Meeting minutes
Upcoming meetings
Nick: Just wanted to be sure everyone had seen that.
TPAC agenda
See the WPWG agenda in development and TPAC home page
Ian: Any other suggestions for the agenda?
Nick: FTF is great opportunity to make progress on some topics.
… if you think of anything, please let the chairs know
Nick: Registration will open later this month.
… of those present today, say +1 if you plan to go
Nick, praveena, Ian: +1
<nicktr> +1
<smcgruer_[EST]> +1
<Gerhard> Entersekt +2
Action item review
Review of 26 May actions
Ian: David, any interesting digital identity initiatives in Canada?
David: I am talking to some people at payments canada next week
Experimental opt-out feature
https://
Stephen: We have added the very experimental support for an opt-out flow; PURELY AN EXPERIMENT
… will run from M104-M106 (e.g., through October)
… want to see if this helps resolve the opt-out issue; we welcome input from people.
… e.g., can we reduce the amount of text? We also want to avoid user confusion.
Jean: We are looking at this within Stripe; review is ongoing
Issue 12
See Chrome Team proposed opt-out feature for SPC
https://
PROPOSE: Make issue 12 an "after v1" issue
Erhard: +1
<praveenas> +1
<clinton2> +1
<smcgruer_[EST]> +1
<nicktr> +1
Ian: +1
<Anne> +1
<JM_Girard> +1
ACTION: Ian to mark issue 12 as "after-v1"
david: +1
SPC to CR
<nicktr> examining spec against requirements
Ian: One potential feature at risk (for example): opt-out feature...if we decide we don't need it.
nicktr: "secure-payment-confirmation" is not short. What do you think about "spc" as a short code?
… as an alternative?
[wide review]
New issue 194
https://
smcgruer_[EST]: This is close to editorial. In the implementation we do checking on data.
… payment request does not enable this; technically we need to fix that in PR API
Ian: What are dependencies? e.g., prevent us from entering CR?
smcgruer_[EST]: The implication is that the implementation is not quite to-spec
[Issue 191]
https://
smcgruer_[EST]: I would argue this falls into the same bucket as "is this the right API shape" discussion, which is already after-v1
Todos:
* Heard back on opt-out experimental feature
* Resolve a couple of issues
* Document implementation plan
Proposed timeline if we get those things done:
18 August: WPWG call to discuss going to CR
18 August: Start Call for Consensus until 5 September
12 September: WPWG meeting starts at TPAC
Post-TPAC: Request to advance to CR
<JeanLuc> Why #29 is tagged 'after v1' as it is already published in EMV 3DS 2.3?
<Gerhard> question: when do we anticipate to have SPC available in Chrome for Android :-)
<Gerhard> Correct. But SPC does not play a role there.
<cferro> +1 to close
Gerhard: For me, "frictionless" means getting an assertion without proof of possession element requiring a user gesture
… large proportion of the world does not have a biometric sensor
Gerhard: SPC integration into 3DS does not preclude frictionless flow
[We will close 29]
<nicktr> +1
SPC for Chrome in Android?
smcgruer_[EST]: No promises but hope late Q3
… maybe I'll be able to do a demo at TPAC
Gerhard: More support makes more interest for us to pitch SPC adoption
More Issue 172 discussion
smcgruer_[EST]: On the opt-out, we've said for a while we will hear back.
JeanLuc: I have a question -the opt out proposal does not currently require authentication first.
… is that a problem?
smcgruer_[EST]: That's a great question. We have discussed that during the course of issue 172.
… in our proposal, it's up to the RP and handling web site to authenticate the user (as needed)
… our assumption is that the RP will do some post-authentication before doing the actual opt-out
… if this turns out to be something we need to invest in further, then browser-driven auth is something to consider
JeanLuc: So the idea is the RP can use the opt-out mechanism to redirect the user to the RP and the RP can decide whether to authenticate the user before doing opt-out?
JeanCarlo: What we would be likely to do is that if the user goes through 3DS step up, then the credentials would be deleted after confirmation of the user idnetity
<Zakim> smcgruer_[EST], you wanted to return to Ian's previous comment on opt-out (after this discussion)
smcgruer_[EST]: I heard from Ian that we proceed towards the plan and have a rough deadline of the middle of August to include opt-out or not.
Ian: Since not in the spec, should not prevent us from going to CR. BUT I would want to raise implementer awareness at CR. And ideally close 172 before going to CR.
… we could mark it as "at risk"
<Gerhard> +1 for spec post v1.
+1 for marking 172 as after-v1 if we learn later we need additional text in the spec
<nicktr> +1
PROPOSAL for issue 172:
a) Continue to experiment
b) If we learn some spec text is needed, consider that after-v1
<nicktr> +1
Next Meeting
7 July