W3C

SPC Task Force

20 September 2021

Attendees

Present
Chris Wood, Christian Aabye (Visa), Doug Fisher (Visa), Gerhard Oosthuizen (Entersekt), Ian Jacobs (W3C), John Bradley (Yubico), Rouslan Solomakhin (Google), Sameer Tare (Mastercard), Werner Bruinings (American Express)
Regrets
-
Chair
Ian
Scribe
Ian

Meeting minutes

Issue 129: Require AuthenticatorSelection's residentKey for registration

ian: Sounds like a matter for the editors; let's move on.

Issue 130

https://github.com/w3c/secure-payment-confirmation/issues/130

rouslan: Ian, feel free to make your minor editorial tweaks that you suggested, and then close 130

Internationalization

Localizing displayName (and anything else related to issue 93)

https://github.com/w3c/secure-payment-confirmation/issues/93#issuecomment-916356158

rsolomakhan: Does Unicode info suffice?

Ian: No.

john_Bradley: We are having the same conversation in the Web Authentication WG
… our compromise was to prepend strings with encoded lang and script direction...but this is not ideal since some info may be truncated.
… but separate metadata probably preferred

rsolomakhin: The WebAuthn approach sounds like a work-around.

John: Yes.

rsolomakhin: I think displayName is only one.

Gerhard: I can see how it might be an issue in web authentication where info goes to the OS
… can you leverage HTML context.

John_Bradley: But this isn't HTML.
… sounds ugly to look at surrounding HTML context.

Doug_Fisher: On 3DS side we have this covered ... people can use the HTML interface for complex cases.
… our assumption for v1 is that the browser doesn't need to know since we are passing strings that the user (agenda) expects
… if we COULD add metadata for the browser that would be an improvement.

https://github.com/w3c/string-meta/issues/26

John_Bradley: We're at the moment for the prototype assuming SPC modal is displayed by browser, but that may not always be how it works.
… depending on the platform, info on directionality may be need to be passed down and relying on inferences from the browser context may not be sufficient.
… I feel like being more explicit up front will reduce chances of error

Accessibility

Issue 127: Accessible icon information

https://github.com/w3c/secure-payment-confirmation/issues/127

rsolomakhin: Card art in our implementation is currently considered "decoration"

Ian: I think it's more than decoration.

Doug: If the ACS is providing card art in the form of a URL, how would we provide alt?

Ian: Input params could include all text, for example.

Rouslan: I might think of doing this as an image tag

Ian: I plan to augment the requirements to make sure that icon accessibility is mentioned.

next meeting

27 Sep

Minutes manually created (not a transcript), formatted by scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).