Meeting minutes
SPC task force scheduling
Proposed: Move SPC task force discussions to the Thursday WPWG cal
<smcgruer_[EST]> +1
+1
John: +1
SteveC: +1
(No objections)
ACTION: Ian to announce to WG that SPC discussions will move to main meeting.
… and to end the Monday meeting series.
[Anne said +1 to this]
Issue triage and prioritization
* Experiment feedback
* Issue management
* Horizontal review
* Test suite (later)
* Implementation stability
Stephen: We've already done v1 from our perspective.
… we think it's stable, but we are planning to make a breaking change (RPID)
Ian: Any other breaking changes envisioned?
Stephen: Not that I'm aware of.
Stephen: Here's what we are thinking about:
1) Experimental feedback. We hope to have something from Adyen/Airbnb. We've heard from Stripe that they are depending on the opt-out.
2) For issue management, I think that our biggest concerns from Chrome perspective are (1) opt-out and (2) web authentication integration
… until we have those, I don't think we can consider SPC a v1 API ready to advance
3) Regarding test suite; WPT has pretty good coverage for that which we consider testable.
… we could imagine a manual test suite as well
Ian: what does "web auth integration" mean here?
Stephen: Want to get rid of in-browser cache and get to something that has cross browser and synched support.
… we have two unmet dependencies today on the platform.
<smcgruer_[EST]> https://
<smcgruer_[EST]> https://
Ian: Any other pieces that are critical to resolve?
John_Bradley: I agree that the most critical thing to resolve is what we are asking WebAuthn/CTAP to store
Ian: Is there an active thread in CTAP?
John: No. The threads in the WebAuthn WG are mostly going to come down to "we need a clear request from the Web Payments WG."
smcgruer_[EST]: My takeaway was that WebAuthn folks said "not our problem; figure out CTAP and then come back to us."
… we have not yet figured out how to get progress in CTAP
John: Google and CABLE will need CTAP support in addition to others
https://
John: This looks like it's come down to a single bit for "cross-origin" and all WebAuthn credentials can be used for payments.
… in a 1p context
Stephen: An RP can use subdomains to control usage
(Ian notes that is captured in the write-up; whew.)
John: We are working on multi-device passkey stuff, and flags to indicate whether a credential is multi-device.
… this could potentially fit into that work
… the flags are defined in WebAuthn and implemented in CTAP.
Ian: Should we add to issue WebAuthn 1695?
John: We have one extra bit
smcgruer_[EST]: Are you asking for us to post our summary (157) into 1667?
John: +1
ACTION: Stephen to point out our "proposal" on WebAuthn issue 1667
Next meeting
3 March WPWG call
… no further monday meetings until further notice
ACTION: Ian to work with Stephen on triaging issues list for WPWG consideration