14:55:11 <RRSAgent> RRSAgent has joined #wpwg
14:55:16 <RRSAgent> logging to https://www.w3.org/2023/11/09-wpwg-irc
14:55:16 <Zakim> Zakim has joined #wpwg
14:55:21 <Ian> Meeting: Web Payments Working Group
14:55:26 <Ian> Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20231109
14:55:28 <Ian> Chair: Ian
14:55:30 <Ian> Scribe: Ian
14:55:33 <Ian> Regrets+ NickTR
14:55:36 <Ian> present+
14:58:48 <tomasz> tomasz has joined #wpwg
14:59:33 <Ian> present+ Tomasz_Blachowicz
14:59:36 <Ian> present+ Anne_Pouillard
14:59:45 <Ian> present+ Jeff_Owenson
15:00:33 <Ian> present+ Yannick_Seveant(FIME)
15:00:35 <clinton> clinton has joined #wpwg
15:01:00 <Anne> Anne has joined #wpwg
15:01:41 <Ian> present+ Ryan_Watkins
15:01:49 <Ian> present+ Clinton_Allen
15:01:54 <Ian> present+ Steve_Cole
15:02:18 <Ian> present+ Fahad_Saleem
15:02:26 <Ian> present+ Stephen_McGruer
15:02:52 <Ian> Topic: SPC Prioritization
15:03:09 <Ian> present+ Arman_Aygen
15:03:24 <Fahad> Fahad has joined #wpwg
15:03:40 <Ian> -> http://www.w3.org/2023/11/worldline-spc-priority.pdf Worldline reply to outreach
15:04:02 <Ian> -> https://docs.google.com/spreadsheets/d/1VevF32NcbT7rxK3Bq1M97Ibzhm124Y7SUAFHM-uWC64/edit#gid=0 Spreadsheet
15:04:29 <Steve_C> Steve_C has joined #wpwg
15:04:41 <Bastien> Bastien has joined #WPWG
15:04:44 <Ian> present+ Bastien_Latge
15:04:59 <Ian> (Anne presents the Worldline feedback)
15:05:21 <Ian> Anne: The main requests relate to 3DS.
15:05:34 <Ian> ...Issuer and network iconography are required in the ACS UI
15:05:39 <Ian> present+ Doug_Fisher
15:05:51 <Ian> present+ Sami_Tikkala
15:05:58 <Ian> Anne: Recurring payments are important to us
15:06:16 <Ian> ...non-payment use cases are also important.
15:06:55 <Ian> ...but the most important request relates to receiving an attestation (relates to PSD2); we have to differentiate devices and understand their capabilities.
15:07:16 <Ian> ...it's also very important that we see interoperability (e.g., Webkit implementation)
15:07:27 <Ian> Anne: Also, the authenticator dialog should stop saying "Sign-in"
15:07:46 <Ian> ...this conveys the wrong message to the user; but this is slightly less critical than others
15:08:01 <Rolf> Rolf has joined #wpwg
15:09:36 <SameerT> SameerT has joined #wpwg
15:09:42 <Ian> present+ Sameer_Tare
15:09:42 <SameerT> present+
15:10:02 <Ian> [We walk through FIME prioritization reply from Jean-Luc]
15:10:56 <Ian> present+ Rolf_Lindemann
15:12:24 <Ian> smcgruer_[EST]: I wonder whether "roaming" in FIME feedback also implies "hybrid"
15:13:24 <Ian> smcgruer_[EST]: Summary - other payments use cases, show RP origin, roaming, android native, some UX changes (bigger icon, fallback UX, issuer/network)
15:14:16 <Ian> Sameer: We are close to finalizing our list from the 3DS WG
15:14:31 <Ian> ...we are trying to put more structure into our feedback to include "blockers" from our perspective e
15:16:10 <Ian> Rolf: Main feedback is to get additional browser support.
15:16:21 <Ian> ...get the attestation stuff done (for PSD2)
15:16:26 <Ian> ...support roaming authenticators
15:16:45 <Ian> ...vanilla webauthn credentials for use by RP.
15:18:03 <Ian> IJ: Stephen what's your vision related to this last point? I imagine usage in both top-level and cross-origin iframe.
15:18:25 <Ian> Rolf: you can name Nok Nok in the spreadsheet
15:18:54 <Anne> q+
15:19:31 <Ian> ack Anne
15:20:03 <Ian> Anne: When we tried to classify the requests, it was not clear what userVerification=discouraged
15:20:31 <Ian> smcgruer_[EST]: WebAuthn allows the caller to specify whether to verify the user (biometric) or only user presence check.
15:21:37 <Ian> ...when userVerification is discouraged, e.g., the user might just click a button. This is sufficient for "user presence". The cryptogram result is of less value of course. But there's some interest in the for use cases that don't require as strong security.
15:22:02 <Ian> ...but note that the authenticator can always choose to do userVerification anyway, and we know that Windows Hello always does userVerification.
15:22:23 <Ian> present+ Gerhard_Oosthuizen
15:22:30 <SameerT> q+
15:23:09 <Ian> ack SameerT
15:23:32 <Ian> SameerT: If the userVerification=discouraged and user verification IS performed, is the verification data in the assertion?
15:24:16 <Ian> Rolf: The method won't be known, but the authenticator will indicate whether the user was verified in the response.
15:26:16 <Ian> Topic: Updates
15:26:34 <Ian> - MDN
15:27:26 <Ian> https://github.com/mdn/content/pull/28705
15:29:44 <Ian> - Conferences?
15:30:26 <Ian> Rolf: +1 to this; lots of value. I don't have a list. But Money 20/20 a candidate
15:30:52 <Ian> ...we could do something in Europe where multiple companies cooperate to spread the word.
15:31:03 <Ian> ...I think this was a key to passkey success
15:31:27 <Ian> ...good to have different kinds of stakeholders talking about this from various perspectives.
15:31:40 <Ian> Steve: ETA transactions
15:32:35 <Ian> Arman: US Payments Forum
15:33:14 <Ian> - "How to SPC"
15:33:51 <Ian> present+ Jean-Luc_di_Manno
15:34:09 <Ian> IJ: What is status of How to FIDO?
15:34:52 <Ian> Rolf: Really targeting engineers. I think the case of SPC, there will be a smaller number of implementers. Most of the people will be using 3rd party tools. For them we need a document on a different level.
15:35:05 <Ian> ...mainly about educating merchants and issuers on the value of SPC.
15:35:22 <Ian> ...but they typically don't implement it themselves. They get it through their 3DS SDKs
15:35:47 <Ian> Sami: +1
15:36:01 <Ian> Sameer: +1
15:37:39 <JeanLuc> JeanLuc has joined #WPWG
15:37:42 <Ian> Doug: Merchant Risk Conf
15:38:09 <Fahad> Fahad has joined #wpwg
15:38:52 <JeanLuc> q+
15:39:43 <Ian> [We look at the poll results]
15:40:36 <Ian> Jean-Luc: I would distinguish roaming and hybrid
15:41:00 <smcgruer_[EST]> q?
15:41:02 <smcgruer_[EST]> ack JeanLuc
15:41:28 <Ian> Ian: I will add the data to the spreadsheet
15:41:43 <Ian> smcgruer_[EST]: Thanks for all the feedback, this is great. We are looking at this and our investment of SPC.
15:41:58 <Ian> ...all feedback (whether same or different than others) valued.
15:42:10 <Ian> Topic: upcoming meetings
15:42:17 <Ian>     23 Nov: Canceled
15:42:17 <Ian>     7 Dec: Scheduled
15:42:17 <Ian>     21 Dec: Canceled
15:42:19 <Ian>     4 January 2024: Canceled
15:43:04 <JeanLuc> q+
15:43:07 <Ian> Topic: Any other business?
15:43:28 <Ian> Jean-Luc: There is a lot of discussion on quantum computing.
15:43:46 <Ian> ...is there any impact on SPC (or WebAuthN) regarding crypto agility?
15:44:04 <Ian> smcgruer_[EST]: All the impact on SPC would also impact WebAuthn
15:44:19 <Rolf> +1
15:44:29 <Ian> ...with WebAuthn you specify which crypto algorithms when you create the credential
15:45:31 <Ian> IJ: Has this been discussed in WebAuthn?
15:45:38 <Ian> Rolf: The algorithms are registered in IANA
15:45:49 <Ian> ...we rely on other groups to give us algorithm identifiers.
15:47:25 <Ian> [Adjourned until 7 Dec]
15:47:30 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/09-wpwg-minutes.html Ian
18:24:52 <Zakim> Zakim has left #wpwg
19:11:14 <bkardell_> bkardell_ has joined #wpwg