14:52:12 RRSAgent has joined #wpwg 14:52:16 logging to https://www.w3.org/2025/01/16-wpwg-irc 14:52:18 Meeting: Web Payments Working Group 14:52:21 Chair: Ian 14:52:23 Scribe: Ian 14:52:41 Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20250116 14:58:23 agenda+ SPC updates 14:58:26 agenda+ Berlin Group chat 14:58:30 agenda+ Next meeting 14:58:50 present+ 15:00:12 jpm-block has joined #wpwg 15:00:19 present+ Juan-Pablo_Marzetti 15:00:39 present+ Stephen_McGruer 15:00:46 present+ Rogerio_Matsui 15:00:50 present+ Kenneth_Diaz 15:00:54 present+ Jonathan_Grossar 15:01:01 TallTed has joined #wpwg 15:01:14 present+ Steve_Cole 15:01:39 present+ 15:01:47 present+ Slobodan_Pejic 15:01:52 present+ Rene_Leveille 15:02:00 present+ Rouslan_Solomakhin 15:02:31 present+ David_Benoit 15:02:44 present+ Sami_Tikkala 15:02:51 present+ Doug_Fisher 15:03:24 present+ Vasilii_Trofimchuk 15:03:48 vasilii has joined #wpwg 15:04:11 present+ Nick_Telford-Reed 15:04:29 present+ Nick_Telford-Reed 15:04:42 zakim, take up item 1 15:04:42 agendum 1 -- SPC updates -- taken up [from Ian] 15:05:07 -> https://fidoalliance.org/white-paper-secure-payment-confirmation/ White Paper from FIDO on SPC 15:05:47 Jonathan: As part of fostering adoption of FIDO we've been looking into FIDO for payments. 15:06:02 ...we know that the payments use case is different than the login use case (different requirements) 15:06:13 ...SPC is a solution that addresses some of our requirements for payment authentication 15:06:27 ...we wanted to raise awareness about SPC 15:06:41 ...and FIDO for authentication 15:07:06 (Jonathan walks through the document) 15:07:58 Jonathan: In the intro of the paper we talk about FIDO for payments at a high level, and replacing insecure passwords with convenient authentication. 15:08:06 ...then we talk about the benefits of SPC on top of FIDO 15:08:37 ...and we say a bit about ongoing work on SPC to improve the UX and security of the transactions 15:09:37 ...under benefits we talk about (1) consistency of UX (2) features that support compliance (3) security improvements (4) cross-origin authentication UX (no redirect) 15:10:35 ...under use cases we talk about two main use cases: (1) bank is the relying party (who creates the passkeys) (2) payment scheme is the relying party 15:11:51 q+ 15:12:08 Jonathan: We talk at the end about future enhancements (fallback UX, logos, browser-based key) 15:12:39 ...we include the UX that was featured in POC's last summer (and for which we received good feedback) 15:12:48 ack me 15:12:55 Ian: Delegated auth use case? 15:13:45 ...should that be covered (along with reference to FIDO White Paper on input to 3DS)? 15:14:10 Jonathan: I don't think it would significantly change the description of SPC benefits. 15:14:53 q+ to ask about SPC on chrome on iOS 17.4+ in the EU 15:14:54 ..the use cases we emphasized are the ones that we think are most being implemented. 15:14:55 ack nick 15:14:55 nicktr, you wanted to ask about SPC on chrome on iOS 17.4+ in the EU 15:15:51 nicktr: Thanks to the FIDO team that developed the paper. As you were looking at "availability" there's another possibility in Europe of support on iOS. Is SPC supported yet in Chrome on iOS? 15:16:15 smcgruer_[EST]: Not at this time. Chrome on iOS in Europe still same engine under the hood. 15:16:20 q? 15:17:05 Ian: Any initial response to the publication? 15:17:07 Jonathan: Too soon 15:17:25 ...within FIDO we did get feedback during the review period. 15:17:57 Topic: Status of BBK implementation 15:18:12 Slobodan: We have made BBK available in Canary behind a flag. 15:18:31 https://docs.google.com/document/d/1Wgx8MQG4GsdPErGPya7iMCbhw5NiSrLrNIoDPq2_P2s/edit?tab=t.0#heading=h.chklzdbszzpd 15:19:23 smcgruer_[EST]: We have an initial version on Chrome for Android using the secure element. 15:20:06 ...the browser bound key is created when the passkey is created 15:20:43 sami has joined #wpwg 15:20:44 ...if the browser bound key is cleared without the passkey is not clear, then it should be recreated at authentication time (but it is not yet implemented; should be soon) 15:21:05 Rene: Is the BBK doing a DPK thing? 15:21:14 smcgruer_[EST]: It is browser-bound rather than device bound. 15:21:26 present+ Gerhard 15:23:08 Jonathan: We want this feature to not have to use cookies 15:23:21 q? 15:23:56 https://github.com/w3c/secure-payment-confirmation/issues/271 15:25:38 Rene: We are trying to find a solution in FIDO for filling the gaps 15:26:25 q? 15:27:21 smcgruer_[EST]: We think it's complete enough for people to start trying out. 15:27:31 ...our next steps are for people to try this out. 15:27:58 ...and we will run this by other internal teams 15:28:41 ...there are interesting questions still about algorithm selection or key rotation, and we've made initial choices 15:29:20 ...we have focused on Android for now. Some aspects were easy and we also heard support for this approach from partners. But are expecting to extend to other platforms. 15:29:47 Ian: How will spec updates happen? 15:29:56 sami has joined #wpwg 15:29:59 smcgruer_[EST]: That will flow from feedback phase and internal feedback. 15:30:13 zakim, close this item 15:30:13 agendum 1 closed 15:30:14 I see 2 items remaining on the agenda; the next one is 15:30:14 2. Berlin Group chat [from Ian] 15:30:16 zakim, take up item 2 15:30:16 agendum 2 -- Berlin Group chat -- taken up [from Ian] 15:33:25 Ian: We have a chat with them on 24 about SPC. Also digital wallets. Any suggestions for the agenda? 15:33:41 Nick: Request to Pay API. I've been trying to read about this API 15:34:08 zakim, close item 2 15:34:08 agendum 2, Berlin Group chat, closed 15:34:09 I see 1 item remaining on the agenda: 15:34:09 3. Next meeting [from Ian] 15:35:11 30 January 15:36:49 RRSAGENT, make minutes 15:36:50 I have made the request to generate https://www.w3.org/2025/01/16-wpwg-minutes.html Ian 15:36:52 RRSAGENT, set logs public 15:51:23 RRSAGENT, make minutes 15:51:24 I have made the request to generate https://www.w3.org/2025/01/16-wpwg-minutes.html Ian 15:51:29 RRSAGENT, set logs public 15:51:35 rrsagent, bye 15:51:35 I see no action items