13:49:47 <RRSAgent> RRSAgent has joined #wpwg
13:49:51 <RRSAgent> logging to https://www.w3.org/2026/05/21-wpwg-irc
13:50:07 <Ian> Meeting: Web Payments Working Group
13:50:22 <Ian> Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20260521
13:50:28 <Ian> Chair: Ian
13:50:30 <Ian> Scribe: Ian
13:56:09 <sidvishnoi> sidvishnoi has joined #wpwg
13:57:01 <Ian> agenda+ BBK clarifications
13:57:05 <Ian> agenda+ Roaming authenticators
13:57:12 <Ian> agenda+ Currency code topic
13:57:43 <Ian> agenda+ Reminder of ECommerce/AI workshop (8-9 September in Zurich)
13:57:52 <Ian> agenda+ Upcoming schedule
13:59:19 <RRSAgent> I have made the request to generate https://www.w3.org/2026/05/21-wpwg-minutes.html Ian
14:00:03 <Ian> present+ Sid_Vishnoi
14:00:07 <Ian> present+ Ian_Jacobs
14:00:30 <Ian> present+ Takashi_Minamii
14:00:35 <Ian> present+ Jean-Luc_di_Manno
14:00:38 <Ian> present+ Steve_Cole
14:00:54 <JL> JL has joined #WPWG
14:00:56 <Takashi> Takashi has joined #wpwg
14:01:26 <Ian> present+ Sami_Tikkala
14:01:28 <benoit> benoit has joined #wpwg
14:01:51 <Takashi> present+
14:01:51 <Ian> present+ Darwing_Yang
14:01:54 <Ian> present+ David_Benoit
14:01:58 <darwin> darwin has joined #wpwg
14:01:58 <Ian> present+ Joan_Earnshaw
14:02:03 <Ian> present+ John_Earnshaw
14:02:07 <Ian> present- Joan_Earnshaw
14:02:12 <Ian> present+ Bjorn_Hjelm
14:02:18 <Ian> present+ Garima_Jaiswal
14:02:33 <Ian> present+ Ryan_Watkins
14:02:57 <Ian> present+ Bharat
14:03:08 <Ian> present+ Kenneth_Diaz
14:04:09 <Ian> present+ Stephen_McGruer
14:04:51 <Ian> zakim, take up item 1
14:04:51 <Zakim> agendum 1 -- BBK clarifications -- taken up [from Ian]
14:05:12 <Ian> https://github.com/w3c/secure-payment-confirmation/issues/321#issuecomment-4374638224
14:05:43 <Ian> present+ Ehsan
14:06:26 <Ehsan> Ehsan has joined #wpwg
14:08:09 <Ian> (Ian reviews the proposal)
14:08:21 <Ian> John: I think that works well and clears up ambiguities we noted.
14:08:55 <Ian> ...my only question is where we have a 1-1-1 relationship between browser/passkey/device, there is still a situation where the same "tuple" with multiple BBKs.
14:09:06 <Ian> ...because of different logins on the browser.
14:09:25 <Ian> ...in case of multiple profiles.
14:09:57 <Ian> Ian: How does this approach interact with current implementation?
14:10:20 <Ian> Darwin: Regarding profiles, there's probably a still gap where the installed browser program would mean "same bbk across profiles."
14:10:44 <Ian> Stephen: I am hearing you can't say "1-1-1" because of profiles.
14:10:49 <Ian> present+ Albert_Schibani
14:11:35 <Ian> Stephen: For Chrome in particular a user with a single installation of Chrome could have 2 profiles, each of which would have a different BBK.
14:11:53 <Ian> present+ Dan_Pelegero
14:12:28 <Ian> Stephen: An installed browser program can have multiple BBKs for a given passkey, but different installed programs are guaranteed to have different BBKs for this same passkey
14:12:43 <Ian> present+ Gerhard_Oosthuizan
14:12:47 <Ian> present+ Gerhard_Oosthuizen
14:12:50 <Ian> present- Gerhard_Oosthuizan
14:13:58 <Ian> Stephen: We should say in reqs do that the important statement is that a single BBK is not reused for any of (1) different installed browser programs on a device (2) different devices for the same or different installed browser program and (3) different passkeys
14:14:23 <Ian> John: Another way of saying it: for each BBK there will be at most one installed browser program, passkey, and device.
14:14:33 <Ian> ...the important bit is that the BBK implies the tuple.
14:14:52 <stephen_mcgruer> A specific BBK ==> (1 browser installed program, 1 device, 1 passkey), but that relationship doesn't go in the other direction
14:14:54 <Ian> ..the BBK enforces the tuple but the tuple does not necessarily enforce the BBK.
14:15:50 <stephen_mcgruer> q?
14:16:08 <Ian> Action: John_Earnshaw to do a pull request on BBK requirements doc to (1) introduce installed browser program and (2) describe the tuple relationship more clearly.
14:16:45 <Ian> Stephen: We are likely to want to be explicit in the spec but let's do that after the reqs document.
14:17:34 <Ian> rrsagent, make minutes
14:17:35 <RRSAgent> I have made the request to generate https://www.w3.org/2026/05/21-wpwg-minutes.html Ian
14:17:41 <Ian> zakim, close item 1
14:17:41 <Zakim> agendum 1, BBK clarifications, closed
14:17:41 <Zakim> I see 4 items remaining on the agenda; the next one is
14:17:41 <Zakim> 2. Roaming authenticators [from Ian]
14:17:41 <Ian> zakim, take up item 2
14:17:41 <Zakim> agendum 2 -- Roaming authenticators -- taken up [from Ian]
14:18:13 <Ian> -> https://github.com/w3c/secure-payment-confirmation/issues/12#issuecomment-4509002452 Bjorn requirements list
14:18:17 <slobodan> slobodan has joined #wpwg
14:19:11 <Ian> SPC SHALL follow the WebAuthn flow for discovering authenticators and identifying the correct authenticator to be used.
14:19:11 <Ian> The roaming authenticator SHALL be paired with an application or through a FIDO credential registration.
14:19:11 <Ian> Persistent CTAP PUAT (pinUvAuthToken) SHALL be supported and the discoverable credential(s) on the roaming authenticator SHALL be cached.
14:19:12 <Ian> SPC SHALL support providing a filtered list of eligible credentials.
14:19:12 <Ian> SPC SHALL support cross-origin/payment credential flag (in SPC and CTAP).
14:19:25 <Ian> ----
14:21:40 <Ian> Bjorn: There is some complexity. But one expectation is whether the device is plugged in.
14:22:03 <Ian> ...these requirements don't address situation where roaming authenticators is not plugged in then plugged in.
14:22:15 <Ian> ...there may also be slight variations among platforms.
14:23:00 <Ian> ...a roaming authenticator could be any device that acts as a roaming authenticator (e.g., the hybrid use cases as an example)
14:23:10 <Ian> ...or even a credit card that acts as a fido authenticator.
14:23:50 <Ian> ...to fully explore I assume we'd have to create a requirements document.
14:24:25 <Ian> Ian: What does "filtered list of eligible credentials" refer to?
14:24:43 <Ian> Bjorn? There might be different credentials that could be used for different purposes.
14:25:21 <Ian> Bjorn: There might be different credentials that could be used for different purposes.
14:26:06 <Ian> Ian: That feels like a new functionality (for any authenticator)
14:26:53 <Ian> Ian: "SHALL be paired with an application or through a FIDO credential registration."
14:28:55 <Ian> Bjorn: The credential on the roaming authenticator is discovered; you have to onboard the credential from the roaming authenticator.
14:28:59 <Ian> present+ Jeff_Owenson
14:29:07 <Ian> present+ Sue_Koomen
14:29:50 <Ian> zakim, close item 2
14:29:50 <Zakim> agendum 2, Roaming authenticators, closed
14:29:51 <Zakim> I see 3 items remaining on the agenda; the next one is
14:29:51 <Zakim> 3. Currency code topic [from Ian]
14:29:55 <Ian> zakim, take up item 3
14:29:55 <Zakim> agendum 3 -- Currency code topic -- taken up [from Ian]
14:30:14 <Ian> https://github.com/WICG/webmonetization/issues/440#issuecomment-4252501984
14:30:52 <Ian> Sid: ISO 24165 - Digital token identifier (DTI) appears be the future standard for digital currencies from ISO.
14:30:59 <Ian> https://www.iso.org/standard/85546.html
14:31:14 <Ian> Sid: Unlike the 3-letter ISO 4217 codes, DTIs use 9-letter alphanumeric codes (e.g. 4H95J0R2X for Bitcoin, L6GTZC9G4 for Ripple, and ZNWVNRMHK for USDC Eth). I'm not sure whether these registrations are official, or how was the community interest towards adoption of this standard (given there are so many alternative standards in crypto community), but this should give us some direction.
14:31:20 <Ian> Sid: I've not seen evidence that these are used public.
14:31:24 <Ian> s/public/publicly
14:32:10 <Ian> Sid: until there's public demand (from wallets) e.g., in Payment Request, we can put this topic on the back burner
14:33:21 <Ian> zakim, close item 3
14:33:21 <Zakim> agendum 3, Currency code topic, closed
14:33:22 <Zakim> I see 2 items remaining on the agenda; the next one is
14:33:22 <Zakim> 4. Reminder of ECommerce/AI workshop (8-9 September in Zurich) [from Ian]
14:33:30 <Ian> zakim, take up item 4
14:33:30 <Zakim> agendum 4 -- Reminder of ECommerce/AI workshop (8-9 September in Zurich) -- taken up [from Ian]
14:33:39 <Ian> https://github.com/w3c/strategy/issues/544
14:33:56 <Ian> September 8 and 9 2026 in Zurich.
14:37:16 <Ian> (Ian gives background on workshop, relationship to this WG's agenda)
14:37:20 <Ian> zakim, close item 4
14:37:20 <Zakim> agendum 4, Reminder of ECommerce/AI workshop (8-9 September in Zurich), closed
14:37:22 <Zakim> I see 1 item remaining on the agenda:
14:37:22 <Zakim> 5. Upcoming schedule [from Ian]
14:37:25 <Ian> zakim, take up item 5
14:37:25 <Zakim> agendum 5 -- Upcoming schedule -- taken up [from Ian]
14:38:22 <Ian> 4 June
14:39:01 <sidvishnoi> sidvishnoi has left #wpwg
14:39:42 <Ian> Ian: I propose 1-day WG meeting on Thursday at TPAC
14:39:46 <Ian> ...and 2-day for IG on M/T
14:39:50 <stephen_mcgruer> No strong reaction, unfortunately in my head far too far ahead of TPAC to know what agenda topics would be :D
14:40:42 <Ian> No meeting on 18 June
14:40:49 <RRSAgent> I have made the request to generate https://www.w3.org/2026/05/21-wpwg-minutes.html Ian
14:40:55 <Ian> RRSAGENT, set logs public
15:58:13 <dlehn> dlehn has joined #wpwg