13:56:43 <RRSAgent> RRSAgent has joined #wpwg
13:56:43 <RRSAgent> logging to https://www.w3.org/2021/08/05-wpwg-irc
13:56:49 <Ian> Meeting: Web Payments Working Group
13:57:03 <Ian> Chair: Adrian
13:57:05 <Ian> Scribe: Ian
13:57:20 <Ian> Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20210805
13:57:45 <Ian> present+
13:57:50 <Ian> present+ Rouslan_Solomakhin
14:00:24 <Ian> present+ Anne_Pouillard
14:00:43 <Anne> Anne has joined #wpwg
14:01:07 <Ian> present+ Gavin_Shenker
14:01:10 <Ian> present+ Susan_Pandy
14:01:14 <Ian> present+ Rolf_Lindemann
14:01:28 <Gavin> Gavin has joined #WPWG
14:01:31 <RRSAgent> I have made the request to generate https://www.w3.org/2021/08/05-wpwg-minutes.html Ian
14:01:42 <Rolf> Rolf has joined #wpwg
14:02:01 <Ian> present+ Manish_Garg
14:02:05 <Ian> present+ John_Fontana
14:02:33 <Ian> regrets+ Nick_Telford-Reed
14:02:38 <Ian> present+ Werner_Bruinings
14:02:51 <Ian> Topic: Charter
14:03:00 <Ian> -> https://www.w3.org/Payments/WG/charter-2021.html Draft charter
14:03:12 <Ian> present+ Jean-Luc_Di-Manno
14:03:15 <werner> werner has joined #wpwg
14:03:17 <Ian> present+ Gerhard
14:03:38 <Ian> present+ Fawad
14:04:11 <JeanLuc> JeanLuc has joined #wpwg
14:06:54 <tm> tm has joined #wpwg
14:06:59 <clinton> clinton has joined #wpwg
14:08:13 <benoit> present+
14:08:19 <Ian> present+ Clinton_Allen
14:08:32 <Ian> present+ Tom
14:08:58 <Fawad> Fawad has joined #wpwg
14:09:17 <Ian> present+ Adrian_Hope-Bailie
14:09:34 <Ian> Rolf: Is SPC covered?
14:09:36 <Ian> Ian: Yes
14:13:20 <Ian> (We review scope, deliverables)
14:13:44 <Ian> John: Are we going to have 2 browser implementations
14:16:43 <clinton> q+
14:16:51 <Ian> ack clinton
14:19:19 <Ian> Topic: TPAC meeting
14:19:28 <Ian> https://www.w3.org/wiki/TPAC/2021
14:20:05 <Ian> https://www.w3.org/2020/10/TPAC/public-breakouts.html
14:20:17 <Ian> https://www.w3.org/2020/10/TPAC/breakout-schedule.html
14:21:04 <Ian> PROPOSED: WPWG meeting 25-28 October 2021
14:22:31 <Ian> Ian: I expect 7-9am each day
14:22:44 <Ian> (Pacific)
14:22:55 <Ian> Ian: We'll finalize this in 2 weeks
14:23:17 <Ian> Topic: SPC
14:23:36 <Ian> Ian: CfC Expected 9 August
14:24:47 <AdrianHB_> AdrianHB_ has joined #wpwg
14:25:19 <Ian> IJ: Question about UX when no matching credential id (as opposed to no UX when returning null).
14:26:26 <Ian> Rouslan: Current plan is an information dialog that will have iconography that pertains to payments
14:26:38 <Ian> ...will let the user know that the merchant is going to try to authenticate the payment in some other way
14:26:47 <Ian> ...it's an info message, not an error message
14:27:38 <Ian> ..if the user does not want to share identity from the standpoint of the web site, we want to make it not distinguishable between "has no credentials" and "doesn't want to share credentials"
14:28:16 <Ian> ...in WebAuthn today, if somebody requests to authenticate and the user doesn't have the credential on the device, the error returned is very generic
14:28:51 <Ian> ...if the user does have credential on file but user cancels prompt, then the error message is the same as if they didn't have credential
14:29:54 <Ian> Ian: What does the spec say about this?
14:30:06 <Ian> Rouslan: Silent today, but would be added.
14:30:25 <Ian> Rolf: I'm not sure this is a good solution for users.
14:30:47 <Ian> ...I don't have a better solution right now...but I think we may need more work here.
14:31:10 <Ian> ...in an ideal world, the user would not see the interstitial prompt, but rather an alternative prompt to SPC. The issue is how to do that in a privacy protecting way
14:31:58 <Ian> Ian: I think we used to have a fallback URL alternative.
14:32:10 <Ian> Rolf: That may not work if the UX is "fast" and disappears quickly.
14:32:42 <Ian> ...what if there's a fallback screen to go with an alternative payment method (if there is one)
14:32:56 <Ian> AdrianHB: A problem is that the user has already chosen an instrument.
14:33:18 <Ian> ...I think that SPC's initial usage will be with 3DS ...so the user is planning to pay with a known instrument.
14:33:37 <Ian> ...what we want is a way for the browser to prompt the user for a different authentication
14:34:06 <Ian> ...I'm not sure "fallback" is the right solution (and at least not fall back to an alternative payment method)
14:34:23 <Ian> Rolf: In EU, many payment methods send me to a payment app (and previously did OTP)
14:34:46 <Ian> ...SPC should be more convenient, but if it doesn't work, essentially the system wants to fall back to these other methods (app, OTP)
14:35:07 <Ian> ...if I could input the OTP via browser dialog instead of loading web page, maybe that could be the solution.
14:37:25 <Ian> Ian: Remind me what was problem with fallback URL?
14:38:05 <Ian> Rouslan: I think a timing attack on fallbackURL was an issue (so we removed it)
14:39:30 <Ian> ACTION: Ian to raise an issue about UX in case of no matching credential
14:39:52 <Ian> Topic: Payment Request API
14:40:03 <Ian> https://github.com/w3c/payment-request/wiki/REC_2020_Plan
14:41:58 <Ian> Topic: Next Meeting
14:42:04 <Ian> 19 August
14:42:38 <Ian> RRSAGENT, make minutes
14:42:38 <RRSAgent> I have made the request to generate https://www.w3.org/2021/08/05-wpwg-minutes.html Ian
14:42:43 <Ian> RRSAGENT, set logs public
14:44:06 <Ian> zakim, bye
14:44:06 <Zakim> leaving.  As of this point the attendees have been Ian, Rouslan_Solomakhin, Anne_Pouillard, Gavin_Shenker, Susan_Pandy, Rolf_Lindemann, Manish_Garg, John_Fontana, Werner_Bruinings,
14:44:06 <Zakim> Zakim has left #wpwg
14:44:09 <Ian> rrsagent, bye
14:44:09 <RRSAgent> I see 1 open action item saved in https://www.w3.org/2021/08/05-wpwg-actions.rdf :
14:44:09 <RRSAgent> ACTION: Ian to raise an issue about UX in case of no matching credential [1]
14:44:09 <RRSAgent>   recorded in https://www.w3.org/2021/08/05-wpwg-irc#T14-39-30
14:44:09 <Zakim> ... Jean-Luc_Di-Manno, Gerhard, Fawad, benoit, Clinton_Allen, Tom, Adrian_Hope-Bailie