[PROPOSED] Web Payments Working Group Charter

Status: This charter is being reviewed by the W3C Membership.

The mission of the Web Payments Working Group is to make consumer retail payments easier and more secure on the Web. The group seeks to:

Join the Web Payments Working Group.

Start date 1 January 2022 (date of the "Call for Participation", when the charter is approved)
End date 31 December 2023
Chairs Gerhard Oosthuizen (Entersekt); Praveena Subrahmanyam (Airbnb); Nick Telford-Reed, Invited Expert
Team Contact Ian Jacobs (FTE %: 40%)
Meeting Schedule Teleconferences: Every two weeks (plus task forces)
Face-to-face: 2-3 per year

Background and Topics of Interest

The vision of the Web Payments Working Group —to streamline Web checkout— has evolved since 2015.

The Web Payments Working Group first developed APIs to streamline Web checkout. The following specifications facilitate the exchange of data necessary to complete a transaction: Payment Method Identifiers, Payment Request API, Payment Handler API, and Payment Method Manifest. These technologies are typically used together as follows:

The Working Group discusses many use cases to determine how standardization can benefit the industry, including:

Scope

Based on experimentation with and adoption of the capabilities mentioned above, as well as increased coordination with the payments ecosystem, the group now focuses on:

The Working Group seeks to develop technologies that can be used with a wide variety of payment methods, including card payments, credit transfers, open banking architectures, proprietary payment methods, and mobile wallets. See the section on Coordination for a list of Working Group relationships that inform discussions.

Out of Scope

The following features are out of scope for this group:

  • How digital payment schemes register and communicate with payment instruments. Here, a "digital payment scheme" is a set of rules for the execution of payment transactions that are followed by adhering entities (payment service providers, processors, issuers, acquirers, payers and payees). A payment instrument is an account, token, or other means of fulfilling the payment provider’s role in a digital payment scheme. Some digital payment schemes make internal use of payment instruments from other payment schemes.

Deliverables

Updated document status is available on the group publication status page.

In the section below Draft state indicates the state of the deliverable at the time of the charter approval. Expected completion indicates when the deliverable is projected to become a Recommendation, or otherwise reach a stable state.

Normative Specifications

The Working Group will deliver the following W3C normative specification.

Secure Payment Confirmation

Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.

Draft state: Public Working Draft

Expected completion: Q2 2023

The following specifications do not yet have sufficient cross-browser implementation experience to advance to Recommendation. However, the implementation in Chromium browsers enables experimentation and the Working Group intends to maintain them as Working Drafts. If the implementation landscape changes, the Working Group will revisit the question of advancement to Recommendation and re-charter as needed.

Payment Handler API

This specification defines capabilities that enable Web applications to handle requests for payment.

Draft state: Public Working Draft

Expected completion: Not during this charter period.

Payment Method Manifest

This specification defines the machine-readable manifest file, known as a payment method manifest, describing how a payment method participates in the Web Payments ecosystem, and how such files are to be used.

Draft state: Public Working Draft

Expected completion: Not during this charter period.

Other Deliverables

Payment Request API 1.0 and Payment Method Identifiers are W3C Recommendations. The Working Group will maintain these specifications.

The Working Group has stopped work on the following:

Other non-normative documents may be created such as:

  • Use case and requirement documents;
  • Test suite and implementation report for the specification;
  • Documents to support web developers when designing applications.

Curation of Working Group Resources

The Working Group will continue to curate the following resources it has published:

Timeline

  • Q3 2022: CR for Secure Payment Confirmation

Success Criteria

In order to advance to Proposed Recommendation, each normative specification is expected to have at least two independent implementations of every feature defined in the specification.

Each specification should contain separate sections detailing all known security and privacy implications for implementers, Web authors, and end users.

There should be testing plans for each specification, starting from the earliest drafts.

Each specification should contain a section on accessibility that describes the benefits and impacts, including ways specification features can be used to address them, and recommendations for maximizing accessibility in implementations.

To promote interoperability, all changes made to specifications should have tests.

Security and Privacy Considerations

A key security consideration is the ability to prove message integrity and authentication of all message originators. The Working Group will work with the organizations listed in the Coordination section of the charter to help ensure API security.

Protection of the privacy of all participants in a payment is important to maintaining the trust that payment systems are dependent upon to function. A payment process defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g., as part of a loyalty program) by the owner of the information. The design of any API should guard against the unwanted or inadvertent leakage of such data through exploitation of the API.

Coordination

For all specifications, this Working Group will seek horizontal review for accessibility, internationalization, performance, privacy, and security with the relevant Working and Interest Groups, and with the TAG. Invitation for review must be issued during each major standards-track document transition, including FPWD. The Working Group is encouraged to engage collaboratively with the horizontal review groups throughout development of each specification. The Working Group is advised to seek a review at least three months before first entering CR and is encouraged to proactively notify the horizontal review groups when major changes occur in a specification following a review.

W3C Groups

Web Application Security
For review of security APIs and features.
Web Authentication Working Group
For discussion of strong authentication.
Web Payment Security Interest Group
For discussions about Web payment security and use cases.

External Organizations

EMVCo
EMVCo administers many specifications known collectively as EMV®, including specifications about network tokenization, 3-D Secure, and Secure Remote Commerce.
FIDO Alliance
For discussions of strong authentication.
Open Banking UK, STET, and Berlin Group
For discussion about open banking APIs and Web payments.

Participation

To be successful, this Working Group is expected to have ten or more active participants for its duration, including representatives from the key implementors of this specification, and active Editors and Test Leads for each specification. The Chairs, specification Editors, and Test Leads are expected to contribute one-half of a working day per week towards the Working Group. There is no minimum requirement for other Participants.

The group encourages questions, comments and issues on its public mailing lists and document repositories, as described in Communication.

Participants in the group are required (by the W3C Process) to follow the W3C Code of Ethics and Professional Conduct.

Communication

This group primarily conducts its work on GitHub and the public mailing list public-payments-wg@w3.org (archive). The meeting minutes from teleconference and face-to-face meetings will be archived for public review. Technical discussions and issue tracking will be conducted in a manner that can be both read and written to by the general public. Working Drafts and Editor’s Drafts of specifications will be developed in public repositories and may permit direct public contribution requests. However, meetings themselves are not open to public participation.

Information about the group (e.g., deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Web Payments Working Group home page.

The group may use a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and members of the group, for member-only discussions in special cases when a participant requests such a discussion.

Decision Policy

This group will seek to make decisions through consensus and due process, per the W3C Process Document (Section 3.3). Typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required.

However, if a decision is necessary for timely progress and consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a group vote and record a decision along with any objections.

To afford asynchronous decisions and organizational deliberation, any resolution (including publication decisions) taken in a face-to-face meeting or teleconference will be considered provisional. A call for consensus (CfC) will be issued for all resolutions (e.g., email, GitHub issue or web-based survey), with an appropriate response period depending on the chair’s evaluation of the group consensus on the issue. If no objections are raised by the end of the response period, the resolution will be considered to have consensus as a resolution of the Working Group.

All decisions made by the group should be considered resolved unless and until new information becomes available or unless reopened at the discretion of the Chairs or the Director.

This charter is written in accordance with the W3C Process Document (Section 3.4, Votes) and includes no voting procedures beyond what the Process Document requires.

Patent Policy

This Working Group operates under the W3C Patent Policy (Version of 15 September 2020). To promote the widest adoption of Web standards, W3C seeks to issue Web specifications that can be implemented, according to this policy, on a Royalty-Free basis. For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

This charter has been created according to Section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Charter History

The following table lists details of all changes from the initial charter, per the W3C Process Document (section 5.2.3):

Charter Period Start Date End Date Changes
Initial Charter 21 October 2015 31 December 2017 N/A
Charter Extension 1 January 2018 1 March 2018 None (Rechartering)
2018 Charter 9 March 2018 31 December 2019 Deliverables under consideration since the previous charter are listed in section 1.2.
2020 Charter 19 December 2019 31 December 2021 Deliverables under consideration since the previous charter are listed in section 1.2.
2022 Charter 1 January 2022 31 December 2023 Added SPC. Completed version 1 of Payment Request and Payment Method Identifiers and moved them to maintenance mode. Reset expectations about Payment Handler and Payment Method Manifest timelines. Deprecated Basic Card Payment Method. Dropped SRC Payment Method.

Change log

Changes to this document are documented in this section.