What we have:
* Draft tokenization spec
* Encryption
https://github.com/w3c/webpayments-crypto/issues
IJ: I am still looking for people to either implement or help with crypto expertise
Peter: I commented on older
issues and posted some new ones
... I would like to circle back and propose some text.
https://github.com/w3c/webpayments/wiki/FTF-April2018
IJ: What would we do in a 2-hour breakout?
https://github.com/w3c/webpayments-crypto/wiki/Encryption
JOSE JWE
https://tools.ietf.org/html/rfc7516
https://tools.ietf.org/html/rfc7520
IJ: What would we do with a
2-hour block in Singapore?
... Anybody want to show how comms with TSPs work in
practice?
Ken: I'm looking into that as well
[No volunteers to lead a breakout session]
stpeter: Would be good to have someone from EMVCo lead it
Rick: I can dial in
<scribe> ACTION: Richard to look into getting some implementation resources to experiment with encryption/tokenization
<trackbot> Error finding 'Rick'. You can review and register nicknames at <http://www.w3.org/Payments/WG/track/users>.
[Architecture discussoin]
IJ: We need to review APIs to ensure we have the necessary data for payment apps to call them
Richard: Some of that data will emerge through the 3dS flow
https://w3c.github.io/webpayments-methods-tokenization/index.html
Data sources:
1) Payment request API
scribe: total, currency
2) Payment handler
https://w3c.github.io/payment-handler/
3) Tokenization spec specific bits
https://w3c.github.io/webpayments-methods-tokenization/index.html
4) Data from payment handler
scribe: card number
... etc.
<scribe> ACTION: Richard to determine whether data available to the payment handler suffices for the Token Request API (Amex)
<trackbot> Error finding 'Richard'. You can review and register nicknames at <http://www.w3.org/Payments/WG/track/users>.
https://github.com/w3c/webpayments-methods-tokenization/issues/25
IJ: Mastercard said "You can use a token as you would use a card" so presumably no need for token characteristics
Rich: We would like to know whether merchant plans to store a token, and whether it wants to use a token for recurring payments
https://github.com/w3c/webpayments-methods-tokenization/issues/25#issuecomment-363506135
IJ: Would you mind saying on issue 25 what data you need from the merchant that would be input to the TSP?
Rich: We should enable merchants
to specify domain controls that might affect token
characteristics
... may be 4-5 use cases
<stpeter> i.e., card on file, recurring payment, one-time payment, etc.
<scribe> ACTION: Richard to add characteristics requirements from Amex perspective regarding domain controls
<trackbot> Error finding 'Richard'. You can review and register nicknames at <http://www.w3.org/Payments/WG/track/users>.
<scribe> ACTION: Kristina to look into (for Discover) 1) TSP Api requirements and 2) desired domain control params that would be input to the tokenization API.
<trackbot> Created ACTION-86 - Look into (for discover) 1) tsp api requirements and 2) desired domain control params that would be input to the tokenization api. [on Kristina Smyth - due 2018-03-27].
3 April