14:52:46 RRSAgent has joined #wpwg 14:52:46 logging to https://www.w3.org/2021/03/29-wpwg-irc 14:52:53 Meeting: Web Payments Working Group 14:53:01 Agenda: https://github.com/w3c/webpayments/wiki/Agenda-FTF2021 14:53:08 Chair: Nick_Telford-Reed 14:53:12 Scribe: Ian_Jacobs 14:53:17 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 14:53:22 RRSAGENT, set logs public 14:54:57 present+ 14:55:04 present+ Jean-Luc_di_Manno 14:56:25 present+ Sebastian_Elfors 14:57:56 present+ Deepu_k_Sasidharan 14:58:11 mhofman has joined #wpwg 14:58:52 present+ Anne_Pouillard 14:59:22 present+ Tomasz_Blachowicz 14:59:30 present+ Gavin_Shenker 15:00:04 Anne has joined #wpwg 15:00:17 present+ Frank_Hoffmann 15:00:26 present+ Arno_van_der_Merwe 15:00:36 present+ Lawrence_Cheng 15:00:40 present+ Bastien_Latge 15:00:44 present+ Danyao_Wang 15:00:58 present+ Jean-Michel_Girard 15:01:07 present+ Aleksei_Akimov 15:01:17 present+ Marc_Perez 15:01:26 present+ Marc_Perez_i_Ribas 15:01:30 present+ Mike_Knowles 15:01:35 present+ James_Longstaff 15:01:46 present+ Remo_Florentino 15:01:50 present+ Richard_Ledain 15:01:57 present+ Gildas_le_Louarn 15:02:03 present+ Manoj_Kannembath 15:02:18 present+ Nick_Telford-Reed 15:02:24 present+ Christian_Aabye 15:02:29 present+ Benjamin_Tidor 15:02:35 present+ 15:02:43 present+ Daniele_Berto 15:02:48 present+ David_Benoit 15:03:00 present+ Doug_Fisher 15:03:12 present+ Erhard_Brand 15:03:14 jonathan has joined #wpwg 15:03:17 takashi has joined #wpwg 15:03:33 present+ Takashi_Minamii 15:03:34 Gavin has joined #wpwg 15:03:35 Manoj has joined #wpwg 15:03:35 btidor has joined #wpwg 15:03:36 present+ Jonathan_Grossar 15:03:37 gildas has joined #wpwg 15:03:37 Vaishali_ has joined #wpwg 15:03:40 frank has joined #wpwg 15:03:42 present+ Kincaid_ONeil 15:03:50 present+ Vaishali_Bulusu 15:03:56 arnovandermerwe has joined #wpwg 15:04:15 Bastien has joined #WPWG 15:04:18 Gerhard has joined #wpwg 15:04:18 present+ 15:04:20 SameerT has joined #wpwg 15:04:25 present+ 15:04:26 marcperez has joined #wpwg 15:04:31 mknowles has joined #wpwg 15:04:34 RRSAGENT, make minutes 15:04:34 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:04:35 OlivierM has joined #wpwg 15:04:36 lucasb has joined #wpwg 15:04:37 Aleksei has joined #wpwg 15:04:39 present+ Lucas_Bledsoe 15:04:40 JMGirard has joined #wpwg 15:04:42 Tomasz has joined #Wpwg 15:04:46 present+ Nick_Burris 15:04:50 Ulf has joined #wpwg 15:04:51 AdrianHB has joined #wpwg 15:04:52 present+ Robin_Hjelte 15:04:54 Timo_Gmell has joined #wpwg 15:04:55 present+ Sahel 15:05:02 present+ Sameer_Tare 15:05:06 present+ Shyam_Sheth 15:05:13 present+ Timo_Gmell 15:05:21 present+ Ulf 15:05:24 Robin_Hjelte has joined #wpwg 15:05:33 DougF has joined #WPWG 15:05:33 present+ Adrian_Hope-Bailie 15:05:35 LawrenceCheng has joined #wpwg 15:05:35 Sahel_Google_Chrome has joined #wpwg 15:05:36 RRSAGENT, make minutes 15:05:36 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:05:38 Jean_Luc has joined #wpwg 15:05:39 present+ 15:05:50 present+ Fawad_Nisar 15:05:55 present+ Gerhard_oosthuizen 15:06:03 Remo_Fiorentino has joined #wpwg 15:06:05 present+ Mathieu_Hofman 15:06:10 present+ Mike_Horne 15:06:16 present+ Nils_Brenkman 15:06:22 present+ Olivier_Maas 15:06:30 present+ Remo_Fiorentino 15:06:32 James has joined #wpwg 15:06:38 Fawad has joined #wpwg 15:06:40 RRSAGENT, make minutes 15:06:40 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:07:05 shyamsheth has joined #wpwg 15:07:20 Topic: Welcome 15:07:47 [To raise your hand, type q+] 15:08:03 present+ Manoj_Kannembath 15:08:08 Christian_ has joined #wpwg 15:08:14 present+ Tom 15:08:26 gkok has joined #wpwg 15:08:44 present+ Gustavo_Kok 15:08:44 Agenda-> https://github.com/w3c/webpayments/wiki/Agenda-FTF2021 15:08:48 mweksler has joined #wpwg 15:09:34 Deepu_ has joined #wpwg 15:09:56 present+ Erhard_Brand 15:10:07 Present+ 15:10:28 present+ Michel_Weksler 15:11:22 -> https://www.w3.org/Consortium/Legal/2017/antitrust-guidance Antitrust guidance 15:11:43 present+ PayPal 15:12:14 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:12:55 present+ Eric_Alvarez 15:13:34 present+ Chris_Dee 15:14:14 q+ 15:14:22 ack 15:15:39 present+ Srini 15:15:54 present+ Manjush 15:16:45 present+ Chris_Wood 15:17:18 present+ Mike_Knowles 15:17:25 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:17:38 Topic: Context Setting for this meeting 15:18:34 [Adrian Hope-Bailie presents slides that will be available] 15:18:37 present+ Ulf_Leopold 15:21:49 present+ Srinivas_Anantam 15:23:54 mweksler_ has joined #wpwg 15:24:40 mweksle__ has joined #wpwg 15:25:17 present+ Jayasaleen_Shanmugam 15:26:44 mweksler__ has joined #wpwg 15:27:40 present+ Antoine_Catheli 15:27:44 present+ Antoine_Cathelin 15:27:46 present- Antoine_Catheli 15:28:20 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 15:28:57 mweksler___ has joined #wpwg 15:30:09 AdrianHB: Order of priority of capabilities (proposed): 15:30:12 - SPC 15:30:16 - Payment instrument selection 15:30:21 - Secure modal window 15:30:57 mweksler____ has joined #wpwg 15:34:31 q? 15:34:35 q- 15:36:12 AdrianHB: I think we will focus on the SPC piece at this meeting. 15:36:21 ...we have done a lot of work on it lately 15:37:00 ...might also spend some time (but more likely in the future) on instrument selection and modal window 15:38:12 q+ 15:38:39 ack Ian 15:38:47 Chris_Wood has joined #wpwg 15:40:30 NickTR: If we can deliver *Pay experience in the browser, that would be great. 15:40:43 Topic: Stripe Experiment Results 15:41:10 [Benjamin on Stripe Experiment] 15:41:37 -> http://www.w3.org/2021/Talks/spc-pilot-202103.pdf Slides from Benjamin 15:41:38 https://www.w3.org/2021/Talks/spc-pilot-202103.pdf 15:42:12 btidor: Will dive a bit deeper on UX and ideas for second pilot 15:42:32 mikehorne has joined #wpwg 15:43:07 btidor: Adrian mentioned instrument selection and authentication, and decoupling these 15:43:18 ...I think that makes sense and happens this way in the real world 15:43:40 ...e.g., you need card number to kick off 3DS 15:44:12 ...SPC intended to be compatible with all flows/systems but the pilot was focused on 3DS 15:44:46 ...several superpowers in SPC compared to WebAuthn alone: 15:44:57 * Browser binds payment details into cryptographic signature 15:45:13 * Any merchant can request a signature from the issuer's public key: cross-origin credential sharing 15:45:39 present+ Ryan_Regan 15:46:20 [Videos of the flows] 15:46:40 btidor: First you enroll your authenticator 15:46:58 ...there's a direct to the issuing bank 15:47:18 ...in the pilot instead of using an iframe we used a secure modal window (from a payment handler) 15:47:29 ...first party context in the secure modal window 15:47:36 s/a direct to/a redirect to/ 15:47:51 ...after successful ID & V (OTP) the user is prompted to enroll the authenticator 15:48:44 ...under the hood, standard webauthn exchange, but the issuing bank provides back to the browser card art and logo. The browser memorizes this and uses this for subsequent display of information. 15:48:52 ...so it's an enhanced Webauthn PaymentCredential 15:49:20 q+ 15:49:44 i don't want to interrupt the flow, but would be great to know if the enrollment has to happen once per merchant or per browser (hoping it is the latter) 15:50:40 q+ mweksler 15:50:51 Tomasz has joined #Wpwg 15:51:04 Q? 15:51:08 q+ 15:51:09 [Benjamin shows authentication flow] 15:51:10 q+ tomasz 15:52:07 @nicktr thanks! 15:52:17 btidor: Merchant can validate the assertion as well using public key from the issuing bank. The issuing bank can ALSO verify the assertion. The issuing bank doesn't need to trust the merchant. All the information in the signed data blob was presented and controlled by the browser 15:52:49 ack Deep 15:53:16 Deepu_: Regarding the 3DS enrollment flow. How does this differ from PH API? 15:53:36 btidor: We used the Payment Handler API. We used the modal to do the redirect. 15:54:01 ...we would like to discuss enrollment flow standardization (to eliminate service worker requirement) 15:54:11 ...we can discuss this as part of SPC or a separate work stream 15:54:53 ack mweksler 15:55:06 mweksler: would be great to know if the enrollment has to happen once per merchant or per browser (hoping it is the latter) 15:55:11 btidor: Latter 15:55:11 q+ 15:55:14 ack gk 15:55:48 gkok: I recall enrollment success was around 20%. Could that be affected by strings only in English? 15:56:05 btidor: Great question. Localization is important. 15:56:32 Tomasz: Did you work with any issuer or ACS? 15:56:46 btidor: We did not. (I am showing mockups) 15:58:03 q+ Sebastian to ask Is biometric FIDO required? Or can PIN-based FIDO authenticators be accepted too? 15:58:28 ack Tomasz 15:58:34 Tomasz: How will ACS know this is a regular Webauthn credential v. enhanced credential? 15:58:47 ...if the ACS has a credential id, how will it know which type of credential? 15:59:42 q+ 15:59:45 present+ Christina_Hulka 15:59:56 ack Gavin 16:00:14 Gavin: btidor mentioned a "secure modal window"...remind me what that is? 16:00:37 btidor: You get that window in the payment handler API. (And adrian hb mentioned it as a general architectural feature of interest) 16:00:39 q+ 16:01:33 (In short: you get the secure modal window as part of Payment Handler API) 16:01:48 q+ re: Secure modal window discussion 16:02:13 Gavin: what makes it "secure"? 16:02:29 Ian: Displayed URL is not phishable 16:02:59 ...that is, it's owned by the browser 16:03:04 NickTR: You'd have to break the browser 16:03:05 ack Seb 16:03:05 Sebastian, you wanted to ask Is biometric FIDO required? Or can PIN-based FIDO authenticators be accepted too? 16:03:14 Sebastien: Is biometric FIDO required? Or can PIN-based FIDO authenticators be accepted too? 16:03:41 btidor: For the pilot we limited ourselves to TouchID. But the anticipated scope is "any verifying platform authenticator". 16:03:56 ...this enables the browser to check silently if you have one, otherwise allow seamless fallback 16:04:29 q+ Srini to ask if would delegated authentication be supported with SPC? Meaning will SPC API be capable of sending out a 3DS FIDO blob to the merchant as an example? 16:04:56 Tomasz has joined #wpwg 16:05:42 btidor: Key behavior for browser: if you don't have an authenticator, need silent fail to allow for seamless fallback. 16:06:00 ChrisD has joined #wpwg 16:06:10 btidor:...regarding user presence check...some jurisdictions may require user presence check, but during this meeting we should also talk about flexibility to drop that requirement 16:06:34 Here is the GH discussion I was referring to while speaking about the need of more detailed specification of assertions: https://github.com/rsolomakhin/secure-payment-confirmation/issues/40. 16:06:48 Deepu_: Is the modal window the same used by the sheet? 16:08:16 Ian: Same real estate; different window under the hood 16:08:34 btidor: The window we show is launched by the service worker, which controls the whole flow 16:09:18 Deepu_: Goal is for this to work with all payment methods. 16:09:34 btidor: Agreed. 16:09:54 Deepu_: What was scope of pilot? 16:09:58 btidor: Global card payments 16:11:35 ian: We have a variety of payment methods represented at this meeting and want to hear requirements 16:11:36 q? 16:11:40 Nick: I also think Ideal would be good 16:11:42 ack Deep 16:11:47 ack SameerT 16:12:00 ack Scrini 16:12:11 Srini: Would delegated auth be supported with SPC? 16:12:42 btidor: It does not have to be the issuer who enrolls the credential. many parties could do so 16:12:57 ack srini 16:12:57 Srini, you wanted to ask if would delegated authentication be supported with SPC? Meaning will SPC API be capable of sending out a 3DS FIDO blob to the merchant as an example? 16:13:02 Manjush has joined #wpwg 16:13:02 q+ to ask what a payment flow has to have in order to be SPC? E.g. do you have to offer the WebAuthN authentication ahead of any fallback mechanism or could you do a risk-based authentication and fallback to WebAuthN via the Secure Modal only if RBA was not possible? 16:13:09 btidor: ...the assertion (webauthn + a little bit of data) should be drop-innable in a web Authentication context 16:13:28 nickTR: If I were to add to the shopping list, I would add delegated auth 16:13:59 q? 16:14:42 btidor: One really special thing about SPC..if the issuer is aware of SPC data, may strengthen use case for delegated authentication 16:15:41 q+ 16:16:22 ack me 16:16:22 Ian, you wanted to discuss Secure modal window discussion 16:16:23 ack Ian 16:17:06 Ian: Secure modal window today only in payment handlers; we've talked about it as something available outside payment handlers. Will be interesting to hear from group later about priority we have in mind (auth, selection, modal) and whether the industry agrees. 16:17:20 ack Chris 16:17:20 ChrisD, you wanted to ask what a payment flow has to have in order to be SPC? E.g. do you have to offer the WebAuthN authentication ahead of any fallback mechanism or could you do 16:17:23 ... a risk-based authentication and fallback to WebAuthN via the Secure Modal only if RBA was not possible? 16:18:52 ChrisD: I'd like to understand the scope of the brand "SPC" 16:19:11 ...for example, if you attempt a risk based authentication first, is that part of SPC? 16:19:15 ..or is SPC more specific? 16:19:19 q+ on scope of SPC 16:19:33 btidor: You can imagine running risk-based auth first, then SPC 16:19:55 ChrisD: So is scope of SPC WebAuthn, or is it not tightly coupled to WebAuthN? 16:20:28 btidor: I think the transaction confirmation window should be tightly coupled to SPC. 16:20:45 ...no identifying information should be given back to the merchant before the user hits "Verify" 16:21:03 ...I think we can increase flexibility about WebAuthn or not 16:21:12 AdrianHB: Tomorrow we will talk about lower-friction flows 16:21:22 +1 agree 16:21:38 AdrianHB: Agree with Benjamin that the core thing is the transaction confirmation window 16:22:23 [Ian: I think that we should not rule out low-friction as part of SPC] 16:22:56 [Benjamin returns to experimental results] 16:23:14 btidor: At a high level, SPC increased conversion and decreased authentication times. 16:23:21 ...today I'd like to talk about ideas for a second pilot 16:24:16 btidor: We want to experiment with traditional iframe compared to modal window. users are not familiar with Modal window and may be thrown off. 16:24:27 ...might have led to some people dropping out. 16:24:33 ...I do really like the secure modal window. 16:24:51 ...I like the secure origin in the title and think it addresses cross origin security policy issues 16:25:07 ...but we may want to look at iframe approach... 16:25:30 ...we'd like to try enrollment in iframe context 16:25:59 ...browser might have to give more context in an iframe world...telling the user what's happening (enrolling a context to a 3p) 16:26:05 q? 16:26:06 ...in a 1p context that context may not be required 16:26:26 btidor: So if you are invoking enrollment from iframe, we might want browser to provide context 16:26:47 ...that might involve another click, but it might be less of a departure from the UX people are familiar with (iframe) 16:27:13 btidor: Another thing we'd like to test is to include proper 3DS binding 16:27:34 ...users recognize today's flows and we want to see if we can replicate the UX people are familiar with 16:27:50 ...even though we changed the UX enough, users liked it..and that gives us confidence in the overall project 16:28:04 ..but we'd like to see if we can get the enrollment prompt to come from the issuer and be branding as usual 16:28:09 q+ extra clicks :-( 16:28:20 lol 16:28:35 q+ mweksler to ask about extra clicks 16:28:41 q- extra 16:28:42 btidor: I realize there are limits potentially to what we can do in the browser's trusted UX as far as logo location 16:28:47 q- clicks 16:28:55 q- :-( 16:29:13 btidor: Lots of people hit the cancel button on the transaction confirmation dialog. 16:29:26 sorry for the mess - thanks nick 16:29:43 btidor...one reason might be the time elapsed and difference in look and feel between the UX associated with enrollment and the authentication screen 16:29:49 q? 16:30:04 btidor: I think that an iframe enrollment is likely to look more like the authentication screen and that could help raise comfort levels 16:30:07 queue== 16:30:10 q+ Sameer, Ian 16:30:17 q+ weksler 16:31:36 ack SameerT 16:31:42 btidor: You can try this out yourself in Chrome (by flipping some chrome switches and using a demo page: https://rsolomakhin.github.io/pr/spc/ 16:31:51 ack Sameer 16:32:01 SameerT: +1 to discussion about iframe and secure modal window 16:32:22 sameerT: for future discussion traditionally iframe has been preferred over redirect because of how seamless it appears to the user and users are educated to not trust a URL they don't recognize (not visible in iframe), curious to see if secure modal window can address some of those concerns in collaboration with EMV 3DSWG 16:32:25 ack me 16:32:30 ack wk 16:32:33 ack wek 16:32:41 mweksler: I was reacting to the "more clicks" proposal 16:33:25 mweksler: It should also be possible to do enrollment outside payment flow 16:33:26 q+ 16:34:18 mweksler: Regarding authentication, I would not be too concerned about the existing UI 16:34:24 ...better UI is better 16:34:38 ...I would encourage us to not be too hung up on what currently exists. 16:34:42 q? 16:34:54 ack SameerT 16:35:14 SameerT: We don't want merchant to wait for enrollment in order to get paid. 16:36:13 btidor: +1 to getting rid of extra click if we can; perhaps there are other ways 16:36:36 ...in my mind, whitelisting flows from 3DS could be useful: remember this merchant and don't ask me a second time 16:36:43 mweksler: +1 16:37:34 nicktr: PSD2 has "trusted beneficiary" concept. In some auth flows, you can check box to say "You don't have to do a step up in the future with this merchant." 16:37:59 IJ: What would that change in the SPC UX? 16:39:14 q+ 16:39:16 btidor: Enrollment is provided by a separate screen. The issuer can say "While you are waiting for your text message, do you want to set up biometric authentication?" Having one screen might be the fasted way 16:39:18 q? 16:39:39 Tomasz: User says to issuer "This is a trusted merchant" 16:40:03 ...next 3DS flow can involve silent flow and no SPC flow 16:40:13 q? 16:40:17 ack James 16:40:24 Gerhard_ has joined #wpwg 16:40:41 James: As a consumer, I'd give a big +1 to being able to enroll out of band at the bank site. 16:40:58 ...banks say "we will never ask for your password" 16:41:35 ChristianA has joined #wpwg 16:41:56 q+ to suggest we shouldn't solve the "distribution" problem. We can provide tools to help but that's all 16:42:44 Potential topic for exploration - Modular use of SPC so that ACS/Issuer could use part of the solution after their risk assessment or with credentials enrolled with the acs/issuer outside of 3DS 16:42:54 zakim, close the queue 16:42:54 ok, nicktr, the speaker queue is closed 16:42:58 q? 16:43:06 +1 to SameerT 16:43:14 q+ 16:43:28 btidor: I think that if a user uses 3DS a lot, they will be more familiar with the flow 16:43:59 ...a cool thing with SPC is that a bank can "upgrade" an enrolled WebAuthn credential (by adding payment info) and then those can be used in an SPC contxt 16:44:36 AdrianHB: We should not solve distribution problem. 16:45:11 ...how an RP does "upgrade" should be solved by stakeholders 16:45:22 https://github.com/w3c/webpayments/wiki/Agenda-FTF2021#tracking-requirements 16:45:59 +1 16:46:12 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 16:46:13 q? 16:46:15 ack Ad 16:46:15 AdrianHB, you wanted to suggest we shouldn't solve the "distribution" problem. We can provide tools to help but that's all 16:46:19 zakim, open the queu 16:46:19 I don't understand 'open the queu', Ian 16:46:20 zakim, open the queue 16:46:20 ok, Ian, the speaker queue is open 16:46:28 Topic: 3DS Risk Assessment requirements 16:47:25 Sameer: We talked with the WPSIG about risk assessment in 3DS in light of changes to the browser around privacy 16:48:03 ...today risk assessment leverages three sources of data: browser + user + transaction 16:48:08 ...risk assessment is not black and white 16:49:06 ...we want to create a requirements document (in collaboration with W3C) to figure out how meet risk assessment needs in light of browser changes 16:49:45 ...the problem we want to solve: Is this the same device the user used with this card previously? 16:50:05 ...in native platforms we have solutions with device identifiers 16:51:02 ...For the Web, there have been two moments of collecting data: (1) 3DS Method URL ...javascript (2) AReq 16:51:27 q+ to frame this question a bit more 16:51:46 Sameer: Today issuer is relying on a broad set of parameters 16:52:05 ...this is an evolving set of data 16:52:17 ...privacy controls are likely to lead to more step-ups 16:52:48 ...there are no unique identifiers defined for transaction risk assessment 16:52:56 ...cookies will no longer be a viable approach 16:53:16 ...there is a lack of hardware based identifiers that could be derived from browsers for use in Risk Assessment 16:53:53 SameerT: Device recognition is and will remain a critical need for Transaction Risk Assessment in CNP transactions. 16:54:15 ...we want to find a why to identify a browser in a unique, privacy aligned manner to be used exclusively for TRA in a payment context 16:54:29 ack me 16:54:29 Ian, you wanted to frame this question a bit more 16:54:42 scribenick: nicktr 16:55:23 ian: the important question is "what amount of friction is small enough? " 16:55:48 scribenick: Ian 16:56:02 Sameer: We have some solution goals in mind 16:56:16 ....new identifiers, potentially only usable in a payments context 16:56:24 ....in alignment with privacy goals 16:56:41 ...solution does not interrupt ux during payments flow 16:56:47 ...we have some solution requirements as well: 16:56:54 * Uniqueness per browser instance 16:57:06 * generated and protected by browser core libraries and generated through Native API calls 16:57:10 * resettable 16:57:12 note: Tomorrow we hope to present an approach that should address this. Would really appreciate expanding on this with you ensure we can address these needs. 16:57:23 sameer: continuing: 16:57:36 * user enrollment/consent takes place outside of payments context and does not interrupt payment flow 16:57:45 Sameer: The ideal solution will not: 16:57:52 * Allow tracking outside of payments context 16:57:55 * Enable super-cookies 16:57:56 q? 16:58:02 Sameer: * Create more friction than what we have today 16:58:16 request: Sameer, can you please share this document. 16:58:33 q+ 16:59:07 @gerhard - we will soon 16:59:32 ack 16:59:36 q? 16:59:39 ack btidor 16:59:55 btidor: What does frictionless mean...literally zero clicks? 17:00:01 sameer: Not really 17:00:16 ...the user should not see a prompt every transaction, but could be prompted the first time 17:00:23 ...and agree to no friction moving forward 17:01:28 -> https://github.com/w3c/wpsig/blob/gh-pages/3ds-reqs.md Future doc on EMV® 3-D Secure Requirements for Risk Assessment 17:01:52 I have made the request to generate https://www.w3.org/2021/03/29-wpwg-minutes.html Ian 22:28:02 stpeter has joined #wpwg