SPC Task Force

26 July 2021


Adrian Hope-Bailie (Coil), Anne Pouillard (Worldline), Bastien Latge (EMVCo), Christian Aabye (Visa), Clinton Allen (American Express), Doug Fisher (Visa), Gerhard Oosthuizen (Entersekt), Ian Jacobs (W3C), Jonathan Grossar (Mastercard), Praveena Subrahmany (Airbnb), Rouslan Solomakhin (Google), Sameer Tare (Mastercard), Susan Pandy (Discover), Werner Bruinings (American Express)
Stephen McGruer

Meeting minutes

Preparing for FPWD for SPC API



Ian: Can we start CfC on 5 August?

<Zakim> rouslan, you wanted to ask whether the major point of FPWD is the patent exclusion or something else?

Ian: I think the main reason to go to FPWD is to say "The wg plans to make this a rec (in the future)." Important industry statement.

Ian: Does FPWD hinder us from making changes?

Rouslan: No
… we like the living specification model (e.g., HTML5)

<Zakim> AdrianHB, you wanted to ask about timing

AdrianHB: My fear is that if stuff ships and people are implementing against it (irrespective of specs), browsers will be reluctant to change.
… if people are implementing against what you put out in first iteration, it's very hard to make breaking changes
… so my question -- is there a deadline for suggested changes? How soon would you like people to suggest changes to the spec so that it can be incorporated into chrome?

rouslan: Pull request this week or next week might make it into the first version we ship
… the timeline is quite tight at this point
… I do understand the concern about shipping things and those features being "burnt into the net"
… that's the point of the origin process (we've been in trial for nearly a year on and off)
… we are making spec changes and API changes based on both partner feedback and webAuthn team within Google
… so we've been moving the API closer to WebAuthn
… I don't think we should be too concerned about the inability to remove things from the Web...we have processes for deprecation
… relies on good feature detection and availability of new improved approach
… when users of old API drop below .002% of all page loads (approximately) we can remove the API from the Web
… I envision that SPC will be a good signal to the ecosystem to start using it...and we'll get more feedback from those users
… and we'll add new features and try to prevent old features from breaking
… is chrome 93 we are switching lots of things that are breaking changes, which is ok in origin trial

<Zakim> AdrianHB, you wanted to ask about feature detection for SPC

<AdrianHB> https://github.com/w3c/secure-payment-confirmation/issues/81

AdrianHB: The one thing it would be great to fix before shipping is feature detection
… it's not great right now
… I'm happy to help with this if that's a priority

rouslan: +1

<Zakim> Ian, you wanted to talk about living standard

<Zakim> rouslan, you wanted to say that updated feature detection is planned for after first ship date

rouslan: Regarding feature detection; I think our plan is to ship without stronger feature detection and to improve it in subsequent implementation

SPC issues review



Ian: Any more views on 84?:

<Zakim> rouslan, you wanted to talk about the enrollment UI

rouslan: I think a majority of the Google team is leaning to "no special enrollment UI"
… to align more with WebAuthn
… the reasons for enrollment UI were 2 originally: (1) icon/display information was required at enrollment, but that's no longer necessary

(2) privacy team had originally suggested that in order to do enrollment in a cross-origin iframe needed special UI
… however, more internal discussions suggest that the enrollment UI is probably not required for privacy

Ian: Do you think 3p enrollment will be more generally acceptable to WebAuthn?

rouslan: Don't know yet

Next call

2 August

Minutes manually created (not a transcript), formatted by scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).