IRC log of wpwg on 2025-01-16
Timestamps are in UTC.
- 14:52:12 [RRSAgent]
- RRSAgent has joined #wpwg
- 14:52:16 [RRSAgent]
- logging to https://www.w3.org/2025/01/16-wpwg-irc
- 14:52:18 [Ian]
- Meeting: Web Payments Working Group
- 14:52:21 [Ian]
- Chair: Ian
- 14:52:23 [Ian]
- Scribe: Ian
- 14:52:41 [Ian]
- Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20250116
- 14:58:23 [Ian]
- agenda+ SPC updates
- 14:58:26 [Ian]
- agenda+ Berlin Group chat
- 14:58:30 [Ian]
- agenda+ Next meeting
- 14:58:50 [Ian]
- present+
- 15:00:12 [jpm-block]
- jpm-block has joined #wpwg
- 15:00:19 [Ian]
- present+ Juan-Pablo_Marzetti
- 15:00:39 [Ian]
- present+ Stephen_McGruer
- 15:00:46 [Ian]
- present+ Rogerio_Matsui
- 15:00:50 [Ian]
- present+ Kenneth_Diaz
- 15:00:54 [Ian]
- present+ Jonathan_Grossar
- 15:01:01 [TallTed]
- TallTed has joined #wpwg
- 15:01:14 [Ian]
- present+ Steve_Cole
- 15:01:39 [Ian]
- present+
- 15:01:47 [Ian]
- present+ Slobodan_Pejic
- 15:01:52 [Ian]
- present+ Rene_Leveille
- 15:02:00 [Ian]
- present+ Rouslan_Solomakhin
- 15:02:31 [Ian]
- present+ David_Benoit
- 15:02:44 [Ian]
- present+ Sami_Tikkala
- 15:02:51 [Ian]
- present+ Doug_Fisher
- 15:03:24 [Ian]
- present+ Vasilii_Trofimchuk
- 15:03:48 [vasilii]
- vasilii has joined #wpwg
- 15:04:11 [nicktr]
- present+ Nick_Telford-Reed
- 15:04:29 [Ian]
- present+ Nick_Telford-Reed
- 15:04:42 [Ian]
- zakim, take up item 1
- 15:04:42 [Zakim]
- agendum 1 -- SPC updates -- taken up [from Ian]
- 15:05:07 [Ian]
- -> https://fidoalliance.org/white-paper-secure-payment-confirmation/ White Paper from FIDO on SPC
- 15:05:47 [Ian]
- Jonathan: As part of fostering adoption of FIDO we've been looking into FIDO for payments.
- 15:06:02 [Ian]
- ...we know that the payments use case is different than the login use case (different requirements)
- 15:06:13 [Ian]
- ...SPC is a solution that addresses some of our requirements for payment authentication
- 15:06:27 [Ian]
- ...we wanted to raise awareness about SPC
- 15:06:41 [Ian]
- ...and FIDO for authentication
- 15:07:06 [Ian]
- (Jonathan walks through the document)
- 15:07:58 [Ian]
- Jonathan: In the intro of the paper we talk about FIDO for payments at a high level, and replacing insecure passwords with convenient authentication.
- 15:08:06 [Ian]
- ...then we talk about the benefits of SPC on top of FIDO
- 15:08:37 [Ian]
- ...and we say a bit about ongoing work on SPC to improve the UX and security of the transactions
- 15:09:37 [Ian]
- ...under benefits we talk about (1) consistency of UX (2) features that support compliance (3) security improvements (4) cross-origin authentication UX (no redirect)
- 15:10:35 [Ian]
- ...under use cases we talk about two main use cases: (1) bank is the relying party (who creates the passkeys) (2) payment scheme is the relying party
- 15:11:51 [Ian]
- q+
- 15:12:08 [Ian]
- Jonathan: We talk at the end about future enhancements (fallback UX, logos, browser-based key)
- 15:12:39 [Ian]
- ...we include the UX that was featured in POC's last summer (and for which we received good feedback)
- 15:12:48 [Ian]
- ack me
- 15:12:55 [Ian]
- Ian: Delegated auth use case?
- 15:13:45 [Ian]
- ...should that be covered (along with reference to FIDO White Paper on input to 3DS)?
- 15:14:10 [Ian]
- Jonathan: I don't think it would significantly change the description of SPC benefits.
- 15:14:53 [nicktr]
- q+ to ask about SPC on chrome on iOS 17.4+ in the EU
- 15:14:54 [Ian]
- ..the use cases we emphasized are the ones that we think are most being implemented.
- 15:14:55 [Ian]
- ack nick
- 15:14:55 [Zakim]
- nicktr, you wanted to ask about SPC on chrome on iOS 17.4+ in the EU
- 15:15:51 [Ian]
- nicktr: Thanks to the FIDO team that developed the paper. As you were looking at "availability" there's another possibility in Europe of support on iOS. Is SPC supported yet in Chrome on iOS?
- 15:16:15 [Ian]
- smcgruer_[EST]: Not at this time. Chrome on iOS in Europe still same engine under the hood.
- 15:16:20 [Ian]
- q?
- 15:17:05 [Ian]
- Ian: Any initial response to the publication?
- 15:17:07 [Ian]
- Jonathan: Too soon
- 15:17:25 [Ian]
- ...within FIDO we did get feedback during the review period.
- 15:17:57 [Ian]
- Topic: Status of BBK implementation
- 15:18:12 [Ian]
- Slobodan: We have made BBK available in Canary behind a flag.
- 15:18:31 [smcgruer_[EST]]
- https://docs.google.com/document/d/1Wgx8MQG4GsdPErGPya7iMCbhw5NiSrLrNIoDPq2_P2s/edit?tab=t.0#heading=h.chklzdbszzpd
- 15:19:23 [Ian]
- smcgruer_[EST]: We have an initial version on Chrome for Android using the secure element.
- 15:20:06 [Ian]
- ...the browser bound key is created when the passkey is created
- 15:20:43 [sami]
- sami has joined #wpwg
- 15:20:44 [Ian]
- ...if the browser bound key is cleared without the passkey is not clear, then it should be recreated at authentication time (but it is not yet implemented; should be soon)
- 15:21:05 [Ian]
- Rene: Is the BBK doing a DPK thing?
- 15:21:14 [Ian]
- smcgruer_[EST]: It is browser-bound rather than device bound.
- 15:21:26 [Ian]
- present+ Gerhard
- 15:23:08 [Ian]
- Jonathan: We want this feature to not have to use cookies
- 15:23:21 [smcgruer_[EST]]
- q?
- 15:23:56 [smcgruer_[EST]]
- https://github.com/w3c/secure-payment-confirmation/issues/271
- 15:25:38 [Ian]
- Rene: We are trying to find a solution in FIDO for filling the gaps
- 15:26:25 [Ian]
- q?
- 15:27:21 [Ian]
- smcgruer_[EST]: We think it's complete enough for people to start trying out.
- 15:27:31 [Ian]
- ...our next steps are for people to try this out.
- 15:27:58 [Ian]
- ...and we will run this by other internal teams
- 15:28:41 [Ian]
- ...there are interesting questions still about algorithm selection or key rotation, and we've made initial choices
- 15:29:20 [Ian]
- ...we have focused on Android for now. Some aspects were easy and we also heard support for this approach from partners. But are expecting to extend to other platforms.
- 15:29:47 [Ian]
- Ian: How will spec updates happen?
- 15:29:56 [sami]
- sami has joined #wpwg
- 15:29:59 [Ian]
- smcgruer_[EST]: That will flow from feedback phase and internal feedback.
- 15:30:13 [Ian]
- zakim, close this item
- 15:30:13 [Zakim]
- agendum 1 closed
- 15:30:14 [Zakim]
- I see 2 items remaining on the agenda; the next one is
- 15:30:14 [Zakim]
- 2. Berlin Group chat [from Ian]
- 15:30:16 [Ian]
- zakim, take up item 2
- 15:30:16 [Zakim]
- agendum 2 -- Berlin Group chat -- taken up [from Ian]
- 15:33:25 [Ian]
- Ian: We have a chat with them on 24 about SPC. Also digital wallets. Any suggestions for the agenda?
- 15:33:41 [Ian]
- Nick: Request to Pay API. I've been trying to read about this API
- 15:34:08 [Ian]
- zakim, close item 2
- 15:34:08 [Zakim]
- agendum 2, Berlin Group chat, closed
- 15:34:09 [Zakim]
- I see 1 item remaining on the agenda:
- 15:34:09 [Zakim]
- 3. Next meeting [from Ian]
- 15:35:11 [Ian]
- 30 January
- 15:36:49 [Ian]
- RRSAGENT, make minutes
- 15:36:50 [RRSAgent]
- I have made the request to generate https://www.w3.org/2025/01/16-wpwg-minutes.html Ian
- 15:36:52 [Ian]
- RRSAGENT, set logs public
- 15:51:23 [Ian]
- RRSAGENT, make minutes
- 15:51:24 [RRSAgent]
- I have made the request to generate https://www.w3.org/2025/01/16-wpwg-minutes.html Ian
- 15:51:29 [Ian]
- RRSAGENT, set logs public
- 15:51:35 [Ian]
- rrsagent, bye
- 15:51:35 [RRSAgent]
- I see no action items