[Praveena and Gerhard]
New Privacy and Payments resources
Privacy and Payments
smcgruer_[EST]: We have documented how privacy changes might impact changes on the Web.
… a lot on 3p cookie decprecation, but also about the general question of privacy.
… we have three sections:
Things that will break
smcgruer_[EST]: I invite people to help flesh these out and to let us know about things that are important to you and that, in particular, you think will break
Ian: What can we do?
smcgruer_[EST]: Would appreciate individuals reading these and letting us know their thoughts.
… welcome pull requests
nicktr: What other consultations are going on between browsers and payments industry?
smcgruer_[EST]: As Chrome, our main forum is WPWG / WPSIG
… we do have other partnerships via other parts of Google
… this is the main forum.
nick: We should let various groups outside and within W3C about this.
… e.g., MAG, Conexxus, etc.
Ian: In W3C: PING, WPSIG
ACTION: NickTR to work with co-CHairs and Team Contact to socialize these resources
Gerhard: Let's walk through some of this during our sessions.
… the pages are focused on "the rails"
… if you look at how open banking and FAPI works, payments are initiated in a different way
… the surprises will happen around where and how you get customer consent, rather than how the money is moved
… might be useful to build out the authentication / consent mechanisms in the different scenarios
… what might be useful is that we may find we know will be problems.
… e.g., we know that the method URL in an iframe will create this or that problem.
nicktr: what is slightly reassuring is that Stephen has already mentioned behaviors that have already changed (e.g., cookie behavior in some browsers)
nicktr: Also would be interesting to hear issues in non-card space
<Zakim> smcgruer_[EST], you wanted to comment on that
smcgruer_[EST]: Agree world didn't end when Safari and Mozilla changed cookie behaviors, so that's mildly reassuring. But I think there are some things that will break that are of concern.
… beyond 3p cookie changes, there's a broader question about the future direction.
smcgruer_[EST]: We also have to take a look at future payment models that are privacy protecting
Manish: 3p cookies IMO are less of an issue for open banking
… due to the model
Ian: I think it would be interesting to do some vision work, although I find in practice that what gains traction may not always align with our higher level thinking
NickTR: In open banking, 3p cookies are often used for hints (e.g., user's preferred bank)
… once in a 1p context, I agree that 3p cookies are less relevant
smcgruer_[EST]: +1 to nick. One concrete thing I heard is that due to choice of banks, 3p cookie often used for keeping track of user pref
nicktr: Payment handlers were designed to allow explicit consent
Anti-Fraud CG has started
Ian: Any volunteers to read them?
<nicktr> I'm going to read them
Nick: I will
<Gerhard> +1 to attempt to read them
Payment Request and PMI Next Steps
Ian: what's coming up:
- Decision regarding changes to the spec
- Call for consensus
- Transition request
Ian: Stay tuned!
… please ask your AC rep to review the charter
… before 18 Dec
Year in review and upcoming priorities
nicktr: We are keen to understand where you want us to go
… I listed my view of what I've heard in the agenda
Getting Payment Request and Payment Method Manifest over the line as a recommendation.
Further experimentation and development of Secure Payment Confirmation
Privacy considerations based on browser changes; impact on risk assessment and "returning user" use case
Solving the payment handler conundrum
[Nick reviews the four things in his list]
Nick: What's missing for you from this list?
Nick: Other good questions for the group:
- Driving adoption
Nick: How do we get more non-card experimentation?
Nick: What do we want to see in terms of PR API next features?
Ian: Let's talk about SPC adoption.
<nicktr> ian: please go and have a look at the SPC issues
next meeting 20 January 2022
Nick: I will take an action item to work with the official w3c calendar
ACTION: Nick to look into using W3C calendar in the WPWG
Nick: Thanks everyone for another awesome year!
… we'll look at more privacy discussion at the 20 Jan call