Meeting minutes
SPC horizontal reviews
<AdrianHB_> https://
<Gerhard> Hi Ian :-)
<AdrianHB_> ian: we sent out requests for horizontal review of SPC
<AdrianHB_> ... have started getting feedback
<AdrianHB_> ... first response was from accessibility which said: "No need to review"
<AdrianHB_> ... I18n had some feedback
<AdrianHB_> ... there are strings passed in that are displayed by the browser
<AdrianHB_> ... these need to have direction, etc. properties added to support i18n
<AdrianHB_> ... I've filled out the self-review questionaire and have pinged Chrome team to look into it
<AdrianHB_> ... this is a general issue and Marcos C is working on a general solution for WebIDL (see "Localizable")
<AdrianHB_> ... no show stoppers so far from i18n
<AdrianHB_> ... next piece of feedback was from the TAG
<AdrianHB_> ... I joined their discussion this week about SPC
<AdrianHB_> ... I provided a lot of background and context
<AdrianHB_> ... TAG appear to be supportive
<AdrianHB_> ... privacy and security still to come
<AdrianHB_> ... privacy review has an assignee so we expect to get feedback
<AdrianHB_> ian: an observation on horiz review - its always useful to have other groups join our f2f meetings to discuss horiz review topics
<AdrianHB_> ... we have some time scheduled with WebAuthn during TPAC f2f
<AdrianHB_> ... privacy team keen to meet but time tbd
https://
<AdrianHB_> ... tld:dr SPC is chugging along nicely
Remote meeting agenda
scribnick: Ian
AdrianHB: It's good to get people to take ownership of topics
Gerhard: Topics of interest - secure remote commerce (SRC)
<AdrianHB_> +1
Action: Ian to reach out to SRC folks to see if they want a slot at the agenda
Gerhard: There's another topic of interest - thoughts on future of payments extension
AdrianHB: From my side, I wouldn't mind an update on SPC deployment; how to use the APIs
IJ: Would a 3DS + SPC discussion in WG be useful? (Already happening in WPSIG)
AdrianHB: +1
========
IJ: What would you like to get out of this meeting?
AdrianHB: It would be good to have some representation from more browser vendors
Action: Ian to reach out to Mozilla, Microsoft, Apple to encourage their participation in the meeting.
Action: Ian to also reach out to Samsung! :)
Action: Ian to reach out to Brave as well
Ian: Any privacy changes to discuss?
<nicktr> this is a good blog on the subject from chrome
Rouslan: We found the requirements documentation for SPC very useful.
… we'd like to know which payment flows will break when 3p cookies go away
clinton: In the SPC spec there are some statements about the diffs between Web Authn and SPC
… does WebAuthn have to change anything, or is SPC a layer?
Rouslan: It's a layer on top. No changes to WebAuthn are needed. We'd like the layer to be as thin as possible, and we'd even like to push some of the SPC features into WebAuthn generally. (E.g., cross-origin registration)
Clinton: We have a long term agenda item of SPC with SRC
… cross-origin stuff is interesting for SRC
IJ: Are there use cases for capturing consent on more than payee and amount (e.g., token params)? Worth thinking about.
Clinton: SRC doesn't need payment credential tied to other credential. It could be normal WebAuthn. But the consistent UX is interesting
… I think there are opportunities like:
* Consent to store cookie for future recognition
* Consent to store identity in cloud
… probably some additional use cases for merchant capturing consent.
Clinton: What's the story with conditional UX?
Rouslan: Conditional UI is planned for WebAuthn; we hope to use it with SPC
Ian: Let's hear more about that at the october meeting
John: We are still early into Level 3...we are in tune to what you are doing here
IJ: I think there's a blog post to do about how to get scale ideally and what deployments we will see in the meantime
next meeting
30 September