14:59:28 RRSAgent has joined #wpwg 14:59:32 logging to https://www.w3.org/2026/02/26-wpwg-irc 14:59:33 Meeting: Web Payments Working Group 14:59:48 Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20260226 14:59:50 Chair: Ian 14:59:54 Scribe: Ian 14:59:56 present+ 15:00:01 Regrets+ NickTR 15:00:27 present+ 15:01:00 present+ Isaiah_Inuwa 15:01:02 present+ Ashwany_Rayu 15:01:07 present+ Jeff_Owenson 15:01:10 present+ Gerhards 15:01:14 present+ Steve_Cole 15:01:18 present+ Ryan_Watkins 15:01:21 present+ Sharanya 15:01:25 JL has joined #WPWG 15:01:28 present+ Daniel_Wyckoff 15:01:31 present+ Jean-Luc 15:01:37 present+ Sami 15:01:45 present+ Rogerio 15:02:28 Topic: SPC 15:02:30 present+ Darwin 15:02:48 benoit has joined #wpwg 15:02:53 present+ John_Earnshaw 15:03:03 subtopic: Chrome 145 release 15:03:05 present+ 15:03:09 darwin has joined #wpwg 15:03:34 present+ Dees_Chinniah 15:03:47 iinuwa has joined #wpwg 15:04:02 Darwin: Chrome 145 supports BBKs in stable. The new UX for desktop is rolling out right now, and should be fully out by the end of next week. 15:04:18 present+ Bjorn_Hjelm 15:04:47 Ian: What's next up? 15:04:53 raginpirate has joined #wpwg 15:04:59 Darwin: feature detection work 15:05:04 https://github.com/w3c/secure-payment-confirmation/pull/320 15:05:50 Darwin: It's a new static method that returns a dictionary of SPC capabilities. One of which is BBKs. 15:05:57 present+ Henna_Kapur 15:06:28 Sami: The capability functionality is on par with what we saw at TPAC? 15:07:26 Albert has joined #wpwg 15:07:39 present+ John_Bradley 15:07:44 present+ Albert_Schibani 15:07:51 present+ David_Benoit 15:08:01 present+ Ravi_Shekhar 15:09:12 Ian: Anyone want to actively review the pull request? 15:09:19 RESOLVED: The editors will merge PR 3e20 15:10:20 Subtopic: Mitigating double step-up features 15:10:25 Ian: What's the status? 15:10:39 stephen: Right now we are focused on feature detection to unlock pilots 15:10:51 ...we are still interested in the double step-up features 15:11:40 Ian: What is time frame for feature detection? 15:12:09 Darwin: Aiming for Chrome 147 or 148 (to stable by late April) 15:12:48 subtopic: roaming authenticators and SPC 15:13:20 Bjorn: We are still working on that internally 15:14:33 subtopic: BBK questions 15:14:50 John_Earnshaw: The requirements document has some requirements, but some of those aren't yet reflected in the specification. 15:15:15 ..e.g., requirements say that there's a 1:1 relationship between a BBK and passkey/browser/device, but that binding is not reflected in the specification. 15:16:13 Stephen: The spec may not yet represent requirements that the implementation already meets. 15:16:15 ...we can fix that. 15:16:26 Stephen: But it's also possible we have diverged since the requirements. 15:16:57 ...could someone do the gap analysis and ask about implementation? 15:17:02 ...that's easier to react to. 15:17:45 ACTION: John_Earnshaw to review the BBK requirements document and the current SPC and document any gaps 15:18:18 ...and raise a new issue. 15:18:32 subtopic: Test suite for SPC 15:18:56 John_Earnshaw: There are some bits in the spec not covered in the test suite (e.g., availability functionality) 15:19:00 ..is this a gap? 15:19:11 https://w3c.github.io/secure-payment-confirmation/#sctn-secure-payment-confirmation-available-api 15:19:29 stephen: It's hard to test that API because you can't control the underlying machine. I suspect there's a gap 15:19:41 ...we should add a set of manual WPTs (not optimal) 15:19:44 Renebl has joined #wpwg 15:19:50 ...we could have a naive test for isAvailable 15:19:59 present+ Rene_Leveille 15:20:00 +present 15:20:28 stephen: I agree the test suite should say something 15:20:46 Ian: Is test suite work happening on feature detection? 15:21:03 Darwin: Will be hard because we won't know if test machine has a TPM. 15:21:11 Stephen: We can test that the API exists... 15:21:37 ...the capabilities API is worse because the browser can exclude keys if they are not supported (for privacy) 15:22:11 ACTION: Stephen and Darwin to look into adding test(s) for isAvailable 15:23:28 Ian: Any other SPC topics? 15:24:07 Sharanya: So to clarify there will be two signals for what is supported? 15:25:13 Ian: Do you need to check both for SPC and BBK or just BBK suffices? 15:25:35 Darwin: I think you get an error if you just check for BBK and SPC is not available. 15:26:54 Stephen: We should find out from developers the right thing. 15:27:05 Topic: Facilitated payment links 15:27:57 (Ian presents background on this topic, and reviewing pros and cons in different approaches) 15:28:18 Stephen: Chrome is shipping the API, but it's not a high priority right now. There's interest in the capability, however. 15:28:49 Stephen: Can we quietly put this on the back burner for the next period 15:28:55 present+ Taskashi_Minamii 15:30:07 Ian: Could the Chrome Team experiment to gather some data inform the discussion? 15:31:00 Stephen: It's an interesting space, I could share some metrics with people today. There's a lot of use today (mostly countries in Asia); there's non-trivial usage/adoption. 15:31:58 https://chromestatus.com/metrics/feature/timeline/popularity/4976 15:32:11 Ian: Will this UX be subsumed by DPC? 15:32:27 Henna: In principle it could, but I haven't thought through it. 15:32:35 +present 15:32:39 Compared to PaymentRequest.show: https://chromestatus.com/metrics/feature/timeline/popularity/2895 15:33:00 Henna: If the payment has a VC and a schema. 15:33:56 John_Bradley: In theory DC API could be called within PR API but you'd need more information 15:35:12 John: DC API has still not been instrumented to support Web-based wallets. But some governments say that native wallets are a burden for their populations. 15:35:26 Henna: Where is that today? 15:35:32 ..is that a DC API discussion? 15:35:45 John: Yes, it's part of DC API discussion. 15:36:04 ...not surprisingly there are different schools of thought, at times even within the same company 15:36:17 ...but the current prioritization of DC API is for native apps 15:36:50 Henna: Are there technical challenges or mostly prioritization topic? 15:37:00 John_Bradley: A combo of religion and prioritization. 15:37:53 John_Bradley: I think DC API should support both native and web-based wallets. 15:37:59 ..but web-based has other security considerations 15:38:42 Ian: Anything blocking from the DC API perspective? 15:38:55 John_Bradley: no, it's more implementation questions for platforms about what they are going to support for their selectors. 15:40:04 ..there's nothing in the design of DC API (from a JS surface perspective) that limits you to one kind of digital credential holder versus another. 15:41:53 John_Bradley: There's also the debate about trusted web apps 15:42:12 ...you have to be a trusted web app to get access to WebBluetooth. So there are JS apis that are only available to "trusted web apps" 15:43:22 ..there are technical details that need to be sorted out about how this happens or would happen with wallets in trusted contexts. 15:46:50 Ian: Should we insert ourselves into the conversations about web-based wallets due to PH API? 15:47:08 Stephen: PH API represents learnings; not sure if PH API is suitable as-is, but we could inform discussions. 15:48:09 ...Web-based payment handlers are based on service-workers, and it may be more suitable to revisit the architecture for credential-based wallet. 15:49:59 Ian: Is there a WG where Web-based wallets are being discussed? 15:50:08 John_Bradley: Right now that's "future work" 15:50:29 ...an extension could allow a Web-based wallet 15:51:45 Ian: Maybe people could use PH API instead of an extension. 15:56:03 TallTed has joined #wpwg 15:56:13 ...there may be security benefits to using PH, with DC API glue 15:56:59 stephen: PH API and Payment Method Manifest describe ways to do just-in-time implementation 15:58:07 Topic: next meeting 15:58:20 12 March 15:58:39 RRSAGENT, make minutes 15:58:41 I have made the request to generate https://www.w3.org/2026/02/26-wpwg-minutes.html Ian 15:58:44 RRSAGENT, set logs public 17:43:28 Zakim has left #wpwg