IRC log of wpwg on 2017-07-11

Timestamps are in UTC.

15:28:56 [RRSAgent]
RRSAgent has joined #wpwg
15:28:56 [RRSAgent]
logging to http://www.w3.org/2017/07/11-wpwg-irc
15:28:58 [Zakim]
Zakim has joined #wpwg
15:29:06 [Ian]
Meeting: Tokenization Task Force
15:29:20 [Ian]
Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2017Jul/0005.html
15:29:22 [Ian]
Chair: Ian
15:29:58 [Ian]
present+
15:30:02 [Ian]
present+ oyiptong
15:30:05 [Ian]
present+ Roy
15:31:54 [Ian]
present+ Manash
15:32:03 [Ian]
present+ Keyur
15:32:53 [Ian]
present+ SimonDix
15:33:18 [Ken]
Ken has joined #wpwg
15:34:07 [Ian]
present+ Ken
15:34:29 [Ian]
topic: Introduction to Simon Dix
15:34:40 [Ian]
Simon: Hello! I am at Mastercard and do EMVCo tokenization specs
15:35:20 [Ian]
Topic: Updated mission statement
15:35:21 [Ian]
https://lists.w3.org/Archives/Public/public-payments-wg/2017Jul/0005.html
15:35:29 [Ian]
https://github.com/w3c/webpayments-methods-tokenization/wiki
15:36:09 [MANASH_MC]
MANASH_MC has joined #WPWG
15:36:50 [Ian]
topic: Keyur updates
15:37:29 [Ian]
[We go to webex screen share]
15:37:35 [Ian]
Manash: after the call we'll update the wiki
15:38:29 [Ian]
[We review diagram]
15:40:16 [Ian]
Keyur: In some use cases, payment app may do a step-up authentication (after user has selected card to pay with)
15:40:26 [Ian]
....user may need to authenticate to the payment app
15:41:36 [Ian]
Manash: This may be a requirement based on geography, region, scheme
15:42:02 [Ian]
Keyur: Payment response is like for gateway tokens, with some additional information.
15:42:22 [Ian]
..token info in the diagram is always "one time use"
15:42:33 [Ian]
...on subsequent checkouts, the payment handler will always involve the payment app
15:42:47 [Ian]
...at least this would be the case for MC tokens for the time being
15:42:57 [Ian]
Manash: But this could be extended to recurring transactions.
15:44:41 [Ian]
IJ: I suggest saying "Mediator" instead of "paymentHandler" in the diagram
15:47:28 [Ian]
q?
15:50:24 [Ian]
IJ: We could put acquirer on the left and user between browser and payment app
15:50:25 [Ian]
q?
16:02:49 [Ian]
q?
16:03:04 [Ian]
[We spend some time updating flow diagram]
16:03:31 [Ian]
Gateway params page: => https://github.com/w3c/webpayments-methods-tokenization/wiki/gateway_params
16:04:19 [Ian]
Please change "CardBrand" to "supportedNetworks'
16:06:31 [Ian]
Keyur: Need amount and currency for various reasons.
16:07:21 [Ian]
https://w3c.github.io/payment-handler/#the-paymentrequestevent
16:09:08 [Ian]
IJ: remove total since that comes from PR API data set
16:09:54 [Ian]
Keyur: publicKey is optional in case of network tokens
16:10:33 [Ian]
oyiptong: I spoke to Stan (at Stripe) who told me that, at least in the client, they don't need the public key.
16:10:41 [Ian]
...however, some tokenization providers MIGHT need the public key
16:10:49 [Ian]
...to give them flexibility in terms of their infrastruture.
16:11:31 [Ian]
....I think "optional" is fine here
16:11:48 [Ian]
Manash: Do we need to plan for tokenization with 3DS 2.0?
16:13:52 [Ian]
[Repsonse]
16:13:59 [Ian]
Keyur: I think cardholder name can be made optional
16:15:15 [Ian]
Keyur: Payment token or instrument token?
16:15:43 [Ian]
...ultimately the token is for payment, so I moved it to "payment token"
16:16:16 [Ian]
oyiptong: To me the token represents the instrument, rather than representing "this payment" or "a payment"
16:16:28 [Ian]
IJ: What about just "token"?
16:16:33 [Ian]
oyiptong: that could work
16:17:00 [Ian]
IJ: what is diff between token and cryptogram?
16:17:05 [Ian]
Manash: token usually is the DPAN
16:17:40 [Ian]
.......you can have N DPANs for a given FPAN
16:18:27 [Ian]
IJ: Olivier, did you mean "cryptogram" in your proposal?
16:18:39 [Ian]
Oyiptong: Yes, but it may or may not be cryptographically determined.
16:19:44 [Ken]
+Q
16:20:16 [Ian]
ack Ken
16:20:37 [Ian]
Ken: I'd like to advocate for keeping the terms "cryptogram" and "token" separately.
16:20:44 [Ian]
...cryptogram in payments is a well-defined term
16:20:51 [Ian]
...and cuts across tokenized and non-tokenized transactions
16:22:15 [Ian]
IJ: Let's define the terms in the wiki!
16:22:32 [Ken]
+q
16:25:20 [Ken]
+Q
16:25:24 [Ian]
IJ: Summary - the gateway and network inputs are (nearly) identical
16:25:29 [Ian]
...the responses look quite different.
16:25:33 [Ian]
ack Ken
16:25:44 [Ian]
IJ: Do we think this is a single payment method or two?
16:25:52 [Ian]
Ken: Thanks Manash and Keyur (and Olivier)
16:26:34 [Ian]
..it could be useful to carve out when we are looking at "what happens in the app" v. "what happens on traditional rails"
16:27:37 [oyiptong]
q+
16:30:46 [Ian]
IJ: Do merchants tend to accept one type or the other type or both?
16:30:56 [Ian]
...if they are always accepting both, then let's define one identifier.
16:33:26 [Ian]
ack oyiptong
16:35:18 [Ian]
Ian summary:
16:35:25 [Ian]
- could use some additional definitions and terminology harmonziation
16:35:30 [Ian]
- need to figure out 1 or 2 payment methods
16:36:12 [oyiptong]
+1
16:36:30 [Ian]
ACTION: Olivier and Keyur and Manash to do definitions and terminology harmonization and update the wiki
16:36:30 [trackbot]
'Olivier' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., omaas, oyiptong).
16:36:54 [Ian]
Ken: Let's get worldpay and shopify input.
16:36:59 [Ian]
...especially one 1 payment method or 2
16:37:18 [Ian]
Topic: Next call
16:37:24 [Ian]
proposed: 18 July
16:38:13 [Ian]
RRSAgent, make minutes
16:38:13 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/07/11-wpwg-minutes.html Ian
16:38:17 [Ian]
RRSAGENT, set logs public
18:21:10 [zkoch]
zkoch has joined #wpwg
18:56:47 [Zakim]
Zakim has left #wpwg
21:20:48 [zkoch]
zkoch has joined #wpwg