13:57:42 <RRSAgent> RRSAgent has joined #wpwg
13:57:46 <RRSAgent> logging to https://www.w3.org/2026/06/04-wpwg-irc
13:57:48 <Ian> Meeting: Web Payments Working Group
13:57:50 <Ian> Chair: Ian
13:57:53 <Ian> Scribe: Ian
13:58:18 <Ian> Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20260604
13:58:25 <Ian> agenda+ SPC BBKs
13:58:35 <Ian> agenda+ SPC and WebAuthn extensions
13:58:42 <Ian> agenda+ SPC and roaming authenticators
13:58:48 <Ian> agenda+ AI/Ecommerce Workshop reminder
13:58:57 <Ian> present+ Ian_Jacobs
14:00:07 <Ian> present+ Stephen_McGruer
14:00:37 <Ian> present+ Steve_Cole
14:00:48 <Ian> present+ Dan_Pelegero
14:00:56 <Ian> present+ John_Earnshaw
14:01:34 <Ian> present+ Takashi_Minamii
14:01:50 <Ian> present+ David_Benoit
14:01:53 <takashi> takashi has joined #wpwg
14:01:56 <Ian> present+ Ehsan_Toreini
14:02:01 <takashi> present+
14:02:15 <Ian> present+ Rogerio_Matsui
14:02:25 <Ian> present+ Ryan_Watkins
14:02:30 <Ian> present+ Sami_Tikkala
14:02:34 <Ian> present+ Bjorn_Hjelm
14:03:01 <Ian> present+ Darwin_Yang
14:03:03 <darwin> darwin has joined #wpwg
14:03:05 <Ehsan> Ehsan has joined #wpwg
14:03:16 <Ian> zakim, take up item 1
14:03:16 <Zakim> agendum 1 -- SPC BBKs -- taken up [from Ian]
14:03:33 <Ian> present+ Jean-Luc
14:03:52 <JL> JL has joined #WPWG
14:03:53 <Ian> https://github.com/w3c/webpayments/wiki/Agenda-20260604
14:03:58 <Ian> https://github.com/w3c/secure-payment-confirmation/pull/330
14:04:24 <Ian> Ian: Stephen and I are happy with the PR
14:04:27 <Ian> John: Me too
14:05:05 <Ian> Darwin: Should this be merged into SPC?
14:05:41 <Ian> Ian: I think we said a more explicit note would be useful for the spec.
14:05:50 <Ian> stephen: Reasonable to do a pull request to make it explicit.
14:06:19 <Ian> https://w3c.github.io/secure-payment-confirmation/#sctn-browser-bound-key-store
14:07:07 <Ian> stephen: I think it's implicit that there's one BBK per passkey, but we could spell out the implication that this BBK will not be associated with another passkey.
14:07:41 <Ian> ACTION: John to investigate creating a pull request to align with the new BBK requirement description.
14:08:07 <Ian> Ian: Should we link to the reqs doc from the spec?
14:08:37 <Ian> Stephen: Not common to do.
14:09:05 <Ian> John: From a readability perspective could be a note with link to requirements
14:09:23 <Ian> (We agree to merge pull request 330)
14:10:01 <Ian> Ian: Anything in the chrome implementation to do?
14:10:05 <Ian> Stephen: I don't think so.
14:10:12 <RRSAgent> I have made the request to generate https://www.w3.org/2026/06/04-wpwg-minutes.html Ian
14:10:16 <Ian> zakim, close item 1
14:10:16 <Zakim> agendum 1, SPC BBKs, closed
14:10:17 <Zakim> I see 3 items remaining on the agenda; the next one is
14:10:17 <Zakim> 2. SPC and WebAuthn extensions [from Ian]
14:10:19 <Ian> zakim, take up item 2
14:10:19 <Zakim> agendum 2 -- SPC and WebAuthn extensions -- taken up [from Ian]
14:10:48 <Ian> (Relates to  Issue 326 on SPC and extensions that could expose private relying party sign in data; see pull request 332.)
14:11:15 <Ian> https://github.com/w3c/secure-payment-confirmation/pull/332
14:11:45 <Ian> stephen: WebAuthn extensions with SPC may create privacy issues.
14:12:00 <Ian> s/privacy/privacy and security/
14:12:08 <Ian> ...third parties can have access to private data
14:12:21 <Ian> ...we have identified one that should not be available to non-RP callers of SPC.
14:12:33 <Ian> ...the proposal is to bar third parties from specifying some extensions
14:12:55 <Ian> ...is there anyone who needs to use an extension as a third party?
14:13:11 <Ian> ...most extensions are used at registration time, so that's not as relevant for SPC
14:13:46 <Ian> ...we are unable to identify any extensions that are useful and safe at the same timed
14:14:11 <Ian> ...so the proposal is that non-RPs cannot use webauthn extensions in SPC authentication
14:15:51 <Ian> Sami: I'm not aware of any necessary extensions from a 3DS perspective.
14:16:23 <Ian> ...I can ask the 3DS WG
14:16:31 <Ian> stephen: We want to move quickly on this.
14:17:26 <Ian> Sami: I can get back to you soon.
14:18:07 <Ian> Stephen: In the future we could make another change to include an allow list.
14:18:40 <Ian> Action: Sami to get back to Stephen re: any web authn extensions needed with SPC from 3DS WG perspective.
14:19:11 <Ian> Action: Bjorn to also review pull request 332 and provide feedback.
14:19:25 <Ian> zakim, close item 2
14:19:25 <Zakim> agendum 2, SPC and WebAuthn extensions, closed
14:19:26 <Zakim> I see 2 items remaining on the agenda; the next one is
14:19:26 <Zakim> 3. SPC and roaming authenticators [from Ian]
14:19:32 <Ian> zakim, take up item 3
14:19:32 <Zakim> agendum 3 -- SPC and roaming authenticators -- taken up [from Ian]
14:20:10 <Ian> https://github.com/w3c/secure-payment-confirmation/issues/12
14:21:23 <Ian> stephen: I need some more time on this topic. I need to draw up "what this would look like from a UX perspective" if we support authenticators that may or may not be immediately available.
14:21:37 <Ian> ...this is a good opportunity to make SPC align more with how web authentication actually works.
14:21:55 <Ian> ...revisiting this is valuable but I need to look more into user journeys
14:22:41 <Ian> ACTION: Stephen to draw up user journeys for roaming authenticators, taking into account how web authentication actually works today
14:23:41 <Ian> ACTION: Bjorn to start answering some of the questions in the GitHub issue raised by Stephen.
14:24:01 <Ian> (We'll come back to this on 2 July meeting)
14:24:21 <Ian> zakim, take up item 3
14:24:21 <Zakim> agendum 3 -- SPC and roaming authenticators -- taken up [from Ian]
14:24:23 <Ian> zakim, take up item 4
14:24:24 <Zakim> agendum 4 -- AI/Ecommerce Workshop reminder -- taken up [from Ian]
14:24:30 <Ian> https://www.w3.org/2026/ecommerce-agents/
14:24:51 <Ian> present+ Sue_Koomen
14:24:58 <Ian> https://www.w3.org/2026/ecommerce-agents/participation.html
14:26:52 <Ian> Bjorn: Is the scope of the workshop clearly defined?
14:27:05 <Ian> ...work is happening in a variety of places around Agentic
14:31:42 <Ian> Ian: Please add suggestions to the open issue for how to ensure that people don't jump immediately into solutions.
14:32:13 <Ian> topic: Next meeting
14:32:17 <Ian> 2 July
14:32:43 <Ian> RRSAGENT, make minutes
14:32:44 <RRSAgent> I have made the request to generate https://www.w3.org/2026/06/04-wpwg-minutes.html Ian
14:32:47 <Ian> RRSAGENT, set logs public
14:34:10 <Ian> rrsagent, bye
14:34:10 <RRSAgent> I see 5 open action items saved in https://www.w3.org/2026/06/04-wpwg-actions.rdf :
14:34:10 <RRSAgent> ACTION: John to investigate creating a pull request to align with the new BBK requirement description. [1]
14:34:10 <RRSAgent>   recorded in https://www.w3.org/2026/06/04-wpwg-irc#T14-07-41
14:34:10 <RRSAgent> ACTION: Sami to get back to Stephen re: any web authn extensions needed with SPC from 3DS WG perspective. [2]
14:34:10 <RRSAgent>   recorded in https://www.w3.org/2026/06/04-wpwg-irc#T14-18-40
14:34:10 <RRSAgent> ACTION: Bjorn to also review pull request 332 and provide feedback. [3]
14:34:10 <RRSAgent>   recorded in https://www.w3.org/2026/06/04-wpwg-irc#T14-19-11
14:34:10 <RRSAgent> ACTION: Stephen to draw up user journeys for roaming authenticators, taking into account how web authentication actually works today [4]
14:34:10 <RRSAgent>   recorded in https://www.w3.org/2026/06/04-wpwg-irc#T14-22-41
14:34:10 <RRSAgent> ACTION: Bjorn to start answering some of the questions in the GitHub issue raised by Stephen. [5]
14:34:10 <RRSAgent>   recorded in https://www.w3.org/2026/06/04-wpwg-irc#T14-23-41
14:34:16 <Ian> zakim, bye
14:34:16 <Zakim> leaving.  As of this point the attendees have been Ian_Jacobs, Stephen_McGruer, Steve_Cole, Dan_Pelegero, John_Earnshaw, Takashi_Minamii, David_Benoit, Ehsan_Toreini, takashi,
14:34:16 <Zakim> Zakim has left #wpwg
14:34:19 <Zakim> ... Rogerio_Matsui, Ryan_Watkins, Sami_Tikkala, Bjorn_Hjelm, Darwin_Yang, Jean-Luc, Sue_Koomen