? (Thats' one
perspective)
... so proliferation is a phenomenon to look at
danyao: What you just said is
interesting. So perhaps there's a fragmentation problem; so
maybe we might foster interop. But I'm curious to understand
whether there's *really* a fragmentation problem.
... what's the cost to developers? Is there a cost to integrate
with each of the systems?
... it would also be great if Gerhard could curate a bit to
help us understand the landscape of efforts
JeffH: If there is proliferation,
what are the use cases where that is occurring?
... we need to understand whether there's a single cohesive use
case or whether there are variations
Gehard: There are both
merchant-presented and consumer-presented QR codes
... hearing EMVCo talk about their 3 use cases would be a great
start
... and then get some non-card use cases as well (and why they
chose QR codes)
29 September