IRC log of wpwg on 2019-09-15

Timestamps are in UTC.

23:30:34 [RRSAgent]
RRSAgent has joined #wpwg
23:30:34 [RRSAgent]
logging to https://www.w3.org/2019/09/15-wpwg-irc
23:30:35 [Zakim]
Zakim has joined #wpwg
23:30:50 [Ian]
rrsagent, this meeting spans midnight
23:30:56 [Ian]
Meeting: Web Payments Working Group
23:31:00 [Ian]
Chair: NickTR
23:31:02 [wanli_]
wanli_ has joined #wpwg
23:31:02 [Ian]
Scribe: Ian
23:31:07 [Ian]
Agenda: https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909
23:31:28 [mweksler]
mweksler has joined #wpwg
23:32:09 [mweksler]
mweksler has left #wpwg
23:32:13 [mweksler]
mweksler has joined #wpwg
23:36:33 [Sophie]
Sophie has joined #wpwg
23:39:02 [marcosc]
marcosc has joined #wpwg
23:45:00 [mweksler]
mweksler has joined #wpwg
23:45:03 [rouslan]
rouslan has joined #wpwg
23:45:42 [norie]
norie has joined #wpwg
23:45:54 [justin_toupin]
justin_toupin has joined #wpwg
23:46:10 [Ciciley]
Ciciley has joined #wpwg
23:46:29 [Ciciley]
Hello!
23:46:49 [Ciciley]
Present +
23:46:56 [Ciciley]
Present+
23:47:13 [Ian]
zakim, who's here?
23:47:13 [Zakim]
Present: Ciciley
23:47:15 [Zakim]
On IRC I see Ciciley, justin_toupin, norie, rouslan, mweksler, Sophie, wanli_, Zakim, RRSAgent, wonsuk, masa-JCB, canton_, pea13, falken, Travis, dlehn, dlongley, rbyers, yoav,
23:47:15 [Zakim]
... hober, nicktr, mkwst, jungkees, danyao, jeffh, slightlyoff, JakeA, Ian, trackbot
23:47:15 [Ian]
present+
23:47:24 [alex_liu]
alex_liu has joined #wpwg
23:47:30 [takashi]
takashi has joined #wpwg
23:47:57 [mweksler]
present+
23:48:00 [wanli_]
present+
23:48:48 [nicktr]
present+
23:49:11 [sahel]
sahel has joined #WPWG
23:49:13 [rouslan]
present+
23:49:43 [jonathan]
jonathan has joined #wpwg
23:49:54 [florent]
florent has joined #wpwg
23:50:06 [alex_liu]
alex_liu has joined #wpwg
23:51:42 [agektmr]
agektmr has joined #wpwg
23:51:44 [tomasz]
tomasz has joined #wpwg
23:51:59 [Roy_]
Roy_ has joined #wpwg
23:55:44 [helloworld]
helloworld has joined #wpwg
23:56:24 [frank]
frank has joined #wpwg
23:57:29 [marcosc]
marcosc has joined #wpwg
23:59:32 [alex_liu]
present+
00:00:21 [jfontana]
jfontana has joined #wpwg
00:02:26 [helloworld]
helloworld has joined #wpwg
00:02:47 [vkuntz]
vkuntz has joined #wpwg
00:03:06 [vkuntz]
present+
00:03:20 [jezza]
jezza has joined #wpwg
00:04:52 [gildas]
gildas has joined #wpwg
00:05:07 [florent]
present+
00:05:11 [gildas]
present+
00:05:35 [wonsuk]
present+ Wonsuk_Lee
00:06:15 [krystosterone]
krystosterone has joined #wpwg
00:06:46 [frank]
present+
00:06:48 [tomasz]
present+
00:06:49 [Roy_]
present+
00:06:50 [Sophie]
present+
00:06:50 [jonathan]
present+
00:06:50 [krystosterone]
present+
00:06:52 [justin_toupin]
present+
00:06:54 [jfontana]
present+
00:06:55 [cwarnier_]
cwarnier_ has joined #wpwg
00:06:56 [sahel]
present+
00:07:02 [benoit]
benoit has joined #wpwg
00:07:05 [benoit]
present+
00:07:06 [Ian]
present+ Tony_Nadalin
00:07:13 [agektmr]
present+
00:07:30 [marcosc]
present+
00:07:30 [Giulio]
Giulio has joined #wpwg
00:07:36 [Giulio]
present+
00:07:37 [cwarnier_]
present+
00:07:42 [AdrianHB]
AdrianHB has joined #wpwg
00:07:44 [Gerhard]
Gerhard has joined #wpwg
00:07:47 [Gerhard]
present+
00:07:49 [html5cat]
html5cat has joined #wpwg
00:08:20 [AdrianHB]
present+
00:08:22 [html5cat]
present+
00:08:36 [jv]
jv has joined #wpwg
00:09:07 [Ian]
present+ Bryan_Luo
00:09:28 [jv]
present+ Jonathan_Vokes
00:09:39 [dwim]
dwim has joined #wpwg
00:09:47 [tung]
tung has joined #wpwg
00:09:55 [dwim]
present +
00:10:30 [cwarnier__]
cwarnier__ has joined #wpwg
00:10:56 [heejin]
heejin has joined #wpwg
00:11:13 [jezza]
present+
00:11:44 [heejin]
present+
00:11:52 [sakiko]
sakiko has joined #wpwg
00:12:09 [krystosterone_]
krystosterone_ has joined #wpwg
00:12:14 [sakiko]
present+
00:12:31 [Wu_yaohua]
Wu_yaohua has joined #wpwg
00:12:57 [Ian]
Topic: Introductions
00:13:28 [Ian]
NickTR: Welcome to the meeting! It is your meeting; let Adrian and Ian and me know if you have priorities we are not addressing.
00:13:53 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
00:14:17 [Ian]
NickTR: Meeting proceedings are public
00:14:24 [marcosc]
nicktr: unlike other organizations
00:15:08 [Ian]
-> https://www.w3.org/2008/04/scribe.html IRC how to
00:15:09 [rouslan]
q+
00:15:09 [marcosc]
q+
00:15:13 [Ian]
q?
00:15:15 [AdrianHB]
ack rouslan
00:15:20 [AdrianHB]
ack marcos
00:15:29 [Ian]
(Nick show us some IRC command magic)
00:15:32 [frank]
frank has joined #wpwg
00:16:06 [Ian]
present+ Jalpesh_Chitalia(Remote)
00:16:07 [Fawad]
Fawad has joined #wpwg
00:17:40 [jv]
jv has joined #wpwg
00:17:41 [Ian]
[Nick reviews the agenda]
00:17:46 [Ian]
-> https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909 Agenda
00:18:59 [L2WD02]
L2WD02 has joined #wpwg
00:19:02 [vkuntz_]
vkuntz_ has joined #wpwg
00:19:15 [vkuntz_]
present+
00:19:31 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
00:20:55 [Ian]
present+ Andy_Estes(RemoteA)
00:23:17 [Ian]
present+ Vishal_Mehta
00:23:39 [Fawad]
Fawad has joined #wpwg
00:23:50 [Ian]
Topic: Meeting Objectives
00:23:55 [Fawad]
present +
00:24:16 [Ian]
---
00:24:17 [Ian]
Remove any blockers to moving Payment Request forward in publication process
00:24:17 [Ian]
Explore enablers for wider engagement of community with Payment Handler
00:24:17 [Ian]
Hear about developments in new payment methods
00:24:17 [Ian]
Agree priorities for future work and re-chartering
00:24:19 [Ian]
Continue to develop our web payment community
00:24:20 [Ian]
---
00:24:39 [Ian]
NickTR: A big value of these meetings is the conversations that happen outside the room
00:24:56 [Ian]
..these relationships sustain us when we are not all in the same room
00:25:02 [frank]
frank has joined #wpwg
00:25:22 [Ian]
..happy memories of reindeer and snowfall and the morning light over the fen.
00:26:18 [Ian]
...if we can walk away Tuesday knowing how we will complete PR API, PMI published, that will be very valuable
00:26:24 [bryanluo]
bryanluo has joined #wpwg
00:26:35 [Ian]
...payment handlers is another important topic - but not as broadly implemented as we'd like
00:26:41 [maxh]
maxh has joined #wpwg
00:26:43 [Ian]
...so we need to understand more of what we need to be doing.
00:26:57 [Ian]
..and then for payment methods I'm interested in hearing about SRC, payments in Asia, Web monetization
00:27:10 [estes]
estes has joined #wpwg
00:27:31 [estes]
present+
00:27:35 [bryanluo]
present+
00:28:55 [jezza]
jezza has joined #wpwg
00:29:07 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
00:29:59 [bryanluo]
bryanluo has joined #wpwg
00:30:40 [Ian]
present+ Jeremy_Wagemans
00:32:08 [Ian]
Topic: Payment Request API 1.0 Status Update
00:32:17 [Ian]
[We start with updates from the Chrome Team]
00:33:19 [Ian]
Rouslan: The remaining Chrome issue wrt Payment Request is actually related to Feature Policy implementation, so we are working with them on it
00:33:29 [Ian]
...we estimate a fix in Chrome 80
00:33:45 [Ian]
...(current version of Chrome is 77(
00:34:59 [Ian]
...thanks to Jinho!
00:35:11 [Ian]
[We see a demo of the new retry functionality]
00:35:16 [jv]
jv has joined #wpwg
00:35:35 [Ian]
...the demo shows the merchant calling retry with an error message customized by the merchant
00:37:10 [html5cat]
html5cat has joined #wpwg
00:37:39 [AdrianHB]
ian: [talk through slides]
00:38:10 [jezza]
jezza has joined #wpwg
00:38:21 [AdrianHB]
... features: identified in 2018, stable since CR (April 2019)
00:39:46 [html5cat_]
html5cat_ has joined #wpwg
00:40:38 [AdrianHB]
... [ talk through tests]
00:40:59 [AdrianHB]
... some small fixes required to get us to CR for frozen feature set
00:42:29 [AdrianHB]
... proposal to address objection from Sam Weiler (W3C Staff) is to replace boolean request for data with requests for specific details of user data
00:42:59 [AdrianHB]
... Sam is happy with proposal but not fully implemented in browsers
00:43:16 [AdrianHB]
... and WG has no implementation experience
00:45:00 [AdrianHB]
rouslan: we suggest this goes into 1.1 as we are already implementing it (i.e. spec version odesn't affect our work as a browser) but it shouldn't hold up having a solid spec (1.0) that has gone to CR
00:45:27 [estes]
Ian: can I type instead?
00:45:42 [Ian]
yes
00:46:32 [heejin]
heejin has joined #wpwg
00:46:56 [AdrianHB]
ian: people can deploy PR API today. There is no need to wait for CR but we need to know if there are members of the community that won't proceed unless the spec is finalized
00:47:03 [gildas]
gildas has joined #wpwg
00:47:14 [Dongwoo]
Dongwoo has joined #wpwg
00:47:24 [AdrianHB]
nicktr: my sense is that getting to CR is a confidence signal
00:48:05 [estes]
Ian: I think the existing requestShipping API with redaction rules is suitable for 1.0. Apple's implementation experience with that type of API is years long and I believe we're comfortable with its privacy characteristics. I'm comfortable with waiting for 1.1 or later for the improved address API.
00:48:43 [AdrianHB]
ian: options for proceeding...
00:48:54 [AdrianHB]
... finish 1.0 with no mention of this feature
00:49:05 [heejin_]
heejin_ has joined #wpwg
00:49:14 [AdrianHB]
... finish 1.0 with a mention of the feature as optional
00:49:24 [AdrianHB]
... include the feature in 1.0
00:49:28 [mweksler]
+1 on finishing 1.0 without the feature and marking it as optional
00:49:36 [sakiko]
sakiko has joined #wpwg
00:49:48 [Ian]
1) Finish 1.0 with no mention of feature
00:49:50 [sakiko]
present+
00:49:53 [Ian]
2) Finish 1.0 with features optional
00:50:06 [Ian]
3) Wait for new feature before finalizing 1.0
00:50:09 [gildas_]
gildas_ has joined #wpwg
00:50:29 [Ian]
Where the feature is defined in this pull request: https://github.com/w3c/payment-request/pull/873#issuecomment-506864905
00:51:12 [marcosc]
q+
00:51:13 [AdrianHB]
ian: there has been a request to apply this to billing address too
00:51:15 [rouslan]
Option 1, please
00:51:38 [AdrianHB]
+1 for option 1
00:51:44 [mweksler]
+1 on options number 2
00:51:56 [wanli_]
+1 for option 2
00:52:25 [estes]
I agree marcosc
00:52:38 [estes]
I think the WebKit impl of this would not change the Apple Pay payment handler
00:52:44 [AdrianHB]
marcos: browser could apply redaction to data even if payment handler provides full address
00:53:30 [Giulio]
q+
00:53:38 [Ian]
ack mar
00:53:41 [AdrianHB]
ian: the data is in the payment method data
00:53:43 [Ian]
ack giu
00:53:45 [benoit]
q/=
00:53:49 [benoit]
q+
00:54:07 [AdrianHB]
rouslan: it is payment method specific (billing address)
00:54:41 [AdrianHB]
giulio: can we add the feature as optional?
00:54:45 [AdrianHB]
ian: that is option 2
00:54:49 [estes]
+1 for option 1
00:55:08 [krystosterone]
+1 for option 1
00:55:10 [jv]
How long is adding the feature going to delay the spec, months or years?
00:55:11 [Ciciley]
Option 2
00:55:18 [benoit]
q+ ... again
00:55:32 [AdrianHB]
ian: we will still support both features for merchants
00:55:37 [marcosc]
q+
00:55:38 [Fawad]
Fawad has joined #wpwg
00:55:41 [Ian]
ack ben
00:55:46 [AdrianHB]
... chrome team suggest adding the feature will take 8 months
00:56:03 [Ian]
benoit: I would opt for the option that does not delay the Rec stamp
00:56:14 [Ian]
...I would also like to see this feature for billing address as well
00:56:26 [Ian]
...billing is only needed to facilitate payment
00:56:27 [Ian]
ack mar
00:56:33 [Ian]
queue==
00:56:41 [Ian]
Marcos: Let's break out on this topic!
00:56:48 [tomasz]
+1
00:57:14 [Roy_]
+1 for option 2
00:57:23 [Ian]
show of hands for option 1: 9
00:57:43 [Ian]
show of hands for option 2: 14
00:57:55 [Ian]
show of hands for option 3 (in v1): 0
00:58:03 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
00:58:29 [Ian]
scribe: Ian
00:58:34 [Ian]
Topic: Payment Handlers
00:58:44 [Ian]
[Justin Toupin from Google presenting]
00:58:52 [nicktr]
q?
00:59:29 [Ian]
[Reminder of what a payment handler is]
01:00:44 [Ian]
Justin: Value proposition is we believe that there will be higher completion rates due to trust
01:00:54 [Ian]
...we also think there are better properties for connectivity
01:01:09 [Ian]
...we also think there is lower implementation effort for a payment handler for than other approaches
01:01:18 [Ian]
...we also think it will help improve reliability
01:01:27 [tobie]
tobie has joined #wpwg
01:01:29 [Ian]
...we also think that this approach will improve payment security.
01:01:34 [Ian]
..the origin of the payment handler is visible
01:01:38 [Ian]
...help reduce phishing risks
01:01:53 [nicktr]
q?
01:01:55 [Ian]
Justin: We continue to invest in the improvement of payment handlers:
01:02:01 [Ian]
- Respond to change events
01:02:17 [Ian]
- Full delegation of requests for contact, shipping info to payment handlers (instead of browser-stored data)
01:02:26 [Ian]
...many payment handler providers see themselves as full identity providers
01:02:49 [Ian]
- Improved ergonomics...we've heard from a number of people and have improved tooling
01:03:06 [Ian]
- Additional UI options ... people wanted more flexibility to developers
01:03:17 [Fawad]
Fawad has joined #wpwg
01:03:34 [Ian]
Demo: Payment handler can get updated total from merchant based, on, e.g., changes in billing address
01:04:55 [nicktr]
q?
01:05:33 [jezza]
jezza has joined #wpwg
01:05:46 [Ian]
gerhard: I'm following in the specs. In the payment handler spec is this defined?
01:06:21 [Ian]
Rouslan: The event is part of payment request (paymentmethodchange event)
01:07:09 [marcosc]
https://w3c.github.io/payment-request/#paymentmethodchangeevent-interface
01:08:36 [Ian]
AdrianHB: You can see that the paymentMethodChangeEvent only tells you method name and "method details" blob
01:09:05 [nicktr]
q?
01:09:06 [Ian]
...the question is whether we want the billing address to be a standard model...that might let us simplify the topic of removing pieces of billing address
01:09:31 [Ian]
[Just in time install]
01:10:05 [jezza]
jezza has joined #wpwg
01:10:18 [Ian]
Rouslan: We now make just-in-time payment handler installation in more cases.
01:10:52 [Ian]
...so if the merchant accepts A and B and the user has a payment handler for A, chrome will now show B for just-in-time installation
01:11:03 [Ian]
[Payment handler event logging]
01:11:31 [Ian]
Rouslan: We have heard payment handler developers say that developing the handler can be confusing, so we have built a tool to help developer handlers
01:11:41 [Ian]
...some improvements include more verbose messaging
01:12:15 [urata]
urata has joined #wpwg
01:12:25 [AdrianHB]
q?
01:12:45 [Ian]
...we now put messages in the console while testing
01:13:02 [Ian]
...and when deployed, they can be collected on the server side and analyzed
01:13:18 [Ian]
..what we are seeing on the screen is the ability to see the events fired in the payment handler and see what happens
01:13:30 [vkuntz]
vkuntz has joined #wpwg
01:13:43 [vkuntz]
present+
01:14:10 [nicktr]
q?
01:14:53 [Ian]
[Delegation of requests for contact, shipping to payment handlers]
01:15:07 [Ian]
[Sahel shows a proof of concept]
01:15:27 [Ian]
See also the -> https://github.com/sahel-sh/shipping-contact-delegation/blob/master/Explainer.md Explainer from Sahel
01:15:53 [nicktr]
q?
01:16:04 [Ian]
...we think that this will reduce checkout times due to skipping the sheet
01:16:18 [Ian]
...we propose that at registration time, the handler tells the browser what the handler can handle
01:16:52 [Fawad]
Fawad has joined #wpwg
01:17:27 [Ian]
...if the payment handler can handle a request, we don't show the request in the sheet (and that is true for each type of data: address, contact)
01:18:00 [Ian]
Justin: If the payment handler claims to be able to supply data, the expectation is that the payment handler will do so.
01:18:19 [jezza]
jezza has joined #wpwg
01:18:26 [Ian]
Sehal: Today we are doing partial delegation; another option is "all or nothing"
01:18:34 [tomasz]
+q
01:18:41 [Ian]
AdrianHB: You want to be sure the browser does not give data to the payment handler
01:18:42 [Ian]
Justin: That's correct
01:19:03 [Ian]
Sehal: Today the merchant has said what they want. They don't make any change to their call. It's just who handles it that changes.
01:19:20 [Ian]
Tomasz:These are the payment options. (Our demo does not show billing address)
01:20:59 [AdrianHB]
q?
01:21:01 [nicktr]
ack
01:21:08 [nicktr]
ack tomasz
01:21:12 [Ian]
IJ: Payment handler API does not yet show passing these booleans to the payment handler; that is todo
01:21:28 [Ian]
Sehal: What Chrome proposes is new APIs for change shipping address/options
01:21:46 [Ian]
...and notifying the merchant of changes so the merchant can update the total
01:22:17 [Ian]
[More UX improvements in the payment handler implementation in Chrome]
01:22:35 [Ian]
Rouslan: We have heard that people want a more native like user experience
01:23:21 [Ian]
...in first implementation payment handler screen was 70% of height of window
01:23:26 [jezza]
jezza has joined #wpwg
01:23:38 [Ian]
...that is fixed and was creating some problems for payment handlers requiring more space
01:23:44 [bryanluo]
bryanluo has joined #wpwg
01:23:52 [Ian]
...so we are experimenting with enabling payment handler UI to expand to the top of the screen
01:24:22 [Ian]
Justin: The use case is payment sheets with long scroll bar...that would trigger automatic expansion in height
01:24:41 [Ian]
AdrianHB: Does this change the spec?
01:24:52 [Ian]
Justin: No. I'd like to hear from payment handler developers
01:25:17 [Ian]
(7-ish payment handler developers in the room)
01:25:25 [Ian]
NickTR: Why not more?? :)
01:26:17 [Ian]
Rouslan: Some payment handler developers want the browser to handle some of the UI (e.g., list credit cards, authenticate the user)
01:26:24 [Ian]
...one thing that we are thinking about is "minimal UI flow"
01:27:05 [Ian]
...in some circumstances, some payment handlers could say "I would like to handle only name, total, account balance"
01:27:44 [nicktr]
q?
01:28:08 [Ian]
....in this demo, user just initially sees a prompt to authenticate
01:28:15 [Ian]
..user can pull payment handler window up to see more
01:29:09 [Ian]
...we are thinking about various constraints.
01:29:30 [Ian]
...e.g., during registration there may be some sort of negotiation of when to show the minimal UI
01:29:44 [nicktr]
q?
01:30:00 [Ian]
...one other thing is that if this UI is enabled, the payment handler would not be able to show other UX
01:30:26 [Ian]
Justin: We have been exploring the range of complexity of payment handler UX
01:31:03 [Ian]
Gerhard: These are great. One of the ones that we'd been looking for is to flip into a bank app, interact with the bank app, and then flip back
01:31:11 [Ian]
Roiuslan: We have heard that use case. I Think we can use that today
01:31:18 [Ian]
..the bank app would alter their payment method manifest a bit
01:31:43 [Ian]
...and if the merchant calls PR API with the information that matches the banking app, then chrome will validate the app, flip into it, and then flip back to the merchant
01:31:49 [Ian]
...this is how Google pay works today in India
01:32:00 [Ian]
...Anders Rundgren has built a demo of this
01:32:11 [jezza]
jezza has joined #wpwg
01:32:30 [Ian]
IJ: Why did you call this Native as opposed to "Minimal"
01:32:45 [Ian]
Justin: I agree "minimal" is probably a better description
01:33:19 [Ian]
Ian: For the breakout: how payment handlers specify what they want.
01:33:44 [Ian]
Justin some questions for discussion in the breakouts:
01:33:50 [Ian]
- What do we need to do to make payment handlers successful?
01:33:58 [Ian]
- What needs to be part of the payment handler API?
01:34:06 [Ian]
- What parts of UX are exciting to people?
01:34:35 [jezza]
jezza has joined #wpwg
01:34:56 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
01:35:10 [Ian]
Ian: Another big topic for breakout session - how to get more payment handler support
01:36:18 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
01:43:20 [estes]
estes has joined #wpwg
01:46:04 [Roy]
Roy has joined #wpwg
01:51:30 [Vishal]
Vishal has joined #wpwg
01:51:34 [bryanluo]
bryanluo has joined #wpwg
01:52:15 [bryanluo]
bryanluo has joined #wpwg
01:55:56 [jezza]
jezza has joined #wpwg
01:58:00 [frank]
frank has joined #wpwg
01:59:19 [jonathan]
jonathan has joined #wpwg
01:59:26 [alex_liu]
alex_liu has joined #wpwg
02:03:33 [rouslan]
rouslan has joined #wpwg
02:04:41 [AdrianHB]
AdrianHB has joined #wpwg
02:05:30 [jezza]
jezza has joined #wpwg
02:05:53 [Ian]
[End of break]
02:05:59 [marcosc]
marcosc has joined #wpwg
02:06:41 [Ian]
Topic: Card Payment Security
02:07:45 [nicktr]
scribenick: nicktr
02:07:57 [bryanluo]
bryanluo has joined #wpwg
02:08:01 [jalpesh]
jalpesh has joined #wpwg
02:08:04 [Gerhard]
Gerhard has joined #wpwg
02:08:07 [tobie]
Present+
02:08:10 [jv]
jv has joined #wpwg
02:08:14 [nicktr]
Ian: welcome back. Can new joiners please identify themselves on irc with present+
02:08:19 [Vishal-Expedia]
Vishal-Expedia has joined #wpwg
02:08:19 [jv]
present+
02:08:24 [jalpesh]
present+
02:08:30 [jezza]
jezza has joined #wpwg
02:08:47 [nicktr]
Topic: Security Task Force
02:08:50 [lgombos]
lgombos has joined #wpwg
02:09:10 [masa-jcb]
masa-jcb has joined #wpwg
02:09:31 [lgombos]
Present+ Laszlo_Gombos
02:09:34 [nicktr]
Ian: We had hoped to have an introduction on SRC from a delegate from EMVco but we couldn't get that sorted out
02:09:38 [benoit]
+1 for SRC summary
02:10:25 [nicktr]
...but we do have a document that the task force have been working on
02:10:50 [Fawad]
Fawad has joined #wpwg
02:11:10 [nicktr]
Ian: this draft is not currently public so it's still work in progress
02:11:13 [bryanluo]
bryanluo has joined #wpwg
02:11:51 [dave2037]
dave2037 has joined #wpwg
02:11:57 [nicktr]
Ian: (Pause while everyone reads the introduction to SRC on the screen)
02:12:33 [nicktr]
q?
02:12:57 [nicktr]
...Any questions on SRC?
02:13:16 [Ian]
[Ian does mini intro to SRC]
02:13:16 [nicktr]
(None)
02:13:18 [Ian]
scribenick: Ian
02:13:29 [Ian]
Jonathan: I'll show progress since the April discussion and demo.
02:13:39 [bryanluo]
bryanluo has joined #wpwg
02:13:44 [zino]
zino has joined #wpwg
02:13:45 [Ian]
...in April we illustrated how the EMVCo SRC specifications could be implemented within PR API flows
02:13:56 [Ian]
...to show that the specs are not in competition but that they can be used together.
02:14:07 [Ian]
...in the 5 months since then we have been looking into the details of that integration
02:14:16 [Ian]
...what are the challenges we need to resolve?
02:14:20 [Ian]
..what data model is involved?
02:14:26 [Ian]
...how will identity and authentication work?
02:14:35 [Ian]
...how to identify the user to enable them to access enrolled SRC cards
02:14:41 [Ian]
...how can we leverage Web Authentication?
02:14:55 [Ian]
...or identities from other identity providers
02:15:09 [Ian]
....the goal today is to walk through some user experience flows
02:15:23 [Ian]
...have been working with Jalpesh (Visa) and Tomasz (Mastercard) on the details
02:15:32 [Ian]
...the first flow is "New user who is adding a card to SRC"
02:16:12 [Ian]
...the second flow is "Returning user on the same device; select a previously enrolled card"
02:16:26 [Ian]
...third flow is "Returning user but using Web Authentication"
02:16:28 [tomasz]
More details on SRC, including set of specifications, can be found on EMVCo website: https://www.emvco.com/emv-technologies/src/
02:17:03 [Ian]
...the user may want to have protected access to cards or frictionless access to card.
02:17:20 [Ian]
...when I select a card to pay with, I may ALSO have to authenticate. We want to avoid the user having to do too many authentications
02:17:22 [gildas]
gildas has joined #wpwg
02:17:31 [Ian]
Tony: When you say "Authenticate the transaction" what are you authenticating to?
02:17:34 [Ian]
Jonathan: The bank.
02:17:37 [Ian]
...that could be done in a few ways
02:17:53 [Ian]
...the goal is ultimately for the bank to recognize the cardholder.
02:18:03 [Ian]
...this could be required by PSD2, or simply based on a risk assessment
02:18:14 [Ian]
Tony: You take into account the information provider in the PSd2 situation?
02:18:25 [Ian]
...are you authenticating both ";info provider" and "payment provider"?
02:18:32 [Ian]
...I may need some information before I do the payment.
02:18:40 [Ian]
Jonathan: We'll dive in after the demo
02:19:35 [Ian]
[Demo shows mobile checkout]
02:19:49 [Ian]
Jonathan: I am going to buy shoes. I click the "Checkout" button which is the SRC trigger.
02:19:54 [Ian]
...ah, but first some assumptions;
02:20:22 [Ian]
(1) payment method can be implemented by browser or payment handler
02:20:30 [Ian]
(2) We show a demo of skipping the sheet
02:20:53 [Ian]
...some questions about payment handler ecosystem to discuss
02:21:17 [Ian]
....so in this demo I am a new user (to the SRC system(s))
02:21:31 [Ian]
...so I will enter a new card (in the SRC system)
02:22:38 [tung]
tung has joined #wpwg
02:22:51 [Ian]
Jonathan: I am glad Chrome is working on expanding the payment handler window when there's a lot of content!
02:23:09 [Ian]
...in this example, there's a user identity that is an email address
02:23:27 [Ian]
...that data could come from a variety of sources, including typing by the user but also some email known to the browser for this user
02:23:52 [Vishal-Expedia]
q+
02:23:53 [MaheshK]
MaheshK has joined #wpwg
02:24:13 [Ian]
...after i enter data in the payment handler I enroll it in the SRC system. This demo is frictionless, but the demo could do 3DS for example
02:24:32 [AdrianHB]
q?
02:24:34 [Ian]
q+
02:24:36 [Ian]
ack Vishal
02:24:37 [norie]
norie has joined #wpwg
02:24:59 [Ian]
Vishal: This is not exactly frictionless. I have to wait for the customer to add a card to SRC
02:25:17 [Ian]
...the flow seems similar to google pay
02:25:46 [Ian]
...why as a merchant would I opt for SRC when I need the user to add a credit card.
02:25:48 [jalpesh]
q+
02:25:52 [Ian]
...which might lead to a drop in auth rates
02:25:53 [nicktr]
q?
02:26:13 [Ian]
Jonathan: I mean by frictionless that there was no customer authentication.
02:26:35 [Ian]
...in this demo, the user has never enrolled a card. It could be that issuers already push cards into the system, which would reduce user typing.
02:27:14 [jv]
q+
02:27:15 [Ian]
...part of the guest checkout experience in general requires the user to enter some card; but we are hoping for more and more experiences where the user doesn't have to enter info...this flow is the "worst case" one we are seeing; they are smoother once the user has enrolled a card.
02:27:39 [Ian]
Jonathan: This email is stored by the SRC system to identify a user and cards. So when I change devices, I just have to enter email on a new device.
02:27:50 [Ian]
...but for a new device, I will need to be verified, and those approaches may vary
02:27:58 [Ian]
...e.g., OTP or trusting an identity provider, etc.
02:28:02 [sakiko]
sakiko has joined #wpwg
02:28:10 [sakiko]
present+
02:28:11 [Ian]
ack Jalpesh
02:28:41 [Ian]
jalpesh: I agree with Jonathan's comments. The key point I want to emphasize is that this flow does not come into play unless the merchant says the user has to key in data.
02:29:03 [Ian]
ack jv
02:29:33 [justin_toupin]
justin_toupin has joined #wpwg
02:29:39 [justin_toupin]
+q
02:29:42 [Ian]
ack me
02:29:44 [Ian]
ack justin
02:29:53 [Ian]
justin_toupin: How do you see this working with other payment handlers?
02:30:01 [jalpesh]
q+
02:30:38 [Ian]
Justin: How would this work with an existing wallet?
02:31:15 [Ian]
Rouslan: Another way to ask the question: can you see PayPal, Google Pay, etc. accessing SRC for cards?
02:31:19 [Ian]
Jonathan: Yes
02:31:21 [Ian]
ack Jal
02:31:24 [jalpesh]
q-
02:31:35 [bryanluo]
bryanluo has joined #wpwg
02:31:38 [bryanluo]
bryanluo has joined #wpwg
02:31:53 [Ian]
[Demo of returning user; first is with frictionless auth and second is with user interaction]
02:32:59 [jezza]
jezza has joined #wpwg
02:33:06 [Ian]
Jonathan: In this demo, the payment handler queries SRC system(s) using the user identity. If the SRC systems have enrolled cards, they are displayed in the payment handler
02:33:30 [Ian]
..when a select a card, I get information about the card (and the token payload)
02:34:00 [Ian]
...so in this demo the user chooses a card and the token payload is returned through PR API to the merchant
02:34:07 [Vishal-Expedia]
q+
02:34:16 [Ian]
..there was no need to authenticate the user to give access to the src-enrolled cards
02:34:23 [Ian]
...and no need in this demo to authenticate the user for this transaction
02:34:34 [Ian]
...3DS may have been invoked behind the scene
02:35:15 [Ian]
Vishal-Expedia: Can the merchant say what information they want.
02:35:54 [Ian]
Ian: PR API has shipping address as optional (for the merchant)
02:35:59 [Ian]
Tomasz: SRC functions similarly
02:36:02 [Sophie]
q+
02:36:13 [Ian]
ack Vish
02:36:27 [Ian]
present+ Lawrence_Cheng
02:36:31 [nicktr]
ack Vishal-Expedia
02:37:31 [Ian]
Lawrence: Payment doesn't happen yet when the user pushes "continue"
02:37:32 [Giulio]
Giulio has joined #wpwg
02:37:50 [Ian]
Jonathan: Correct; auth etc can happen at that stage
02:37:54 [Ian]
....e.g., 3DS or other
02:38:21 [Ian]
...3DS invocation could happen from within the payment handler if the merchant asks for the payment handler to do it on the merchant's behalf.
02:38:39 [Ian]
Lawrence: How do you see this experience compared to Apple Pay and Google Pay?
02:38:43 [Giulio]
q+
02:38:47 [Ian]
Jonathan: That's the next demo
02:38:56 [Ian]
..we do some device auth as part of the payload you submit
02:39:45 [Ian]
Sophie: Thanks, these demos are really helpful !
02:40:01 [Ian]
...the question I have is - how does the handoff happen between PR API and SRC system
02:40:08 [Ian]
...you could also do this without PR PAI
02:40:14 [Ian]
s/PAI/API
02:40:23 [Ian]
Jonathan: I am starting with the font end, then Tomasz will show backend work
02:40:40 [Ian]
ace giu
02:40:46 [nicktr]
ack Sophie
02:40:46 [Ian]
s/ace giu//
02:40:50 [nicktr]
ack Giulio
02:41:03 [maxh]
maxh has joined #wpwg
02:41:30 [jfontana]
jfontana has joined #wpwg
02:41:33 [Ian]
Giulio: My understanding is that if the user had only once card enrolled (or 2 enrolled but 1 as a default) that you could skip a screen and go straight to the next screen.
02:41:38 [maxh]
maxh has joined #wpwg
02:42:03 [jezza]
jezza has joined #wpwg
02:42:31 [nicktr]
q?
02:42:58 [Ian]
[IJ: Skip the sheet is a browser thing; once a payment handler has been launched, it's up to the payment handler to do optimizations in user experience]
02:43:32 [wonsuk]
wonsuk has joined #wpwg
02:43:37 [Ian]
q?
02:43:38 [jalpesh]
jalpesh has joined #wpwg
02:43:38 [jalpesh]
q+
02:44:07 [Ian]
Gerhard: In the flows you have ,you already say "welcome back Allison"...you could show a default card but allow the user to choose a different card.
02:44:17 [Ian]
...that's just an example of a streamlined flow optimization
02:44:34 [urata_]
urata_ has joined #wpwg
02:44:35 [jezza]
jezza has joined #wpwg
02:45:13 [jalpesh]
q-
02:45:19 [Ian]
(Consensus that payment handlers can optimize the UX)
02:45:28 [Ian]
Giulio: You could also have the option of adding a card in the same way
02:45:30 [Ian]
Joanthan: Agreed
02:45:45 [Ian]
...the real idea here is that when I click the "checkout" button I see my cards (however optimized()
02:45:48 [Ian]
q?
02:47:24 [Ian]
[Demo: Returning user on same device]
02:47:36 [Ian]
Jonathan: Suppose I don't trust the device (eg., a shared device)
02:47:54 [Ian]
...in previous example, for example, a cookie might have been used once the user has been recognized.
02:48:03 [Ian]
...we can use web authentication to access the card list
02:48:20 [Ian]
...so I pick the payment handler, authenticate with my thumbprint, then I see the list of card.
02:49:34 [jezza]
jezza has joined #wpwg
02:49:46 [Ian]
...one question is the user experience on a device with multiple web authn identifies
02:50:03 [jezza]
jezza has joined #wpwg
02:50:03 [Ian]
...we did some demos and it worked with Chrome on Desktop but not on Chrome
02:50:16 [Ian]
q?
02:50:48 [Ian]
@@: When you showed the UI, was the content bound to the signature that FIDO gave?
02:51:08 [Ian]
Jonathan: The WebAuthn here is to get access to card metadata.
02:51:19 [Ian]
...for that I need an identity that I can use with different SRC systems
02:51:29 [Ian]
...there is an assumption that the user had already enrolled previously (with FIDO keys)
02:51:40 [Ian]
...so that key is bound to the card list
02:51:51 [bryanluo]
bryanluo has joined #wpwg
02:53:44 [Ian]
[Discussion of how this works]
02:54:16 [Ian]
JeffHodges: This is not yet specified but could occur as follows: the SRC system would say "the user is not authenticated; you're asking me to return info about a card but I don't yet know the user"
02:54:23 [Ian]
...there was no ambient authentication passed in.
02:54:25 [jalpesh]
q+
02:54:55 [Ian]
....so if the SRC system wants to authenticate the user, it would make a request to the device, and that's where WebAuthentication would occur
02:55:12 [Ian]
...how WebAuthn is woven into SRC needs to be part of the SRC spec (If I am correct)
02:55:26 [rouslan]
q+
02:55:47 [nicktr]
ack jalpesh
02:56:18 [Ian]
Jalpesh: I didn't quite follow that. But I agree with Jonathan's perspective. We are saying the relying party is the payment handler. The payment handler talks to the SRC system.
02:56:59 [Ian]
Tony: The registration would have to happen to the SRC system at some point. The SRC system would then have the public key of the client. It would be up to the SRC system to look up the key to find out what key ids are related and then those are displayed accordingly.
02:57:09 [tomasz]
+q
02:57:30 [jezza]
q+
02:58:08 [tomasz]
q-
02:58:13 [Ian]
[We touch on the delegation of TLD+1...a topic for tomorrow]
02:59:09 [Ian]
Rouslan: It's possible that SRC will invoke the authentication. But it's also possible that the payment handler does the WebAuthn and the backend trusts the payment handler.
02:59:20 [Ian]
q?
02:59:22 [Ian]
ack rouslan
02:59:53 [Ian]
Jonathan: SRC system may decide to trust SOME payment handlers who do Web Authn for access to cards
03:00:25 [Ian]
...I agree there are two approaches: SRC does auth (for access to cards) or SRC trusts payment handler
03:01:02 [Ian]
...again here we are discussing access to card list, not cardholder authenticfation
03:01:09 [Ian]
s/authenticfation/authentication
03:01:41 [Ian]
q+ Lawrence
03:01:44 [Ian]
ack jezza
03:02:22 [Ian]
jezza: I want to clarify something around authentication. In the demo, the user authenticated with the SRC system. If my user is in Europe and the transaction is not exempted for SCA, then the user will need to re-authenticate with the issuer.
03:02:31 [Ian]
...so now we are in the scenario where the user has to authenticate twice
03:02:48 [Ian]
Jonathan: Before trying to answer this question, let me show you another flow
03:03:21 [Ian]
...if we assume that I am a recognized user on a device and I can access the cards, and we merge the two together. ...
03:03:39 [Ian]
...when I select a card, because of PSD2 regulation or a risk decision, I may have to authenticate the consumer.
03:03:53 [Ian]
...it could be the merchant invoking 3DS or the merchant could delegate to the payment handler
03:04:07 [Ian]
..the payment handler could invoke 3DS OR the payment handler could authenticate with WebAuthn.....
03:04:22 [Ian]
..that means previously you had an enrollment for that card, where the user then authenticates the user with normal SCA
03:04:58 [tomasz]
q?
03:05:24 [Ian]
...it is possible for the first Web Authentication used to access the card could be reused as input to a 3DS process.
03:05:57 [Ian]
...the strong signal would then reduce the odds of step-up under 3DS.
03:06:47 [Ian]
IJ: So the payment handler reuses the blob from the first Web Authentication as input to the subsequent 3DS flow initiated by the payment handler
03:07:12 [Ian]
Lawrence: What's in the payment method payload?
03:07:22 [Ian]
Jonathan: Can include token and cryptogram.
03:07:39 [Ian]
...that is then used by the merchant or PSP for authorization
03:08:01 [tomasz]
+q
03:08:17 [norie]
norie has joined #wpwg
03:08:21 [AdrianHB]
ack LAwrence
03:09:12 [Ian]
Lawrence: If the payload contains the token which is uniquely identified to the consumer, would the issuing bank have to do the SCA?
03:09:38 [Ian]
Jonathan: That's separate from the token. We are talking about authentication for the transaction. There are multiple options including merchant calling 3DS once they have the payload.
03:09:51 [Ian]
...or if it's the payment handler who has been doing this on the merchant's behalf.
03:09:52 [vkuntz]
vkuntz has joined #wpwg
03:09:55 [vkuntz]
present+
03:09:56 [Ian]
q?
03:11:09 [Ian]
Jonathan:The issuer is always responsible for the SCA. But the issuer can delegate this function, and the issuer can (based on WebAuthn data) can make a choice not to do SCA. That would still be compliant with SCA either through delegation or step-up if needed.
03:11:21 [norie]
norie has joined #wpwg
03:11:25 [Ian]
Nick: The issuer is definitely responsible. But that doesn't mean that they actually have to perform the task.
03:11:28 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:12:12 [Ian]
Tomasz: The SRC-I role is the actor that invokes payment request on behalf of the merchant. (The merchant could also be the SRC-I). The SRC-I receives the credentials.
03:12:39 [Ian]
...the SRC-I can only receive displayable data (which merchant can display to the user)
03:13:02 [Ian]
...the merchant's PSP could receive the part of the data that is just for payments
03:13:24 [zino]
zino has joined #wpwg
03:13:49 [Ian]
[Tomasz shows data model]
03:14:45 [Ian]
-> https://github.com/w3c/src/wiki DRAFT SRC Payment method
03:14:46 [jonathan]
jonathan has joined #wpwg
03:16:19 [nicktr]
q?
03:16:27 [nicktr]
ack tomasz
03:16:35 [Ian]
q+ to ask about conformance to draft data model
03:17:32 [nicktr]
q+ to ask about SRCI role
03:18:13 [jeffh]
thx
03:18:46 [Ian]
Tomasz: Note that we have some redundancy between booleans in PR API to request some data and the draft SRC payment method; we need to look into simplifying that
03:19:26 [nicktr]
q?
03:21:11 [jezza]
jezza has joined #wpwg
03:23:07 [AdrianHB]
tomazs: [talking through slides]
03:24:15 [AdrianHB]
ian: our goal is to define a datamodel for SRC and PR API that is common between networks
03:25:03 [AdrianHB]
... next question will be whether or not we take this up as WG deliverable
03:25:16 [AdrianHB]
... so next question is, can you make a tx using the data model?
03:25:19 [nicktr]
ack Ian
03:25:19 [Zakim]
Ian, you wanted to ask about conformance to draft data model
03:25:23 [AdrianHB]
tomasz: not yet
03:25:35 [Ian]
tomasz: More work needed to complete the data model
03:25:50 [AdrianHB]
scribe_nick: adrianhb
03:25:57 [Ian]
Jonathan: If we want the data model to be totally complete, the question is who works on that, and how do we ensure it works with EMVCo.
03:26:03 [marcosc]
+q
03:26:23 [Ian]
Jonathan: So we probably need to invite EMVCo so send more people to the task force
03:26:24 [Ian]
ack nick
03:26:24 [Zakim]
nicktr, you wanted to ask about SRCI role
03:26:27 [gildas]
gildas has joined #wpwg
03:26:45 [Ian]
nicktr: The proposal as it stands assumes that the person building the PR API call is the SRC-I
03:27:02 [Ian]
...or that they are downstream from the SRC-I....but I"m not sure that's the correct assumption.
03:27:13 [Ian]
...that prevents the payment handler from being the SRC-I.
03:27:28 [Ciciley]
Ciciley has joined #wpwg
03:27:39 [Ian]
....there are some things that look like payment handlers today that are aware of the identity of the merchant
03:28:03 [Ciciley]
Present+
03:28:04 [Ian]
...the note I would give at this stage - I'm not sure we want to assume the SRC-I is on the side of the payment requestor.
03:28:23 [Ciciley]
I had to reload the page
03:28:45 [hadleybeeman]
hadleybeeman has joined #wpwg
03:29:22 [Ian]
Jalpesh: There is no reason a company like Stripe couldn't be both the payment handler and the SRC-I
03:29:40 [Ian]
...payment handler / DCF plays role on behalf of consumer; SRC-I represents merchant (whether merchant or PSP)
03:29:47 [michelweksler]
michelweksler has joined #wpwg
03:30:16 [AdrianHB]
q?
03:30:27 [Ian]
...we don't have to call it the SRC-I in the w3c spec. Any developer can call PR API. In EMVCo terms that's called the SRC-I.
03:30:40 [Ian]
Tomasz: I think it's probably important to discuss.
03:30:57 [Ian]
....if SRC-I does invoke PR API, the SRC-I can provide this information.
03:31:24 [Ian]
q?
03:31:40 [Ian]
ack mar
03:32:45 [Ian]
marcosc: Please avoid "object" in WebIDL if you can due to security issues
03:32:46 [nicktr]
q?
03:33:07 [Ian]
Tomasz: Here's why we defined them as Object today - it's due to the EMVCo spec. We don't have specific typed objects in the SRC spec.
03:33:08 [Ian]
?
03:33:12 [Ian]
q?
03:33:21 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:34:55 [nicktr]
q?
03:35:30 [Gerhard]
question: Can we get the link to the SRC Wiki, pls?
03:36:02 [Ian]
-> https://github.com/w3c/src/wiki SRC WIki
03:38:27 [nicktr]
q?
03:39:41 [Fawad]
Fawad has joined #wpwg
03:40:18 [nicktr]
q+ to ask if any EMV member has published their implementation specifications or a timetable yet?
03:40:40 [AdrianHB]
ian: desire to ensure there is no gap in flow for users that have cards. Some experiments from with Chrome team
03:41:02 [AdrianHB]
... can we show individual cards in payment sheet?
03:41:34 [AdrianHB]
... another topic we need to explore is user identity
03:41:45 [AdrianHB]
... where does it come from, who vouches for it
03:41:45 [nicktr]
q?
03:41:48 [rouslan]
q+
03:42:15 [Ian]
AdrianHB: We have something of an entity modeling challenge.
03:42:16 [Gerhard]
q+
03:42:38 [wonsuk]
wonsuk has joined #wpwg
03:42:42 [Ian]
...when we first designed this architecture, we had the concept of a payment handler which is executable code distributed by a publisher. And inside of that there are instruments.
03:42:55 [Ian]
...but it doesn't map well to SRC...there is more required in SRC on identity
03:42:56 [nicktr]
q- later
03:43:28 [Ian]
AdrianHB: I Think we can generalize some of the things that SRC is showing us
03:43:37 [AdrianHB]
q?
03:43:46 [tomasz]
q+
03:44:31 [jeffh]
q?
03:44:34 [Ian]
ack Rouslan
03:45:27 [Fawad_]
Fawad_ has joined #wpwg
03:45:39 [Ian]
Rouslan: Chrome Team would like to see some SRC experience in the market that is working end-to-end
03:45:56 [Ian]
....that will enable us to think more about how the browser can optimize the user experience.
03:46:08 [jalpesh]
jalpesh has joined #wpwg
03:46:08 [jalpesh]
q+
03:46:50 [Ian]
Rouslan: Yes, we should continue SRC work.
03:47:20 [marcosc]
q+
03:47:59 [marcosc]
q-
03:48:08 [Ian]
...I am ack Ger
03:48:18 [nicktr]
ack Ger
03:48:18 [Ian]
s/...I am ack Ger//
03:48:46 [Ian]
Gerhard: We are wondering (as reps of banks) how to add ourselves to the ecosystem. I have an option of being a payment handler.
03:49:12 [Ian]
...the ultimate authenticator will want to be the issuer
03:49:29 [Ian]
...is there a way in which the payment handler can hand off to the issuer for the authentication.
03:49:34 [Ian]
...I think something's possible
03:49:47 [Ian]
...so the question is whether there can be delegation
03:50:21 [Ian]
...we need to be clear about what the issuers need to do..otherwise the issuers are going to try to do too much, and confusion will prevent adoption
03:51:35 [Ian]
NickTR: Have any schemes published SRC implementations or a timetable for such?
03:52:00 [Ian]
Jalpesh: Visa publicly announced that we will migrate our acceptance and our experiences into SRC. We haven't quite published a timetable.
03:52:55 [jezza]
jezza has joined #wpwg
03:53:07 [Ian]
...when available the systems will be available for testing by various parties in the ecosystem (including folks here)
03:54:04 [Ian]
Jonathan: We made similar announcements.
03:54:15 [Ian]
..launch is imminent
03:54:29 [tomasz]
q?
03:54:43 [AdrianHB]
ack nicktr
03:54:43 [Zakim]
nicktr, you wanted to ask if any EMV member has published their implementation specifications or a timetable yet?
03:54:45 [jalpesh]
q-
03:55:03 [AdrianHB]
ack tomasz
03:56:51 [nicktr]
q?
03:57:09 [Ian]
Tomasz: I agree we should continue; but also have more work on "how"
03:58:19 [Ciciley]
Ciciley has joined #wpwg
03:58:39 [Ciciley]
Present+
03:58:42 [Ciciley]
Still here
03:59:04 [Ian]
PROPOSED: The card payment task force should continue to work on an SRC payment method and its integration into the PR API ecosystem.
03:59:25 [AdrianHB]
+1
03:59:26 [michelweksler]
+1
03:59:29 [Sophie]
+1
03:59:29 [rouslan]
+1
03:59:32 [jezza]
jezza has joined #wpwg
03:59:33 [Fawad_]
+1
03:59:33 [benoit]
+1
03:59:35 [krystosterone]
+1
03:59:35 [bryanluo]
+1
03:59:37 [rouslan]
q+
03:59:38 [Dongwoo]
+1
03:59:41 [jezza]
+1
03:59:41 [Gerhard]
+1
03:59:44 [jv]
+1
03:59:44 [nicktr]
+1
03:59:44 [dave2037]
+1
03:59:46 [Ciciley]
+1
03:59:50 [jonathan]
jonathan has joined #wpwg
03:59:50 [Ian]
ack rouslan
03:59:51 [wanli_]
+1
03:59:58 [heejin]
+1
04:00:02 [frank]
frank has joined #wpwg
04:00:13 [jonathan]
+1
04:00:20 [Roy]
+0
04:00:23 [justin_toupin]
+0
04:00:25 [frank]
+0
04:00:32 [agektmr]
+0
04:00:56 [jalpesh]
present-
04:00:59 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
04:01:17 [mweksler]
mweksler has joined #wpwg
04:01:52 [alex_liu]
alex_liu has joined #wpwg
04:02:54 [alex_liu_]
alex_liu_ has joined #wpwg
04:03:43 [bryanluo]
bryanluo has joined #wpwg
04:19:30 [bryanluo]
bryanluo has joined #wpwg
04:21:41 [mweksler]
mweksler has joined #wpwg
04:25:19 [alex_liu]
alex_liu has joined #wpwg
04:25:49 [jessie]
jessie has joined #wpwg
04:34:12 [bryanluo]
bryanluo has joined #wpwg
04:41:35 [rouslan]
rouslan has joined #wpwg
04:45:34 [marcosc]
marcosc has joined #wpwg
04:49:43 [alex_liu]
alex_liu has joined #wpwg
04:50:04 [bryanluo]
bryanluo has joined #wpwg
04:52:22 [alex_liu]
alex_liu has joined #wpwg
05:00:17 [frank]
frank has joined #wpwg
05:01:04 [Masa-JCB]
Masa-JCB has joined #wpwg
05:01:24 [norie]
norie has joined #wpwg
05:01:31 [mweksler]
mweksler has joined #wpwg
05:02:04 [jezza]
jezza has joined #wpwg
05:02:04 [rouslan]
rouslan has joined #wpwg
05:03:19 [alex_liu]
alex_liu has joined #wpwg
05:03:31 [canton]
canton has joined #wpwg
05:03:32 [pea13]
pea13 has joined #wpwg
05:04:34 [takashi]
takashi has joined #wpwg
05:04:48 [michelweksler]
michelweksler has joined #wpwg
05:04:59 [gildas]
gildas has joined #wpwg
05:05:33 [benoit]
benoit has joined #wpwg
05:05:34 [bryanluo]
bryanluo has joined #wpwg
05:06:56 [AdrianHB]
AdrianHB has joined #wpwg
05:08:25 [marcosc]
marcosc has joined #wpwg
05:09:36 [cwarnier]
cwarnier has joined #wpwg
05:11:46 [AdrianHB]
takashi: [slides on QR code payments in Japan]
05:11:53 [Gerhard]
Gerhard has joined #wpwg
05:12:03 [urata]
urata has joined #wpwg
05:14:20 [Jinushi]
Jinushi has joined #wpwg
05:16:57 [jezza]
jezza has joined #wpwg
05:17:56 [bryanluo]
bryanluo has joined #wpwg
05:18:16 [nicktr]
q+ to ask about Japanese QR standard
05:18:46 [AdrianHB]
nicktr: Is the new QR standard in Japan aligned with EMV?
05:18:52 [AdrianHB]
takashi: No
05:18:53 [nicktr]
ack nicktr
05:18:53 [Zakim]
nicktr, you wanted to ask about Japanese QR standard
05:19:21 [fawad]
fawad has joined #wpwg
05:21:53 [bryanluo]
bryanluo has joined #wpwg
05:22:21 [jezza]
jezza has joined #wpwg
05:22:36 [AdrianHB]
q?
05:22:40 [nicktr]
q?
05:23:04 [nicktr]
q+ lawrence
05:23:27 [AdrianHB]
AdrianHB: Can QR code be used for online payments?
05:23:45 [benoit]
q+
05:23:51 [nicktr]
ack Lawrence
05:24:02 [jv]
jv has joined #wpwg
05:24:07 [AdrianHB]
masa-JCB: no, it is focused on in-person
05:24:14 [AdrianHB]
q?
05:24:49 [AdrianHB]
lawrence: [question about UX, missed detail]
05:24:55 [jezza]
jezza has joined #wpwg
05:25:14 [AdrianHB]
masa-JCB: UX is not as good as card but better than cash
05:25:59 [AdrianHB]
lawrence: what is the motivation to switch?
05:26:30 [AdrianHB]
masa-JCB: the merchant is motivated and so offers cash-back to incentivise consumers
05:28:04 [AdrianHB]
motivation from government is anything but cash so cash-back incentives are high
05:28:32 [AdrianHB]
q?
05:28:34 [nicktr]
q?
05:29:48 [AdrianHB]
benoit: compared to AliPay, this seems like astatic data generated by the customer. What prevents me from stealing the code and using it somewhere?
05:30:58 [AdrianHB]
masa-JCB: security is dealt with by providers, I'm not familiar with the details. It's not possible to reuse the barcode
05:31:11 [jessie_]
jessie_ has joined #wpwg
05:31:13 [AdrianHB]
q?
05:31:17 [Gerhard]
q+
05:31:23 [nicktr]
q?
05:31:27 [nicktr]
ack benoit
05:31:42 [jezza]
jezza has joined #wpwg
05:32:29 [AdrianHB]
ack benoit
05:32:32 [nicktr]
ack Gerhard
05:32:32 [AdrianHB]
ack gerhard
05:32:57 [AdrianHB]
gerhard: this looks like tokenization. Why not use the EMVCo standard?
05:33:16 [jezza]
Q?
05:33:33 [AdrianHB]
masa-JCB: I'm not familiar with the design discussions.
05:34:09 [AdrianHB]
gerhard: I see the benefit of the form-preserving token but does it require merchants to add cameras to the terminal?
05:34:18 [urata]
urata has joined #wpwg
05:34:24 [AdrianHB]
masa-JCB: the majority of terminals already had the camera
05:34:47 [AdrianHB]
gerhard: Which is more common, merchant presented vs consumer presented?
05:34:50 [jezza]
jezza has joined #wpwg
05:35:32 [AdrianHB]
masa-JCB: Providers all support both. The choice is driven by cost.
05:35:37 [nicktr]
q?
05:35:44 [Ian]
scribenick: Ian
05:36:12 [kimwooglae]
kimwooglae has joined #wpwg
05:37:01 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:37:23 [Ian]
[Sakiko Suzuki on payments in Asia]
05:37:29 [florent]
florent has joined #wpwg
05:37:44 [masa-jcb]
masa-jcb has joined #wpwg
05:38:41 [Ian]
Sakiko: Market affected by (1) various instant payment initiatives in Europe and (2) new payment methods from China
05:39:01 [Ian]
[Background on SWIFT]
05:39:07 [estes]
estes has joined #wpwg
05:39:22 [Ian]
Sakiko: SWIFT covers over 200 countries and multiple currencies.
05:40:03 [Ian]
...drivers of change: volumes, e-commerce, real-time, regulation, open banking
05:40:17 [Ian]
....volume is doubling each year
05:41:26 [Ian]
...in Europe we provide instant payments across multiple countries for cross-border payments
05:41:37 [Ian]
..in Australia we do so for all sorts of payments including P2P and B2B
05:41:52 [Ian]
...SWIFT is focusing on cross-border payments; regulation is really important
05:41:57 [Ian]
...there are issues like AML
05:42:12 [rouslan]
rouslan has joined #wpwg
05:42:42 [Angel]
Angel has joined #wpwg
05:42:57 [Ian]
...APIs help foster development
05:43:06 [Ian]
...we have three focus areas: modeling, publishing, consumption
05:43:57 [Ian]
...GPI is a new system to provide instant payments
05:43:57 [Ian]
ll
05:44:01 [Ian]
s/||/
05:44:07 [Ian]
s/II//
05:44:33 [Ian]
Sakiko: We are trying to connect additional networks as well since we cannot provide all solutions ourselves
05:44:58 [Ian]
..."NPP" (New Payment Platform) in Australia
05:45:01 [Ian]
...started in January 2018
05:45:16 [Ian]
...distributed architecture.
05:46:02 [Ian]
...allows Australian banks to do real-time clearing and settlement
05:46:17 [Ian]
...distributed model ensures continuity of payment services
05:46:27 [Angel_]
Angel_ has joined #wpwg
05:46:29 [Ian]
...before NPP, Australian could not do real-time, 24/7
05:46:47 [Ian]
...based on ISO20022
05:46:59 [Ian]
....1400 data fields available
05:47:11 [Ian]
....24/7 real-time
05:47:21 [Ian]
....PayID or BSB and account number;
05:47:33 [nicktr]
q?
05:48:28 [Fawad_]
Fawad_ has joined #WPWG
05:48:34 [Ian]
....we provide an API sandbox to facilitate development
05:49:00 [Ian]
...after 1 year, NPP has 75 Members connected to the network; $75 Billion worth of transactions
05:49:19 [Ian]
...any type of payment can be supported by the network
05:49:30 [Roy]
Roy has joined #wpwg
05:49:57 [Ian]
...GPI has been around for 3 years
05:50:08 [Ian]
....next year, all SWIFT Members will be on this network.
05:50:24 [Giulio]
Giulio has joined #wpwg
05:50:38 [Ian]
...98% of transactions settled in 1 day; 40% in less than 5 minutes
05:50:59 [Ian]
...most of the advanced banks can settle in 10-20 seconds
05:51:27 [Ian]
...GPI instant: 20 seconds end to end on average; maximum 60 seconds
05:51:38 [Angel_]
rrsagent, draft minutes
05:51:38 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Angel_
05:53:21 [Ian]
[Trial participants include NAB, ANZ, ICBC, Bank of China, Bangkok Bank, DBS, UOB, Standard Chartered)
05:54:56 [wonsuk]
wonsuk has joined #wpwg
05:56:26 [AdrianHB]
q?
05:56:27 [nicktr]
q?
05:56:59 [Ian]
AdrianHB: If we push for real-time push payments, is the end goal retail?
05:57:20 [Ian]
Sakiko: I think it's possible. SWIFT can provide account-to-account transer
05:57:26 [Ian]
s/transer/transfer
05:58:33 [Ian]
[Demo of GPI with PR API]
06:00:13 [Ian]
Vkuntz: With PR API, merchant can get ask bank to track payment and let the merchant know if not received within 60 seconds.
06:01:28 [Ian]
(Demo shows a gpi-tracked payment method)
06:01:35 [Ian]
...the user selects an account from which to make the payment
06:01:56 [Ian]
...selecting "confirm" causes payment information to be sent to the bank.
06:02:13 [Ian]
...the merchant gets back a tracking idea
06:02:33 [Ian]
...then we can simulate the bank initiating the transfer
06:02:49 [Ian]
...then the payment method enables the merchant to know that the payment has been initiated.
06:03:15 [nicktr]
q?
06:04:58 [Ian]
...so the payment handler has closed, and the merchant can monitor the status of the payment.
06:05:33 [Ian]
...the payment response includes an identifier for the transaction in the GPI system
06:05:37 [Ian]
q?
06:05:45 [Ian]
IJ: What about authentication?
06:06:05 [Ian]
vkuntz: Authentication is in g-link
06:06:09 [Ian]
...so we have it but have not applied it.
06:06:26 [jezza]
jezza has joined #wpwg
06:06:31 [Ian]
AdrianHB: What data is sent to the payment handler? How does the merchant identify itself?
06:07:02 [Ian]
vkuntz: There's merchant account identifier.
06:07:29 [Ian]
..it's globally unique
06:07:44 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
06:07:52 [nicktr]
q?
06:08:29 [norie]
norie has joined #wpwg
06:08:30 [mweksler]
mweksler has joined #wpwg
06:09:58 [jezza]
jezza has joined #wpwg
06:12:07 [jezza]
jezza has joined #wpwg
06:15:16 [alex_liu]
alex_liu has joined #wpwg
06:16:35 [jezza]
jezza has joined #wpwg
06:22:18 [bryanluo]
bryanluo has joined #wpwg
06:27:52 [bryanluo]
bryanluo has joined #wpwg
06:28:54 [mweksler]
mweksler has joined #wpwg
06:29:20 [rouslan]
rouslan has joined #wpwg
06:31:08 [Ciciley]
Ciciley has joined #wpwg
06:31:18 [Ciciley]
Present+
06:31:51 [jessie]
jessie has joined #wpwg
06:32:40 [michelweksler]
michelweksler has joined #wpwg
06:33:30 [Ian]
Topic: Airbnb PR API Experience
06:34:51 [Ian]
-> http://www.w3.org/2019/Talks/airbnb-20190916.pdf Airbnb slides
06:34:56 [gildas]
gildas has joined #wpwg
06:35:10 [Ian]
mweksler: Some points to think about as we go through the presentation
06:35:33 [Ian]
- One goal was a desire to rely on payment request as the only step in a checkout flow
06:35:37 [Yaohua_Wu]
Yaohua_Wu has joined #wpwg
06:35:46 [Ian]
- Guest checkout v. card on file is another theme
06:36:30 [frank]
frank has joined #wpwg
06:36:31 [Fawad]
Fawad has joined #wpwg
06:36:34 [Ian]
Alex: Lots of slides but I will go quickly
06:36:51 [Giulio]
Giulio has joined #wpwg
06:37:13 [Ian]
Alex: Airbnb has a number of top-level businesses all leverage the Airbnb platform.
06:37:16 [norie]
norie has joined #wpwg
06:37:24 [vkuntz]
vkuntz has joined #wpwg
06:37:24 [Ian]
...one functionality within that platform is payments
06:37:34 [vkuntz]
present+
06:37:36 [Ian]
...Airbnb has about 200 people working on payments
06:38:00 [Ian]
...we operate in lots of countries and accept a lot of currencies.
06:38:16 [Ian]
....we go through multiple PSPs for redundancy
06:38:20 [urata_]
urata_ has joined #wpwg
06:38:47 [Ian]
...we have our own coupons, credit plans
06:38:52 [Ian]
[Opportunities]
06:39:16 [Ian]
Alex: We wanted to redesign the Web experience; lots of people start from Web (not native)
06:39:26 [Ian]
...wanted a streamlined first time booking experience
06:39:36 [Ian]
...and thought we could use PR API to collect information.
06:40:00 [Ian]
...we have a signup wall and thought we could use PR API to streamline that rocess.
06:40:11 [Ian]
...we also wanted to use PR API to be able to support more payment methods
06:40:19 [Ian]
...e.g., access to Apple Pay and Google Pay
06:40:30 [Ian]
...so PR API gave us access to more payment methods.
06:40:31 [Fawad_]
Fawad_ has joined #wpwg
06:41:00 [Fawad_]
Fawad_ has left #wpwg
06:41:08 [Ian]
...in Brazil we have to collect a lot more information ...
06:41:12 [Ian]
...forms lead to drop-off
06:41:23 [fawad_]
fawad_ has joined #wpwg
06:41:32 [Ian]
...with PR API we don't have to manage all the form fields, and resizing and display
06:41:47 [Fawad_N]
Fawad_N has joined #wpwg
06:41:55 [Ian]
...we also thought we could speed up checkout for use cases where users already had *Pay setups
06:41:59 [Ian]
[Exploration]
06:42:13 [Ian]
Alex: We integrated it with desktop web via moweb
06:42:30 [masa_jcb]
masa_jcb has joined #wpwg
06:43:07 [Ian]
(We see a demo using basic card, and a demo using google pay)
06:43:37 [Ian]
Alex: We saw a lot of benefits - no complex forms, use existing wallets, access to more payment methods, no custom billing form, buit-in infrastructure
06:44:25 [Ian]
Alex: For us, we liked the standard API because it was easy to swap in, and have it work across browsers
06:44:30 [Ian]
[Challenges]
06:44:40 [jonathan]
jonathan has joined #wpwg
06:44:43 [AdrianHB]
q?
06:45:04 [Ian]
Jonathan: Are you using PR API all the time, or just first time user?
06:45:36 [Ian]
mweksler: PR API remains an option, but previously used cards are available in subsequent checkouts (card on file)
06:46:07 [Ian]
Alex: If you start adding card-on-file, once you have a mix of instruments (card-on-file, card-in-browser, google pay) that can be confusing to the user
06:46:29 [Ian]
Alex: Biggest pain point is lack of official payment handlers.
06:46:35 [Ian]
...e.g., no PayPal
06:46:52 [Ian]
...even for the ones that are there (e.g., Google Pay) only there for one browser and not the other
06:47:13 [Ian]
Alex: You should be able to see all the payment methods on all the browsers
06:48:01 [Ian]
Alex: Second point is consistency across browsers. Suppose we use Chrome basic card implementation...experience on mobile not same as experience on desktop
06:49:28 [Ian]
IJ: Do label customizations help?
06:49:32 [Ian]
Alex: Yes, that could help
06:49:39 [nicktr]
q?
06:49:53 [Ian]
Alex: so we'd like to see (1) more official payment handlers (2) support across browsers (2) configuration of form fields / labels
06:49:58 [Ian]
....that is, customization
06:50:22 [Ian]
...even if the browser does not allow customization, make it possible for us to know the strings that would have been rendered and we can match them
06:50:39 [Ian]
Alex: Second challenge was stored instruments
06:51:06 [Ian]
....if the user has some cards on file with Airbnb but also cards in browser and so they get a difference experience
06:51:31 [Ian]
...not obvious to users how to find most up-to-date card information
06:51:43 [Ian]
....so might be nice to integrate on-platform instruments into the sheet.
06:52:21 [Ian]
Alex: Another topic is "tokenization". If we were to implement PR API, on the back end (e.g., Stripe, Braintree) the backend integrations are different
06:53:31 [takashi]
takashi has joined #wpwg
06:54:08 [Ian]
IJ: Do you want a standardized API on the backend or a standardized payload?
06:54:16 [nicktr]
q+
06:54:53 [Ian]
mweksler: For a merchant would be great to have a standardized token shape, but PSPs may not want that level of interoperability
06:54:57 [benoit]
q+
06:55:00 [Ian]
ack nicktr
06:55:38 [Ian]
nicktr: I think this is a live debate within payment providers whether to have tokens that can be moved among payment platforms.
06:55:42 [Gerhard]
Gerhard has joined #wpwg
06:55:53 [Ian]
....there is nothing in the ecosystem today that prevents transportable tokens from being built.
06:56:01 [Ian]
...you can use EMVCo tokens today
06:56:12 [Ian]
...but the tokenized card payment method could support that
06:57:00 [Ian]
...I think that if there were 20 large merchants who wanted EMVCo tokens, there might be product managers willing to make a business case in their org.
06:57:00 [Ian]
q?
06:57:13 [Ian]
ack benoit
06:57:24 [Ian]
benoit: Regarding universal tokens - I would personally love that
06:58:02 [Ian]
...whenever anything changes in the payment chain, you need to gain new authorization from the cardholder (this is a compliance issue
06:58:17 [jv]
jv has joined #wpwg
06:58:17 [Ian]
...so seamless backend swapping is technically not allowed
06:58:47 [Ian]
IJ: But at least you could get rid of some technical friction
06:59:30 [Ian]
mweksler: There are multiple ways that we could comply (including user agreement up front)
06:59:32 [Ian]
q?
06:59:37 [AdrianHB]
q?
06:59:53 [Ian]
NickTR: The question is "who is the token requestor"...if the token requestor were the merchant (bound to the merchant) then do-able
07:00:36 [Ian]
mweksler: What we are after is slightly more nuanced - we don't want to put the burden on merchants that is associated with being token requestor. We want the PSPs to do the heavy lifting, and then we want to be able to use the tokens wherever we want.
07:00:46 [rouslan]
q+
07:01:01 [Ian]
Tony: Delegation is tricky (e.g., key exchange)
07:01:06 [Ian]
...so more tricky than just user consent
07:01:21 [Ian]
AdrianHB: That's probably why our efforts at a tokenized card payment method didn't progress.
07:01:33 [Ian]
ack rous
07:02:03 [Ian]
rouslan: You expressed a sentiment that if more payment handlers on more platforms that would be great; I completely agree
07:02:03 [jeff_]
jeff_ has joined #wpwg
07:02:15 [Ian]
...so the question is: what does Chrome need to do for people to start using payment handler API
07:02:20 [jeff_]
present+
07:03:15 [Ian]
mweksler: Lack of payment handler implementations I think is a big challenge; merchants need to treat it as "yet another payment method" instead of the "single payment method API"
07:03:51 [Ian]
...another topic is the user experience when there is both card-on-file and card-in-browser
07:04:06 [Ian]
...some sort of merging of the two worlds would be helpful
07:04:23 [Ian]
...I refer to this as "on boarding existing users to PR API"
07:04:28 [Ian]
q?
07:04:57 [Ian]
AdrianHB: The second topic is interesting
07:05:18 [Ian]
mweksler: Every large merchant would have to write the same payment handler, which suggests it is a possibility for standardization
07:05:59 [Ian]
...we don't store the cards (people do that for us)
07:06:09 [Ian]
...we'd like to merge them into PR API
07:06:28 [Ian]
(Tradeoffs)
07:06:34 [Ian]
- integration with airbnb systems
07:06:40 [Ian]
- customization
07:06:42 [Ian]
- ease
07:06:56 [Ian]
Regarding integration: it works really well today when replacing a single payment method.
07:07:08 [Ian]
...e.g., PR API with just Apple Pay or just GooglePay
07:07:23 [Ian]
Regarding ux consistency:
07:07:38 [Ian]
- imagine large merchants adopting this - you'd have consistency across sites and that would build trust
07:07:44 [Ian]
- great for device-specific payment methods
07:07:48 [Ian]
BUT:
07:08:00 [Ian]
- not consistent with other Airbnb pages
07:08:03 [Ian]
...different branding for example
07:08:18 [Ian]
...also the ux is different across browsers (since different platforms)
07:08:23 [Ian]
Customization:
07:08:36 [Ian]
- would be great to be able to customized display sections, and get label consistency
07:09:12 [Ian]
RRSAGENT, make minutes
07:09:12 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:10:30 [Ian]
Topic: Breakout sessions
07:10:34 [Ian]
- Payment handlers
07:10:41 [Ian]
- Intersection of PR API, guest checkout, sign-up
07:14:33 [Ian]
- Moving billing address from payment method to payment request
07:15:54 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:16:08 [Ian]
Topic: Payment Handlers
07:16:28 [Roy_]
Roy_ has joined #wpwg
07:16:43 [Ian]
Justin: What should we be investing in to get more payment handler adoption?
07:16:43 [Roy_]
q+
07:16:51 [Ian]
ack Roy
07:17:25 [Ian]
Roy_: One thing that would be helpful is to know the ecosystem of adoption of PR API
07:18:31 [jeff_]
q+
07:18:46 [marcosc]
marcosc has joined #wpwg
07:18:56 [Ian]
Justin: The volume in terms of transactions is growing
07:18:57 [jv]
+q
07:19:14 [AdrianHB]
q?
07:19:35 [Ian]
mweksler: I think you should encourage people internally that the more info can be shared the more adoption is likely to increase
07:19:37 [Ian]
ack Jeff
07:19:47 [Vishal-Expedia]
q+
07:19:59 [tomasz_]
tomasz_ has joined #wpwg
07:20:12 [Ian]
jeff_: I'd like to understand more why the information about adoption is proprietary, or whether we can have some conversations about stripping the proprietary information
07:20:40 [Ian]
...even reducing to a single figure of merit (e.g., growing x% per year)
07:20:48 [Ian]
ack jv
07:21:12 [Ian]
jv: EMV manages to publish annual maps about card adoption
07:21:22 [Ian]
....they anonymize data
07:21:38 [nicktr]
q?
07:21:44 [Ian]
AdrianHB: So each vendor could provide data to W3C and W3C could anonymize the consolidated data
07:22:00 [Ian]
ACTION: Justin to check internally at Google about what can be shared
07:22:01 [trackbot]
Created ACTION-128 - Check internally at google about what can be shared [on Justin Toupin - due 2019-09-23].
07:22:32 [jessie34]
jessie34 has joined #wpwg
07:22:36 [Ian]
vishal: I think from a decision perspective good to know (1) has there been an increase in number of merchants adopting it?
07:22:48 [Ian]
...so doesn't need to be user numbers, can be merchant numbers.
07:23:13 [Ian]
...regarding intro - we have examples in the payments industry about branding
07:23:56 [AdrianHB]
ian: we did a lot of study on that topic
07:24:14 [AdrianHB]
... there was no support because the observation was that PR API is not a payment method
07:24:27 [AdrianHB]
... users recognize payment method brands
07:25:14 [Ian]
Vishal: I'd like to see a credit card logo without specific brands, to indicate triggering PR API
07:25:31 [Ian]
....PR API is a payment method from an end-user perspective
07:25:54 [Sophie]
Sophie has joined #wpwg
07:26:04 [gildas]
gildas has joined #wpwg
07:26:10 [Ian]
AdrianHB: I think the goal is that users don't think of it as a payment method...ideally we should figure out a way to make the experience fit into the current branding requirements of some of the big payment methods
07:26:21 [Ian]
...e.g., Apple requires an Apple Logo
07:26:50 [Ian]
...we have an unsolved problem about exposing the supported payment methods of the user and exposing them as actionnable buttons on the page
07:26:51 [Ian]
q?
07:26:54 [Ian]
ack Vish
07:27:51 [Ian]
Rouslan: What is the biggest obstacle to people writing a payment handler today?A
07:27:57 [Ian]
..this will help us focus our energy
07:28:07 [nicktr]
q?
07:28:25 [bryanluo]
q+
07:28:42 [benoit]
issue: https://github.com/w3c/payment-request/issues/870 is one for me, but likely not for many others
07:28:43 [trackbot]
Created ISSUE-2 - Https://github.com/w3c/payment-request/issues/870 is one for me, but likely not for many others. Please complete additional details at <https://www.w3.org/Payments/WG/track/issues/2/edit>.
07:28:52 [Ian]
q+ Gerhard
07:28:54 [Ian]
ack bryanluo
07:28:55 [Gerhard]
q+
07:29:26 [Ian]
bryanluo: Two things come to mind for us. The first question I will be asked is "What's the business value for doing a payment handler?"
07:29:35 [jezza]
jezza has joined #wpwg
07:29:52 [Ian]
....it's not exactly clear at this point. The second topic is more technical, but a couple of things come to mind:
07:30:07 [Ian]
...flexibility and extensibility within the API. As a payment handler there will always be edge cases
07:30:53 [Ian]
...PSP integration is a big part of the payment handler business model...where does it fit in?
07:31:44 [Ian]
....industry is moving away from iframe....does this PH approach create another isolated thing
07:31:48 [Ian]
Rouslan: Thanks for this information!
07:32:13 [Ian]
Rouslan: Payment handler is a top-level window, so it does not suffer from cookie restrictions on iframes
07:32:28 [Ian]
bryanluo: So it's like a popup that has a special UI?
07:32:29 [Ian]
Rouslan: Yes
07:32:55 [Ian]
AdrianHB: Regarding data model -the payment method owner owns the data model
07:33:33 [Ian]
Bryanluo: Ah, so there is already an open channel between merchant and payment handler
07:33:35 [Ian]
AdrianHB: Yes
07:34:18 [Ian]
...also note that OAuth experience in the PH modal happens without losing the merchant context
07:34:29 [Ian]
q?
07:34:42 [Ian]
q+ to ask Google for blog post on handler benefits
07:34:47 [Ian]
ack Gerhard
07:34:51 [nicktr]
ack Gerhard
07:35:22 [Ian]
Gerhard: If I get to the checkout page and PR API is the third option, I am likely to pick the first 2, so instrument-level display would be helpful
07:35:44 [Ian]
Gerhard: It could also be useful for merchants to load payment tokens in
07:35:44 [jeff_]
q+
07:35:53 [Vishal-Expedia]
q+
07:36:05 [nicktr]
q?
07:36:44 [AdrianHB]
ian: we do have a long standing request for "instrument level display" on the page
07:36:49 [AdrianHB]
q?
07:36:51 [nicktr]
ack Ian
07:36:51 [Zakim]
Ian, you wanted to ask Google for blog post on handler benefits
07:36:52 [AdrianHB]
ack Ian
07:37:24 [Ian]
Action: Ian to work with Justin and Google on writing up payment handler benefits
07:37:25 [trackbot]
'Ian' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., IFSF-EFT-WG-Lead, ijacobs).
07:37:47 [angel]
angel has joined #wpwg
07:37:48 [jezza]
jezza has joined #wpwg
07:38:06 [nicktr]
ack jeff_
07:38:11 [Ian]
Justin: Our thesis is that PH API can improve conversion rates; that's a key data point; we'd like to partner with people to get that data.
07:38:14 [Ian]
ack Jeff_
07:38:30 [alex_liu]
alex_liu has joined #wpwg
07:38:53 [Ian]
Jeff_: The question at the beginning was how to get more payment handler adoption. Lots of good pieces "bottom-up"
07:39:06 [Ian]
..but a different approach is to ask which payment handlers we most need.
07:40:34 [AdrianHB]
ian: My observation is that chrome took that approach and picked the industry leader and continue to work with them. The one blocker is that the potential payment handler will only move forward with more browser support (specifically Safari on iOS)
07:41:15 [Ian]
mweksler: For Airbnb, definitely PayPal would be great
07:41:26 [Ian]
...I think two that are not as big but also strategic are Alipay and WeChat
07:41:46 [jeff_]
q+ to follow-up on Paypal, Alipay, and we-chat
07:42:10 [Ian]
Rouslan: Are you talking about China market or international market?
07:42:34 [Ian]
mweksler: Primary market would be China. When you look at their online payment methods, the most popular ones are the mobile ones that redirect to their app
07:42:44 [Ian]
...it's not an easy payment handler, but it's interesting
07:43:00 [Ian]
AdrianHB: That integration already exists on some platforms (e.g., Android)
07:43:17 [Ian]
Rouslan: Side-loading apps would not be good for security reasons
07:43:37 [Ian]
Rouslan: Alipay did demos about integration with Chrome on Android
07:43:48 [Ian]
...signature verification does not happen with legacy redirect
07:43:56 [Ciciley]
Ciciley has joined #wpwg
07:44:08 [Ian]
wmeksler: If you have a payment handler provided by Alipay you may not need to redirect
07:44:08 [Ian]
q?
07:44:18 [Ian]
s/wmesksler/mweksler
07:44:29 [nicktr]
q?
07:44:33 [Ian]
ack Vish
07:45:07 [Ian]
Vishal-Expedia: We have been talking about 3DS 2.0. Entering the OTP is in the payments page, which is great.
07:45:36 [Ian]
....seeing that flow compared to PR API overlay, its kind of clunky to have an overlay compared to in-page display
07:45:45 [Ian]
....choosing of the payment method in the page would be nice
07:46:19 [Ian]
....I don't see many merchants in this meeting; need more exposure to merchants
07:47:04 [Ian]
IJ: Who besides MAG?
07:47:12 [Ian]
Vishsal: MRC
07:47:14 [AdrianHB]
ian: we work with MAG (who are meeting this week so can't be here). Any suggestions for others are appreciated?
07:47:34 [Ian]
...we have a meeting in January in Singapore
07:47:45 [Ian]
ack Jeff_
07:47:45 [Zakim]
jeff_, you wanted to follow-up on Paypal, Alipay, and we-chat
07:47:53 [nicktr]
q?
07:48:05 [Ciicley]
Ciicley has joined #wpwg
07:48:15 [Ciicley]
Present+
07:48:19 [Ian]
Jeff_: If I were running this as a business, I would figure out how the WG should go after each opportunity. PayPal conversations are underway.
07:48:34 [Ian]
...for Alipay, the head of standards of Alibaba is here this week
07:48:39 [angel_]
angel_ has joined #wpwg
07:48:52 [Ian]
....it would be good to build a story for Alipay
07:49:05 [Ian]
...WeChat is Tencent, also a W3C member
07:49:45 [Ian]
...as far as Merchant outreach, having a meetup between MAG executive council and the WPWG might be a more effective way to drive adoption
07:49:52 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:49:53 [nicktr]
q?
07:49:53 [Ian]
q?
07:50:46 [Ian]
Rouslan: Question for browser vendors - should some implementation features of Chrome be "standardized" (even if not in spec):
07:50:50 [Ian]
- Just-in-time installation
07:50:53 [Ian]
- Skip the sheet
07:52:08 [jezza]
jezza has joined #wpwg
07:52:14 [Ian]
-> https://www.w3.org/blog/wpwg/2018/08/20/further-streamlining-the-payment-request-user-experience/ See details on JIT installation and skip-the-sheet
07:53:19 [Ian]
Rouslan: These are user experiences and we've tried to not standardize them as a result
07:53:54 [Ian]
....my feeling for skip-the-sheet is that should not be normative in the spec, but could be mentioned as an informative note
07:54:13 [nicktr]
q?
07:54:36 [jv]
+q
07:54:46 [Ian]
marcos: Agree that generally we would not put something like this in the spec
07:55:00 [Ian]
ack jv
07:55:10 [Ian]
jv: But having same experience across browsers would help adoption
07:56:23 [Ian]
q+
07:56:32 [rouslan]
q+
07:56:49 [Ian]
Marcos: Putting this into the spec may not help; browsers will do the right thing in order to provide the right UX
07:57:08 [nicktr]
ack rouslan
07:57:14 [michelweksler]
q+
07:57:29 [Ian]
Rouslan: We have documented the conditions where Chrome skips the sheet
07:58:31 [jessie]
jessie has joined #wpwg
07:58:35 [Ian]
ack me
08:00:11 [Ian]
AdrianHB: Any changes we need to make to the spec to make it easier to implement as a browser?
08:00:23 [jezza]
jezza has joined #wpwg
08:00:25 [Ian]
Marcos: Architecturally we need to do a bunch of things to support the spec.
08:00:44 [alex_liu]
alex_liu has joined #wpwg
08:00:47 [Ian]
...so don't want the spec to go too far ahead, but also like the adoption experience so looking for a balance
08:01:11 [Ian]
ack mw
08:01:11 [nicktr]
q?
08:01:13 [Ian]
ack mi
08:01:33 [Ian]
mweksler: I wanted to add a comment to the skip-the-sheet discussion
08:01:40 [Ian]
....I think there are other cases beyond "just one payment hadnler"
08:01:54 [Ian]
...for example, configuration to allow me to use same payment handler always on same site
08:02:06 [Ian]
...that info could be stored either by the browser or the site
08:02:26 [Ian]
...e.g., Airbnb could store the preference and tell the browser to skip the sheet and which payment handler to use
08:02:49 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:02:54 [Ian]
q?
08:03:20 [Ian]
AdrianHB: I think that full delegation is an important piece of this - that the handler can handle shipping address
08:04:14 [Ian]
Sehal: In the demo we did today, if payment handler supports delegation, we do skip up
08:04:18 [Ian]
s/up/UI
08:04:33 [Ian]
Justin: We showed the minimal UI flow
08:05:24 [bryanluo]
bryanluo has joined #wpwg
08:05:37 [nicktr]
q+ to ask about minimal desktop experience
08:05:44 [AdrianHB]
ian: this is getting close to previous Mozilla comments on UI risks
08:06:02 [michelweksler]
q+
08:06:04 [AdrianHB]
marcos: there is a lot of UX work around permissions and constraints
08:06:38 [Gerhard]
q+
08:07:35 [Ian]
ack nicktr
08:07:35 [Zakim]
nicktr, you wanted to ask about minimal desktop experience
08:07:46 [bryanluo]
bryanluo has joined #wpwg
08:08:02 [Ian]
nicktr: The "minimal UI" is a special case of the special case
08:08:17 [Ian]
...if I were a Payment Method owner that was struggling to get traction across a huge installed base,
08:08:47 [Ian]
...you could offer slick 1-click experiences because you'd know, even with guest checkout, that the consumer has a primed payment handler
08:08:51 [Ian]
..this seems like a great thing
08:09:08 [Ian]
...have you done work with minimal UI on desktop?
08:09:33 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:09:41 [Ian]
Justin: No not yet
08:09:53 [AdrianHB]
q+
08:09:58 [Ian]
michelweksler: I like the minimal UI. I am wondering if we can go even further.
08:10:14 [alex_liu]
alex_liu has joined #wpwg
08:10:28 [Ian]
...is there a way for the user to say I authorize micropayments up to a certain amount?
08:10:31 [Ian]
...could be less intrusive
08:10:39 [Ian]
ack michel
08:10:52 [Ian]
ack Gerhard
08:11:11 [Ian]
Gerhard: I have four use cases:
08:11:36 [Ian]
1) The "no user auth" use case. We've already established credibility within a bank context. You flip into it and you flip out
08:11:50 [Ian]
2) FIDO
08:12:04 [Ian]
..if the FIDO credential is in another domain, you could flip into it, do biometric, and flip back
08:12:50 [Ian]
3) Bank has an issuer wallet (there is a token + cryptogram in the native app)...needs to retrieve the cryptogram from the app
08:13:28 [Ian]
4) External device authentication (eg., browsing on desktop, authenticate via phone)
08:13:36 [Ian]
q?
08:13:52 [Ian]
5) In south africa we've hooked up with mobile operators to use USSD
08:13:57 [jezza]
jezza has joined #wpwg
08:14:28 [Ian]
...text-based interface; phone wakes up; you type in a number to grant consent
08:14:39 [Ian]
...we do some sim-card protection
08:14:50 [Ian]
...it works on feature phones
08:15:33 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:15:45 [nicktr]
q?
08:16:26 [Ian]
ack AdrianHB
08:16:37 [Ian]
AdrianHB: I want the minimal UI to be more minimal
08:16:46 [Ian]
...for Web monetization, the use case is that I enroll up front
08:17:03 [Ian]
..I have a concept of a balance..and an agent in my browser making decisions about when to pay and how much
08:17:19 [Ian]
...our idea is that payment handlers are invoked, but the payment handler is not interactive
08:17:44 [sakiko]
sakiko has joined #wpwg
08:17:54 [sakiko]
present+
08:18:06 [Ian]
q?
08:18:30 [vkuntz]
vkuntz has joined #wpwg
08:19:14 [AdrianHB]
ian: the payment sheet + basic-card is a variant of a minimal UI in some sense
08:19:27 [jeff_]
jeff_ has left #wpwg
08:20:15 [AdrianHB]
... i.e. the sheet provides UI to the payment handler
08:20:28 [jezza]
jezza has joined #wpwg
08:20:29 [AdrianHB]
rouslan: that's not how we have done it now
08:20:52 [AdrianHB]
... we want to support push payments which will have a financial impact each time they are invoked
08:21:30 [alex_liu]
q+
08:22:01 [AdrianHB]
ian: it feels like you're doing the same thing so you could move the browser local basic-card payment handler into a "minimal UX payment handler"
08:22:31 [AdrianHB]
tomasz: I like the idea of making the "basic-card" handler behave more like other handlers
08:23:08 [Ian]
ack Alex
08:23:30 [Ian]
Alex: I want to add onto that. Maybe comes back to the question as well for the merchant who has cards on file
08:23:36 [AdrianHB]
q?
08:23:44 [Ian]
...if we could shove instruments into the sheet, that's a powerful use case for us.
08:24:16 [Ian]
AdrianHB: If we just enhanced basic card so that if you passed in a list of things on file, and if the user picks one, the response data is an index back to the card that the merchant provided
08:24:42 [Ian]
Alex: Passing in reference is interesting
08:25:24 [Ian]
AdrianHB: I think we want to move away from using basic card. I wonder if there's a way to move an instrument into a more secure version.
08:26:11 [Ian]
Tomasz: Airbnb could have its own headless payment handler that registers instruments with the browser.
08:27:13 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:28:14 [norie]
norie has joined #wpwg
08:28:37 [Ian]
Topic: Connecting guest checkout with signup
08:29:08 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:29:47 [AdrianHB]
michelweksler: Can we unify the guest checkout + website sign-up?
08:30:40 [Ian]
...can we tie it together with authentication?
08:30:49 [nicktr]
q+
08:30:59 [Ian]
....info about user, information about credentials, what's needed to use them in the future
08:31:04 [Ian]
ack nicktr
08:31:21 [jezza]
jezza has joined #wpwg
08:31:22 [agektmr]
q+
08:31:40 [Giulio]
Giulio has joined #wpwg
08:31:45 [Ian]
on this site"
08:32:01 [Ian]
NickTR: There is a trusted site concept in PSD2 flows
08:32:04 [Ian]
s/on this site"//
08:32:07 [Ian]
q?
08:32:07 [rouslan]
q+
08:32:10 [Giulio]
q+
08:32:35 [Ian]
mweksler: I am thinking more about unifying the flow of identifying yourself with the payment step and future login step
08:33:23 [Ian]
...maybe merchant says "I also want to create an account for the user"
08:34:20 [nicktr]
q+ marcos
08:34:22 [rouslan]
q?
08:34:41 [Ian]
AdrianHB: I hear two use cases:
08:34:41 [Ciicley]
q+ for Marcos
08:34:58 [Ian]
- Sign up and consent to my profile being used for payment later
08:35:17 [Ian]
- When making a payment agree to terms of service as well
08:35:24 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:35:52 [jezza]
jezza has joined #wpwg
08:35:55 [Ian]
agektmr: I think it's interesting to add a password option so user can create account with new password easily
08:36:12 [Ian]
...important to make clear to user the info is being used for signup
08:36:13 [Ian]
q?
08:36:38 [nicktr]
ack agektmr
08:36:47 [justin_toupin]
justin_toupin has joined #wpwg
08:37:06 [Ian]
AdrianHB: Right now PR API allows merchant to request email. The merchant should be able to tell the browser to tell the user that data will be used to create an account as well
08:37:18 [Ian]
...that is, make it easier to create an account as part of checkout
08:37:44 [Ian]
Tony: In a PSD2 situation, I may want to go to the information provider to get that information
08:38:36 [Ian]
AdrianHB: Question is whether we can enhance API to support authentication and later log-in
08:38:39 [Roy_]
q+
08:38:52 [AdrianHB_]
AdrianHB_ has joined #wpwg
08:39:07 [Ian]
Rouslan: Can you tell me what you would do instead of a password? FIDO? Or OAuth into google or facebook? Or password generation?
08:39:28 [Ian]
mweksler: We have building blocks to not do passwords. We could use OAuth or WebAuthn or other
08:39:47 [Ian]
..what I'm seeing is an opportunity to tie things together
08:40:22 [Ian]
Alex: You could delay password creation to later
08:40:40 [Ian]
Mweksler: There's an opportunity to get rid of passwords and use WebAuthn
08:40:43 [Ian]
q?
08:40:57 [Ian]
zakim, close the queue
08:40:57 [Zakim]
ok, Ian, the speaker queue is closed
08:41:34 [Ian]
Rouslan: So I'm imagining that in the sheet has an action button that says "Pay and Create Account"
08:43:33 [Ian]
mweksler: Need also to be able to provide access to terms of service agreed to for sign-up
08:43:36 [Roy_]
q-
08:43:41 [AdrianHB_]
ack rouslan
08:43:41 [Ian]
...in short: let's do all things at once rather than serially
08:44:06 [Ian]
Rouslan: If we build this, will you start using this?
08:44:31 [Ian]
mweksler: This is one of the things that the team that evaluated PR API were looking at as a key benefit
08:44:39 [Ian]
...if they had had this feature they would have used it
08:44:55 [Ian]
Alex: One of the biggest priorities is the guest checkout experience
08:45:43 [Ian]
Alex: The high priority is getting the payment and signup done
08:46:00 [Ian]
...once the user has paid and has an active reservation, it's easier to ask the user to provide data
08:46:11 [AdrianHB_]
ack giulio
08:46:16 [Ian]
...but if you have to get all the data in advance, it's less likely the user will complete the reservation
08:46:26 [Ian]
Giulio: With Apple Pay we are big pay of guest checkout
08:46:46 [Ian]
...we have several implementations that can accomplish this goal.
08:46:49 [nicktr]
s/big pay/big fans/
08:46:57 [Ian]
...get the payment and then use the info to create an account
08:47:08 [Ian]
....the big question is what's the data: password? birthday?
08:47:46 [Ian]
...there are several examples of this sort of thing being done
08:48:04 [Ian]
...we have some examples where at end of payment a "silent account" was created without a password
08:48:14 [Ian]
...but we've moved away from that.
08:48:44 [Ian]
...for a while the approach was to add a password after the payment. ... but now we are moving toward "sign in with apple"
08:48:49 [Ian]
q?
08:48:54 [Ian]
ack marcos
08:49:19 [Ian]
Marcos: For Airbnb you may need to send passport photo.
08:49:31 [Ian]
...at some point we are going to end up at just another browser tab
08:49:59 [Ian]
...I am concerned that payment handlers become too heavy....we have APIs to achieve some of these things already
08:50:33 [Ian]
....do we just need an overlay browser context for payment handlers?
08:50:58 [Ian]
...we want to be able to do logins on the Web....I think we all want to solve that problem
08:51:07 [Ian]
ack Cicely
08:51:10 [Ian]
ack Cilc
08:51:13 [Ian]
ack Cii
08:51:13 [Zakim]
Ciicley, you wanted to discuss Marcos
08:51:15 [nicktr]
ack Ciicley
08:51:18 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:52:00 [alex_liu]
alex_liu has joined #wpwg
08:52:45 [alex_liu]
alex_liu has joined #wpwg
08:53:12 [Ian]
NickTR: Dinner at 7pm. Thanks everyone for concentration today!
08:53:31 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
08:54:25 [mweksler]
mweksler has joined #wpwg
09:00:08 [bryanluo]
bryanluo has joined #wpwg
09:02:53 [bryanluo_]
bryanluo_ has joined #wpwg
09:07:16 [benoit]
benoit has joined #wpwg
09:20:49 [AdrianHB]
AdrianHB has joined #wpwg
09:33:42 [jezza]
jezza has joined #wpwg
09:34:36 [alex_liu]
alex_liu has joined #wpwg
10:15:34 [jessie]
jessie has joined #wpwg
11:16:23 [Zakim]
Zakim has left #wpwg
11:25:43 [benoit]
benoit has joined #wpwg
12:14:20 [AdrianHB]
AdrianHB has joined #wpwg
12:15:33 [alex_liu]
alex_liu has joined #wpwg
12:17:40 [alex_liu]
alex_liu has joined #wpwg
13:06:57 [bryanluo]
bryanluo has joined #wpwg
13:24:36 [rouslan]
rouslan has joined #wpwg
14:07:37 [rouslan]
rouslan has joined #wpwg
14:20:30 [bryanluo]
bryanluo has joined #wpwg
14:44:31 [rouslan]
rouslan has joined #wpwg
15:04:05 [alex_liu]
alex_liu has joined #wpwg
16:14:55 [stpeter]
stpeter has joined #wpwg
16:30:33 [marcosc]
marcosc has joined #wpwg
16:46:46 [marcosc]
marcosc has joined #wpwg
16:48:06 [marcosc]
marcosc has joined #wpwg
17:22:54 [marcosc]
marcosc has joined #wpwg
18:03:00 [rouslan]
rouslan has joined #wpwg
18:24:37 [marcosc]
marcosc has joined #wpwg
19:30:15 [marcosc]
marcosc has joined #wpwg
20:12:22 [rouslan]
rouslan has joined #wpwg
20:32:14 [marcosc]
marcosc has joined #wpwg
21:08:01 [rouslan]
rouslan has joined #wpwg
21:33:06 [marcosc]
marcosc has joined #wpwg
21:43:43 [marcosc_]
marcosc_ has joined #wpwg
22:06:46 [rouslan]
rouslan has joined #wpwg
22:38:36 [marcosc]
marcosc has joined #wpwg
22:54:20 [rouslan]
rouslan has joined #wpwg
23:00:28 [justin_toupin]
justin_toupin has joined #wpwg
23:42:24 [bryanluo]
bryanluo has joined #wpwg
23:43:13 [takashi]
takashi has joined #wpwg
23:44:02 [norie]
norie has joined #wpwg
23:44:17 [Masa_JCB]
Masa_JCB has joined #wpwg
23:44:40 [bryanluo_]
bryanluo_ has joined #wpwg
23:45:51 [alex_liu]
alex_liu has joined #wpwg
23:46:58 [AdrianHB]
AdrianHB has joined #wpwg
23:51:33 [jezza]
jezza has joined #wpwg
23:52:31 [cwarnier]
cwarnier has joined #wpwg
23:52:55 [gildas]
gildas has joined #wpwg
23:54:34 [mweksler]
mweksler has joined #wpwg
23:57:00 [Fawad]
Fawad has joined #wpwg
23:57:51 [Cheryl_M]
Cheryl_M has joined #wpwg
23:57:52 [Vishal-Expedia]
Vishal-Expedia has joined #wpwg
23:57:56 [pranjal]
pranjal has joined #wpwg
23:58:49 [benoit]
benoit has joined #wpwg
00:03:05 [bryanluo]
bryanluo has joined #wpwg
00:03:18 [AdrianHB]
AdrianHB has joined #wpwg
00:03:20 [jezza]
jezza has joined #wpwg
00:03:45 [krystosterone]
krystosterone has left #wpwg
00:03:47 [Masa_JCB]
Masa_JCB has joined #wpwg
00:03:55 [krystosterone]
krystosterone has joined #wpwg
00:04:07 [dave2037]
dave2037 has joined #wpwg
00:05:41 [jfontana]
jfontana has joined #wpwg
00:05:41 [jeff]
jeff has joined #wpwg
00:05:44 [rouslan]
rouslan has joined #wpwg
00:06:01 [jfontana]
present+
00:06:23 [Ciciley]
Ciciley has joined #wpwg
00:06:27 [Sophie]
Sophie has joined #wpwg
00:06:31 [Ciciley]
Present+
00:07:00 [frank]
frank has joined #wpwg
00:07:04 [Fawad]
present +
00:07:29 [Zakim]
Zakim has joined #wpwg
00:07:32 [Ian]
RRSAGENT
00:07:34 [Ian]
invite RRSAGENT
00:07:57 [Ian]
Meeting: Web Payments Working Group
00:08:02 [Ian]
Chair: Nick Telford-Ree
00:08:10 [vkuntz]
vkuntz has joined #wpwg
00:08:18 [vkuntz]
present+
00:08:21 [Ian]
Agenda: https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909
00:08:24 [Ian]
present+ jfontana
00:08:26 [Ian]
present+ Ciciley
00:08:29 [Ian]
present+ Fawad
00:08:35 [nicktr]
present+ nicktr
00:08:49 [Ian]
present+
00:09:03 [krystosterone]
present+
00:09:09 [Ian]
Topic: Merchant/Consumer Pain Points
00:09:11 [jezza]
jezza has joined #wpwg
00:10:50 [gildas]
present+
00:10:53 [alex_liu]
present+
00:11:04 [benoit]
present+
00:11:04 [heejin]
heejin has joined #wpwg
00:11:05 [mweksler]
present+
00:11:07 [jezza]
present+
00:11:09 [Sophie]
present+
00:11:09 [frank]
present+
00:11:12 [agektmr]
agektmr has joined #wpwg
00:11:12 [Roy]
Roy has joined #wpwg
00:11:13 [heejin]
present+
00:11:15 [jonathan]
jonathan has joined #wpwg
00:11:15 [dave2037]
present+
00:11:15 [Roy]
present+
00:11:16 [jungkees]
present+
00:11:16 [Vishal-Expedia]
present+
00:11:16 [Fawad]
present+
00:11:17 [agektmr]
present+
00:11:19 [Cheryl_M]
present+
00:11:19 [cwarnier]
present+
00:11:20 [jonathan]
present+
00:11:21 [justin_toupin]
present+
00:11:25 [rouslan]
present+
00:11:26 [Ian]
rrsagent, this meeting spans midnight
00:11:28 [Giulio]
Giulio has joined #wpwg
00:11:31 [tomasz]
tomasz has joined #wpwg
00:11:35 [florent]
florent has joined #wpwg
00:11:35 [Giulio]
present+
00:11:37 [wanli]
wanli has joined #wpwg
00:11:41 [tomasz]
present+
00:11:41 [florent]
present+
00:11:47 [bryanluo]
bryanluo has joined #wpwg
00:11:48 [dezell]
dezell has joined #wpwg
00:11:50 [wanli]
present+
00:11:53 [nicktr]
scribenick: nicktr
00:12:00 [dezell]
present+
00:12:19 [nicktr]
Topic: Consumer and Merchant pain points
00:12:20 [bryanluo]
present+
00:12:24 [sakiko]
sakiko has joined #wpwg
00:12:31 [sakiko]
present+
00:12:38 [JV]
JV has joined #WPWG
00:12:57 [nicktr]
Ian: Our first session comes after a suggestion from Lawrence Cheng
00:13:23 [nicktr]
...We have collated information about both consumer and merchant painpoints
00:13:38 [estes]
estes has joined #wpwg
00:13:43 [nicktr]
...Later we will run some mini-breakouts
00:13:45 [estes]
present+
00:13:48 [JV]
present+
00:13:51 [AdrianHB]
present+
00:14:13 [nicktr]
[Slides] -> https://www.w3.org/2019/Talks/ij-painpoints-201909/#start
00:14:46 [nicktr]
[Slide - painpoints at checkout]
00:16:07 [nicktr]
Ian - I think we have done pretty well on tackling many of these points
00:16:24 [AdrianHB]
present+ dongwoo
00:16:30 [nicktr]
Lawrence - I am sure we can add to these
00:16:55 [nicktr]
Lawrence: We should look at these with a "pinch of salt"
00:17:00 [vkuntz]
vkuntz has joined #wpwg
00:17:08 [nicktr]
...and what is the wider context
00:17:23 [nicktr]
...and does payment request address these?
00:17:45 [jezza]
jezza has joined #wpwg
00:17:55 [nicktr]
Ian: Would be great to collate more point points from the group (invites colleagues to contribute via IRC)
00:17:57 [nicktr]
q?
00:18:43 [maxh]
maxh has joined #wpwg
00:19:04 [html5cat]
html5cat has joined #wpwg
00:19:04 [nicktr]
Vincent: shipping options/addresses for smaller countries are often not well provided for
00:19:27 [nicktr]
[Slide - trust, security and privacy]
00:19:27 [vkuntz]
vkuntz has joined #wpwg
00:20:23 [nicktr]
Ian: We may not be able to do so much on these topics
00:21:00 [nicktr]
vkuntz: the bigger online sellers are not present in Belgium (for example) and do not ship there
00:21:11 [rouslan]
q+
00:21:26 [nicktr]
...but often the consumer doesn't know about this till the end of checkout
00:21:42 [jezza]
jezza has joined #wpwg
00:21:56 [nicktr]
ack rouslan
00:22:04 [vkuntz]
Pain points: shipping location not indicated upfront - shipping actually not possible to a specific country
00:22:27 [nicktr]
rouslan: vkuntz's use case is very interesting
00:22:53 [nicktr]
...I would probably start by geo-locating the IP address of the consumer and display a warning
00:23:44 [nicktr]
yyyy: what does best practise look like with payment request?
00:24:00 [AdrianHB]
s/yyyy/ciciley/
00:24:08 [nicktr]
Ian: we have some developer documentation but happy to add that to the list
00:24:39 [AdrianHB]
[group takes moment to pat itself on the back]
00:25:00 [nicktr]
ian: next we look at merchant painpoints
00:25:24 [nicktr]
[back to slides - payments and checkout]
00:25:44 [Vishal-Expedia]
q+
00:25:49 [nicktr]
ian: redirection to hosted payment page is called out as poor user experience
00:26:21 [nicktr]
ack Vishal-Expedia
00:26:52 [nicktr]
vishal-expedia: how does Payment Request deal with the hosted payment page challenge?
00:27:21 [nicktr]
ian: here's a demo
00:27:39 [nicktr]
[demo appears in japanese]
00:28:15 [nicktr]
ian: payment handlers solve for this. User doesn't lose the merchant context
00:28:54 [nicktr]
Vishal-Expedia: what about 3DS 2.x?
00:28:59 [rouslan]
q+
00:29:07 [Ciciley]
q+ comment: there are concerns about issuer approval rates as well
00:29:26 [marcosc]
marcosc has joined #wpwg
00:29:33 [nicktr]
ian: the security task force is looking at this - in short it's tackled by the improved experience of handler
00:30:09 [nicktr]
rouslan: payment handleris treated like a full page redirect but appears as an overlay
00:30:21 [nicktr]
ack rouslan
00:30:21 [benoit]
q+
00:30:30 [nicktr]
ack Ciciley
00:31:04 [nicktr]
Ciciley: the other pain point is that stronger authentication negatively affects approval rates
00:31:35 [nicktr]
...most merchants are frustrated about why transactions are being declined (cards)
00:32:29 [nicktr]
jonathan: the point of 3DS2 is to provide better scorer to the issuer but this information may not be known to the merchant
00:32:40 [nicktr]
s/scorer/scores/
00:32:52 [nicktr]
...so the expectation is that approval rates should improve
00:32:56 [nicktr]
q?
00:33:47 [Ian]
David: Login while traveling a pain point
00:33:48 [nicktr]
benoit: I think the demo showed a good pain point - localisation which might not be appropriate
00:34:22 [nicktr]
...but also if the issuer doesn't step up the authentication and then declines the subsequent tx then that really sucks
00:34:50 [nicktr]
ian: on trust/security, payment handler attempts to reduce the complexity/cost of providing more secure experiences
00:35:12 [nicktr]
q+
00:35:16 [nicktr]
ack benoit
00:35:35 [nicktr]
lawrence: on security, I think the key is "that work for customers"
00:35:41 [Ciciley]
q+ comment friendly fraud
00:35:52 [nicktr]
...also would be good to talk about firendly fraud
00:35:57 [Ian]
ack nicktr
00:36:03 [Ian]
scribenick: Ian
00:36:24 [Ian]
Ciciley: Lawrence, I was queued up to talk about friendly fraud.
00:36:36 [nicktr]
q?
00:36:44 [Ian]
...I think it's appropriate for this group to figure out during auth to figure out it's the "parent not the child"
00:37:10 [Ian]
...where issuer thinks parent authorized a transaction, then the bank is liable and they'd like to reduce that
00:37:16 [Ian]
...too many Fortnite purchases.
00:37:32 [Ian]
....that's another step in the right direction....ensuring the right person is authorizing the transaction.
00:37:39 [jonathan]
q+
00:37:41 [Ian]
ack Nick
00:37:55 [html5cat]
What is "friendly fraud"?
00:37:57 [Ian]
NickTR: People would be shocked at the size of the friendly fraud problem, e.g., on the order or 40%
00:38:03 [Ian]
...or "buyer regret"
00:38:42 [vkuntz_]
vkuntz_ has joined #wpwg
00:38:54 [Ian]
NickTR: Many children can unlock their parents' phones
00:39:03 [Ian]
...I think it's something that would be hard for us to trackle.
00:39:08 [Ian]
s/trackle/tackle
00:39:33 [Ian]
..I note also that some payment mechanisms (non-card) do not include chargeback mechanisms
00:39:37 [Ian]
q?
00:39:54 [Ian]
ack Jonathan
00:39:55 [nicktr]
q?
00:40:00 [Masa_JCB]
Masa_JCB has joined #wpwg
00:40:02 [Ian]
Jonathan: I think the use of WebAuthn and biometrics helps a lot
00:40:26 [Ian]
...the problem we have with device biometrics is that there is no way to link to a specific individual
00:40:33 [wonsuk]
wonsuk has joined #wpwg
00:40:49 [wonsuk]
present+ Wonsuk_Lee
00:40:55 [Ian]
...if there were a way for a given transaction to have more specific authentication, that could be interesting
00:40:56 [nicktr]
q?
00:40:57 [Ian]
present+
00:42:00 [benoit]
unlocking a device and authenticating payment should be different things
00:42:05 [nicktr]
scribenick: nicktr
00:42:08 [Vishal-Expedia]
q+
00:42:40 [nicktr]
lawrence: if we could crack some of these points, then we could give ourselves a real leg-up in getting merchant adoption
00:42:56 [nicktr]
...so the question is do we see any USPs in payment request
00:43:25 [nicktr]
ian: for our webauthn colleagues in the room, are you looking at this issue of more personalised ID?
00:43:43 [Vishal-Expedia]
Unique Selling Point
00:43:53 [nicktr]
zzzz: it's something we've looked at - many platforms are missing the ability
00:44:17 [Ian]
(IJ hears: "segmenting biometric templates" raises usability issues)
00:44:37 [nicktr]
zzzz: we may end up with a system that is too complex for consumers to use
00:44:58 [nicktr]
xxxx: it's the individualistic biometrics that are difficult
00:45:20 [nicktr]
zzzz: you could have separate hardware tokens for different users
00:45:33 [benoit]
q+
00:45:49 [nicktr]
zzzz: once you have multiple templates on a single device, it gets very difficult to understand
00:46:39 [Ian]
ack Vishal-Expedia
00:46:41 [nicktr]
zzzz: and it's difficult to design biometric systems which are not defeatable
00:47:12 [nicktr]
vishal: it's not just kids - also criminals forcing users to biometrically authenticate
00:47:19 [Ian]
Vishal: Netflix does this well - ok to have friction to set up new profile
00:47:28 [Ian]
...they ensure there's a kids profile
00:47:33 [Ian]
q?
00:48:14 [Ian]
Jonathan: You can have different profiles, but the same biometrics can access the profiles
00:48:39 [Ian]
zzzz: On newest Android, and where not blocked by carriers, templates are available
00:48:41 [Ian]
q?
00:48:44 [Ian]
ack benoit
00:49:00 [Ian]
benoit: Multiple profiles on the phone is a good concept but agree with usability challenge
00:49:02 [dezell]
q+
00:49:25 [Ian]
...I think the real solution to this (but not necessarily for this WG)....I could set up a flag on a biometric "this fingerprint cannot be used to authorized payments"
00:49:32 [Ian]
ack de
00:50:20 [Ian]
dezell: Some pain points for us at Conexxus:
00:50:24 [Ian]
- EMV at the pump
00:50:28 [jezza]
jezza has joined #wpwg
00:50:32 [rouslan]
q?
00:50:34 [Ian]
- Second generation EMV
00:50:50 [nicktr]
+1 for better granularity of control of permissions granted to specific biometrics (but consumers are unlikely to set up)
00:50:59 [Ian]
- SRC seems ok but Conexxus members still waiting to see how works with PR API
00:51:37 [jonathan]
+1 for better granularity as well
00:51:51 [Ian]
- Anticipate more remote payments (e.g., barcode based payments)
00:52:25 [Ian]
dezell: I think this group has done a great job, industry has evolved since we started this work; and this group has not done harm! :)
00:53:24 [Ian]
dezell: Merchants need more consumer data; but GPDR and and California rules make it challenging
00:53:31 [nicktr]
scribenick: nicktr
00:53:36 [nicktr]
ian: back to the slides
00:54:20 [nicktr]
ian: integration is complex - we heard yesterday from AirBnB that it would be great to do more (like sign up) with PR
00:54:57 [nicktr]
q?
00:55:41 [nicktr]
[rules and regulations]
00:56:49 [nicktr]
ian: we have a lot of items on our backlog for shipping
00:57:01 [sakiko]
sakiko has joined #wpwg
00:57:07 [sakiko]
present+
00:57:21 [jezza]
jezza has joined #wpwg
00:58:17 [nicktr]
ian: but we have not looked (to date) at a lot of new features because the consensus was to finish v1 first
00:58:21 [html5cat]
present+
00:58:52 [nicktr]
ian: let's organise into 4 groups and prioritise this list of 16 pain points
00:58:52 [html5cat]
q
00:58:57 [html5cat]
q+
00:59:08 [nicktr]
q?
00:59:37 [nicktr]
ack html5cat
01:00:04 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
01:00:40 [jezza]
jezza has joined #wpwg
01:00:45 [nicktr]
html5cat: at Puma browser, we would like to see if our browser could be helpful for some of these painpoints - we are not bound by the incumbent user bases of the big browsers
01:00:47 [rouslan]
+1
01:00:54 [nicktr]
...we can innovate quickly
01:01:05 [jezza]
jezza has joined #wpwg
01:01:31 [nicktr]
[breakouts occur]
01:03:51 [jessie]
jessie has joined #wpwg
01:03:53 [html5cat]
my email is yuriy@pumabrowser.com if anything and our site is https://www.pumabrowser.com . I'll be at Coil sponsor booth if you're at TPAC in-person.
01:18:30 [bryanluo]
bryanluo has joined #wpwg
01:22:25 [mweksler]
mweksler has joined #wpwg
01:24:21 [marcosc]
marcosc has joined #wpwg
01:27:11 [frank]
frank has joined #wpwg
01:33:46 [rouslan]
rouslan has joined #wpwg
01:34:17 [bryanluo]
bryanluo has joined #wpwg
01:34:24 [jessie]
jessie has joined #wpwg
01:40:22 [pranjal]
pranjal has joined #wpwg
01:45:57 [jezza]
jezza has joined #wpwg
01:46:45 [jessie]
jessie has joined #wpwg
01:47:55 [pranjal]
pranjal has joined #wpwg
01:50:04 [bryanluo]
bryanluo has joined #wpwg
01:52:57 [dezell]
dezell has joined #wpwg
01:54:14 [pranjal_]
pranjal_ has joined #wpwg
01:54:58 [pranjal_]
pranjal_ has joined #wpwg
01:55:01 [HirokiEndo]
HirokiEndo has joined #wpwg
01:55:19 [HirokiEndo]
HirokiEndo has left #wpwg
01:55:25 [pranjal]
pranjal has joined #wpwg
01:55:26 [bryanluo]
bryanluo has joined #wpwg
01:56:25 [HirokiEndo]
HirokiEndo has joined #wpwg
01:57:56 [mweksler]
mweksler has joined #wpwg
02:00:36 [hendo]
hendo has joined #wpwg
02:01:27 [michelweksler]
michelweksler has joined #wpwg
02:03:23 [frank]
frank has joined #wpwg
02:03:47 [jonathan]
jonathan has joined #wpwg
02:04:29 [AdrianHB]
AdrianHB has joined #wpwg
02:04:52 [Masa-JCB]
Masa-JCB has joined #wpwg
02:04:55 [takashi]
takashi has joined #wpwg
02:05:39 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
02:05:51 [Ian]
Topic: Review of pain point breakout findings
02:05:56 [Ian]
-> https://www.w3.org/2019/09/wpwg-ftf/ Images
02:06:40 [Ian]
scribenick: Ian
02:07:18 [Gerhard]
Gerhard has joined #wpwg
02:07:20 [Gerhard]
present+
02:08:31 [Ian]
-> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp1.jpg Adrian's group
02:08:43 [Ian]
AdrianHB: We thought everything was important
02:08:48 [Fawad]
Fawad has joined #wpwg
02:08:58 [Ian]
...a common theme was that a lot of pain points could be addressed through more widespread use of payment handlers
02:09:54 [jv]
jv has joined #wpwg
02:10:07 [urata]
urata has joined #wpwg
02:10:47 [gildas]
gildas has joined #wpwg
02:11:27 [marcosc]
marcosc has joined #wpwg
02:11:37 [tobie]
present+
02:12:48 [Ian]
-> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp2.jpg Ian's group
02:12:59 [Ian]
-> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp3.jpg Lawrence's group
02:13:21 [Ian]
Lawrence: For global players, simplifying cross-border important and difficult
02:13:40 [Ian]
....for local merchants that do export today, there are not a lot of options for them to do cross-border payments and it can be expensive
02:14:06 [Ian]
...at the same time, we have situation with wallet players for cross-border payments....the volumes are quite low (e.g., Chinese tourists using Apple Pay today)
02:14:23 [Ian]
..the other one I want to point out is "optimal speed for checkout"...not too fast/too slow
02:14:39 [Ian]
...for new-to-merchant consumers we thought it was important but somewhat difficult
02:15:10 [Ian]
..but for returning customers, as important but not as difficult
02:15:20 [Ian]
Ian: We also talked about not too fast/not too slow
02:15:36 [Ian]
Lawrence: We observed our goal ultimately is imperative conversion and reduce chargebacks.
02:15:56 [Ian]
....to be able to tick the box that we have succeeded we need to be able to show scale
02:16:11 [Ian]
-> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp4.jpg Nick's group
02:16:31 [Ian]
Rouslan: We had some challenge figuring out who this was related to (difficult for whom? important to whom?)
02:16:43 [Ian]
...maybe privacy would be super important to users if more was communicated to them.
02:17:20 [Ian]
...on the other hand, in terms of difficulty, some things may be difficult for PSPs today, but some things might be shifted to UAs through web payments
02:17:30 [Ian]
...our process was first to figure out what was important, then we assigned difficulty
02:17:34 [Ian]
[Ian: We did that as well]
02:18:34 [Ian]
....we had some confusion around "account-free checkout"
02:18:40 [Ian]
...who is the account with?
02:19:08 [Ian]
...I think the most difficult things to figure out are things that are product challenges (moreso than engineering challenges)
02:19:28 [Ian]
...so reduce auth friction and speed up checkout...those are great...it requires a lot of experimentation and user studies to do this well
02:19:37 [Ian]
...so it's actually quite challenging to do in practice
02:20:00 [nicktr]
q?
02:20:33 [jezza]
jezza has joined #wpwg
02:21:01 [Ciciley]
Ciciley has joined #wpwg
02:21:13 [Ciciley]
present+
02:21:17 [Ian]
Ian: Next steps - four of us synthesize and report back
02:21:20 [Ian]
Topic: Rechartering
02:23:11 [nicktr]
Topic: Rechartering
02:28:25 [vkuntz_]
q+ to note that Credit Transfers will probably become more relevant with PSD2 in Europe
02:32:17 [rouslan]
q+
02:32:26 [marcosc]
q+
02:33:14 [rouslan]
q++++
02:33:26 [rouslan]
q- +++
02:33:34 [michelweksler]
lol
02:34:40 [Giulio]
Giulio has joined #wpwg
02:35:47 [nicktr]
q- ++++++++++++++++++++++++++++++++++++++++++++++++++++++
02:36:10 [Gerhard]
q+
02:36:12 [Ian]
ack vkuntz_
02:36:12 [Zakim]
vkuntz_, you wanted to note that Credit Transfers will probably become more relevant with PSD2 in Europe
02:36:32 [nicktr]
Lawrence: can we have a table showing the possible and actual combinations of browsers and payment methods?
02:36:37 [AdrianHB]
lawrence: can we table the combinations of browser and payment method that we expect to work/not work?
02:36:58 [Ian]
ack rouslan
02:37:24 [nicktr]
Rouslan: Chrome's position is to support as many options as possible
02:37:52 [nicktr]
...so we'd like to see no tie-in between handler and browser
02:37:59 [nicktr]
...though that isn't the current reality
02:38:04 [Ian]
scribenick: Ian
02:38:18 [saschanaz]
saschanaz has joined #wpwg
02:38:28 [Ian]
nicktr: Payment handlers can help localize the user experience; there's now way that a browser is going to adapt to all the local requirements
02:38:33 [Ian]
...so payment handlers are the future
02:38:34 [nicktr]
rouslan: we think the future is more payment handlers - especially for edge case
02:38:38 [Ian]
s/nicktr:/rouslan:
02:38:56 [nicktr]
rouslan: basic card isn't really implemented anywhere but Chrome
02:38:57 [Ian]
rouslan: We can probably stop working on Basic Card.
02:39:03 [Ian]
w?
02:39:06 [Ian]
q?
02:39:07 [Ian]
ack mar
02:39:11 [nicktr]
...but we could probably stop supporting it
02:39:20 [sakiko]
sakiko has joined #wpwg
02:39:25 [Sophie_]
Sophie_ has joined #wpwg
02:39:28 [sakiko]
present+
02:39:29 [Ian]
marcosc: We think that basic card is "worth it" but it's challenging to do well; we had about 10 people working on it
02:39:47 [Ian]
...if anyone out there wants to be the Basic Card provider for FF, contact me!
02:39:56 [nicktr]
q?
02:40:17 [Ian]
marcosc: I agree that having multiple payment handlers would be ideal
02:40:37 [nicktr]
q?
02:40:39 [Ian]
...FF would need resources to do and maintain Basic Card.
02:40:41 [Ian]
ack Gerhard
02:40:44 [nicktr]
ack Gerhard
02:40:48 [Ian]
Gerhard: I think Basic Card is useful.
02:40:59 [Ian]
...regarding SRC subsuming 3DS and tokenization
02:41:23 [Ian]
...all three of them are "optional" and "interoperable" but need not be used all together
02:41:41 [jezza]
jezza has joined #wpwg
02:41:47 [Ian]
...it's important for me and I think the industry that with PR API that the flexibility be maintained
02:42:06 [nicktr]
q?
02:42:07 [Ian]
...I agree that the 3 together would be a beautiful symphony, but don't assume merchants will demand to use all three of them.
02:42:15 [benoit]
q+
02:42:21 [urata_]
urata_ has joined #wpwg
02:42:22 [jv]
q+
02:42:37 [Ian]
Jungkee: I agree with how Ian captured the spec status in Edge.
02:42:53 [Ian]
...we support the idea of supporting multiple payment handlers. We don't have any plans to disable any payment handlers.
02:43:00 [Ian]
...regarding Basic Card, Edge already supports it.
02:43:37 [Ian]
...I see no reason to stop working on Basic Card
02:43:40 [Ian]
q?
02:44:10 [AdrianHB]
q+ to distinguish between basic-card and the need for basic-card handler built into browsers
02:44:38 [Ian]
Jungkee: It's an ongoing discussion with MS about relationship to MS Wallet; but I don't have any updates about MS Pay
02:44:59 [rouslan]
q+
02:45:04 [jbarclay]
jbarclay has joined #wpwg
02:45:06 [rouslan]
q-
02:45:09 [rouslan]
q+ justin
02:45:11 [Ian]
Jungkee: So we'd like to figure out how to further promote PR API
02:45:14 [dwim]
dwim has joined #wpwg
02:45:21 [Ian]
...including more communication with customers, merchants, partners
02:45:41 [Ian]
...are there good ways to approach merchants let's discuss
02:45:56 [Ian]
q?
02:46:24 [Ian]
dongwoo: Here's a status update from Samsung - we also support Basic Card in Samsung Internet browser.
02:46:37 [Ian]
...so I think Basic Card remains useful and we should at least maintain this as a solution
02:46:43 [Ian]
...Samsung Pay also works on Android.
02:46:58 [Ian]
...and we're happy to work with other browsers and other collaborations with payment handlers
02:47:01 [Ian]
ack benoit
02:47:44 [Ian]
benoit: Will SRC be required for all issuing banks? If the answer is no, then we need another payment method for other cards the are issued
02:48:05 [Ian]
Jonathan: SRC does not require tokens
02:48:24 [nicktr]
q+
02:48:55 [Ian]
[Question about whether SRC would ultimately subsume Basic Card]
02:49:23 [Ian]
benoit: We can't eliminate Basic Card unless we have a replacement that meets the requirements.
02:49:27 [nicktr]
q?
02:49:34 [Ciciley]
q+
02:49:36 [Ian]
JonathanG: Could you list the requirements you have in mind?
02:50:29 [Vishal-Expedia]
q+
02:50:29 [Ian]
jv: The basic premise is we need a minimal level of interop; card payments (basic) are the de facto. Seems Basic Card is basically done (but for Safari).
02:50:38 [Ian]
....we need something that works "most of the time" otherwise PR API won't be adopted.
02:50:45 [tomasz]
q?
02:50:58 [Ian]
....3DS is no longer really optional (cf Europe)
02:51:13 [Ian]
...tokens are not that hard to do, so I think they will be increasingly used as a trinity
02:51:23 [Ian]
AdrianHB: I think it's important to make the following distinction -
02:51:36 [rouslan]
+1
02:51:42 [Ian]
...merchants should be able to get card details back, but that doesn't necessarily mean that the card details need to be returned by the browser.
02:51:49 [Ian]
(Rouslan gives a +1 to that assertion)
02:51:57 [Gerhard]
q+
02:52:01 [Ian]
ack jv
02:52:13 [Ian]
AdrianHB: Today Basic Card is basically replacing autofill....in my opinion, that's the sticking point for the moment
02:52:24 [tomasz]
q+
02:52:35 [Ian]
...I think it's useful to distinguish the simple ability to return card details, but can we change how that's implement today?
02:52:40 [Ian]
ack Adr
02:52:40 [Zakim]
AdrianHB, you wanted to distinguish between basic-card and the need for basic-card handler built into browsers
02:52:48 [Ian]
ack justin
02:52:49 [estes]
q+
02:52:59 [AdrianHB]
q?
02:53:09 [Ian]
justin: Chrome ships with an implementation of basic card. There could be third parties that are willing to support basic card (think "Firefox")
02:53:35 [jeff_]
jeff_ has joined #wpwg
02:53:35 [Ian]
...if the browsers are not building support, are there third-party payment handlers willing to step up to support the payment method?
02:53:56 [Ian]
...we had a lot of conversation yesterday about 3DS....I also challenge the assumption that it's covered by SRC.
02:54:07 [Ian]
...I think there's some more thinking to do on that
02:54:10 [Ian]
ack nick
02:54:13 [AdrianHB]
ack nicktr
02:54:39 [Ian]
nicktr: As much as I'd like to see Basic Card go away (due to security challenges), the reality is that we need to have basic card
02:54:44 [jv]
+1 Keep 3DS/Authentication separate from SRC
02:54:50 [Ian]
...so I think it's difficult for merchants to see the benefit of implementing PR API
02:55:16 [Ian]
...because there is not a single payment method supported across all browsers, that's a key disincentive to adoption
02:55:24 [Fawad_N]
Fawad_N has joined #WPWG
02:55:29 [Ian]
...if I could pick one key thing in rechartering, it would be to have one payment method that works across browsers.
02:55:30 [Ian]
q?
02:55:40 [AdrianHB]
ack ciciley
02:55:50 [AdrianHB]
zakim, close the queue
02:55:50 [Zakim]
ok, AdrianHB, the speaker queue is closed
02:56:02 [Ian]
Ciciley: There are some payment brands that have landed support for some aspects of SRC
02:56:19 [AdrianHB]
ack Vishal-Expedia
02:56:43 [Ian]
Vishal-Expedia: We've been having SRC conversations for 1 year. There are some use cases within Expedia where Basic Card is absolutely required
02:56:58 [Ian]
....so not having Basic Card would mean we would not adopt PR API
02:57:08 [AdrianHB]
ack Gerhard
02:57:10 [Ian]
...I think you need to ask 100 merchants for their views on the importance of Basic Card
02:58:07 [Ian]
Gerhard: Maybe the answer is to extend Basic Card to support an e-commerce token (that merchants are being required to accept)
02:58:36 [AdrianHB]
ack tomasz
02:58:59 [Ian]
..perhaps useful for merchants to reduce PCI burden via e-commerce token
02:59:25 [rouslan]
q+ to talk about the "killing"
02:59:26 [Ian]
Tomasz: What else would we add to Basic Card? We could stop work on Basic Card and it could still be used by the industry.
02:59:28 [nicktr]
I'd like to suggest that the security task force looks at Gerhard's suggestion - we were looking at "tokenized" payments before SRC came along. Can we support both?
03:00:01 [Ian]
Rouslan: We are not really talking about killing Basic Card, just no longer working on the spec.
03:01:13 [kimwooglae]
kimwooglae has joined #wpwg
03:02:09 [Ian]
[Andy can you type?]
03:02:13 [estes]
I don't want to derail the meeting, so it's ok if you can't hear me :)
03:02:15 [estes]
sure, I'll type
03:02:25 [marcosc]
marcosc has joined #wpwg
03:02:30 [hendo_]
hendo_ has joined #wpwg
03:02:32 [jezza]
jezza has joined #wpwg
03:04:29 [Ian]
AdrianHB: If we are going to fully embrace payment handlers, shouldn't basic card support be more like other payment handlers?
03:05:20 [Ian]
...I have some slides for after lunch
03:06:24 [justin_toupin]
justin_toupin has joined #wpwg
03:06:36 [jeff__]
jeff__ has joined #wpwg
03:07:06 [AdrianHB]
ian: one question to consider, are there other payment methods we need to consider
03:07:26 [AdrianHB]
... prioritization of future work
03:07:49 [AdrianHB]
... we have developed good liasons with FIDO and EMVCo, are there others?
03:08:07 [AdrianHB]
... we also need to think about how long the new charter should last
03:08:27 [AdrianHB]
[STRAWPOLL] Any objections to recharting?
03:08:31 [AdrianHB]
- None
03:09:01 [AdrianHB]
ian: next steps is for chairs to draft proposed new charter
03:09:07 [nicktr]
q?
03:09:12 [AdrianHB]
zakim, open the queue
03:09:12 [Zakim]
ok, AdrianHB, the speaker queue is open
03:09:21 [nicktr]
ack estes
03:09:26 [estes]
Ian: I just wanted to agree with AdrianHB
03:10:07 [Ian]
Gerhard: Yesterday we say a presentation on QR codes. EMVCo has a standard. We are seeing more demand for it. Should we explore QR codes in our charter?
03:10:09 [AdrianHB]
+1
03:10:11 [nicktr]
+1 for QR
03:10:21 [estes]
Ian: we didn't see basic card built into safari as a meaningful improvement over autofill
03:10:41 [michelweksler]
+1 for QR
03:11:01 [estes]
Ian: and thought it could introduce user confusion to show a payment sheet that might look like Apple Pay but not offer its security benefits
03:11:09 [rouslan]
q+ to talk about autofill and basic-card
03:11:46 [Ian]
Ian: Could auto-fill plug into PR API requests for Basic Card
03:11:48 [jv]
jv has joined #wpwg
03:11:56 [Ian]
Justin: Some issues around user-consent in that model
03:12:19 [Ian]
Rouslan: For auto-fill-to-basic-card...something even more interesting than that is flowing in the other direction...
03:12:33 [Ian]
...data flows from basic card payment handler to auto-fill fields
03:12:47 [Ian]
...so the merchant doesn't need to use PR API, but Payment Handlers are still useful to users.
03:12:52 [Ian]
q?
03:12:55 [Ian]
ack rouslan
03:12:55 [Zakim]
rouslan, you wanted to talk about autofill and basic-card
03:13:12 [Ian]
AdrianHB: We've had at least one example of a 3rd party payment handler that did Basic Card (this was Klarna)
03:13:30 [norie]
norie has joined #wpwg
03:13:33 [Ian]
...are there others who might explore that if Basic Card were the ubiquitous option?
03:14:00 [Gerhard]
+1
03:14:14 [Ian]
IJ: I recall the value proposition was riding basic card rails without requiring any changes to merchant site
03:14:35 [Ian]
RRSAGENT, make minutes
03:14:35 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:15:20 [frank]
frank has joined #wpwg
03:15:33 [Ian]
Ian: So next steps is for the Chairs to come up with a draft charter based on your comments and other data from this meeting
03:15:39 [Ian]
Topic: Web Monetization
03:15:42 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:16:02 [Ian]
AdrianHB: This is just a quick-ee intro; we can go listen to Stefan across the hall for more in 30 mins
03:16:29 [Ian]
...a site that wants to accept streaming micropayments puts a <meta> tag in their site
03:16:42 [Ian]
...the content of the tag is a URL that is a payment pointer
03:16:57 [Ian]
...the way that the protocol works is that the browser fetches the document at that URL
03:17:09 [Ian]
...the browser generates a session header (unique)
03:17:21 [Ian]
...when payments are sent to the address, the address is slightly different for each session
03:17:24 [Ian]
...to avoid correlation
03:17:39 [Ian]
...the proposal in the WICG is a monetization object
03:17:55 [Ian]
-> https://interledger.org/rfcs/0028-web-monetization/ Web Monetization spec
03:18:14 [rouslan]
q+ to ask whether the web has any other progress type events
03:18:21 [nicktr]
q?
03:18:25 [Ian]
...the event fires every time a payment is sent by the browser
03:18:45 [Ian]
....in terms of sending the payments, Coil has implemented this as a browser plug-in; Puma has implemented this natively
03:18:59 [Ian]
..what we are looking for is a new payment method called "monetization"
03:19:16 [Ian]
..and implicitly there is no user interaction; there is assumed some pre-authorization of an amount
03:19:25 [Ian]
...and as the user browsers small amounts of value are transmitted
03:19:48 [Ian]
...a "web monetization agent" is a component in the browser that makes decisions on the user's behalf about how much to spend on each site
03:20:04 [Ian]
...users need to be able to control their ability to pay on certain sites.
03:20:32 [Ian]
...a core requirement is privacy - how do we build a client-side component that evaluates how much to pay and how much, but without becoming a tool for parties to track users?
03:21:00 [Ian]
...the monetization agenda is authorized to make payments out of the user's wallet (which may be the same or different party from the party that does the monetization agent
03:21:04 [Ian]
s/agenda/agent
03:21:21 [Ian]
...we've decoupled monetization agent from wallet.
03:21:36 [Ian]
...e.g., use Coil's web monetization agent but pay via google pay
03:21:38 [Ian]
ack rouslan
03:21:38 [Zakim]
rouslan, you wanted to ask whether the web has any other progress type events
03:21:47 [pranjal]
pranjal has joined #wpwg
03:21:58 [dezell]
dezell has joined #wpwg
03:21:59 [Ian]
Rouslan: This is an interesting idea. A "progress" type event might be tricky to event
03:22:03 [Ian]
s/event/implement
03:22:08 [jonathan]
jonathan has joined #wpwg
03:22:16 [Ian]
Rouslan: Marcos, do you know of any progress-type events?
03:22:24 [Ian]
marcosc: There is a progress element that has one
03:22:44 [Ian]
-> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/progress Progress indicator element
03:22:53 [Ian]
AdrianHB: We have been thinking about this as a streaming protocol
03:23:29 [Ian]
q?
03:23:34 [marcosc]
rouslan, e.g., progress event from XHR https://xhr.spec.whatwg.org/#interface-progressevent
03:23:58 [Ian]
AdrianHB: On 16 September we (Coil) announced a "Grant for the Web"
03:24:17 [Ian]
-> https://www.grantfortheweb.org/ Grant for the Web
03:24:38 [Ian]
AdrianHB: We've set aside funds for grants to people who are developing content to push this ecosystem forward.
03:24:51 [Ian]
...joint announcement with Mozilla and Creative Commons
03:25:06 [Ian]
...the overlap with the WPWG is:
03:25:11 [Ian]
* Definition of a monetization payment method
03:25:15 [Ian]
* Role of payment handlers
03:25:30 [Ian]
...one idea is web site calls PR API (instead of "meta") and payment handlers respond
03:25:45 [Ian]
...there are breakouts tomorrow on this topic
03:25:49 [nicktr]
q?
03:26:28 [jezza]
jezza has joined #wpwg
03:26:37 [Ian]
IJ: Describe user flow?
03:27:12 [Ian]
AdrianHB: You have money in a wallet. I get an authorization from that wallet in the form of an access token. I give that to the monetization agent.
03:27:24 [Ian]
...I leave it up to that agent to make decisions about how to pay for content
03:27:36 [Ian]
IJ: What is payment request role?
03:27:38 [html5cat]
q+
03:27:57 [Ian]
AdrianHB: Potentially the merchant could use it to invoke web monetization, but without user interaction
03:28:18 [Ian]
IJ: That would require a change to PR API that requires a user gesture
03:28:25 [nicktr]
ack html5cat
03:28:37 [Ian]
Yuri: If you pick up the Coil gift bag, you get some access to a Coil account, etc. etc.
03:29:00 [Ian]
Yuri: Get Puma!
03:29:10 [Ian]
Marcosc: I encourage people to check it out
03:29:29 [Ian]
[The crowd chants for demo!]
03:30:18 [bryanluo_]
bryanluo_ has joined #wpwg
03:32:16 [html5cat]
https://flood.enclavegames.com
03:34:25 [jezza]
jezza has joined #wpwg
03:34:29 [Ian]
AdrianHB: It's up to each site to figure out how they reward the monetization offer
03:34:46 [Ian]
....e.g., in the above demo, the game provider offers free coins. Somebody else might, say, not show ads.
03:35:23 [rouslan]
q+
03:35:42 [Ian]
ack rouslan
03:35:51 [Ian]
Rouslan: Web Monetization based on ILP?
03:35:55 [Ian]
AdrianHB: Yes.
03:36:05 [Ian]
AdrianHB: The way we've done the payments rails is using ILP
03:36:28 [Ian]
..ILP let's us set up an addressing space.
03:36:36 [Ian]
...it's easy for us as Coil to route payments that way
03:36:57 [Ian]
...it's not a payment network per se...just an addressing overlay on existing payment systems
03:37:03 [Ian]
Rouslan: Is that a hard dependency on ILP
03:37:22 [Ian]
AdrianHB: Not theoretically, but yes practically. There is no other way that is cost-effective for sending such small payments
03:37:56 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:38:14 [Ian]
Rouslan: Is Interledger being done at W3C?
03:38:52 [Ian]
AdrianHB: Work started at the W3C Interledger CG. There is now an Interledger Foundation. The intent is for all the IP to be held by that organization, and to stay open and RF
03:38:52 [agektmr]
q+
03:39:13 [Ian]
AdrianHB: https://tools.ietf.org/html/draft-thomas-interledger-00 is not standards track
03:39:20 [Ian]
...we've not taken anything on a formal standards track
03:39:32 [Ian]
..these are community-developed documents.
03:39:36 [Ian]
ack agektmr
03:39:52 [Ian]
agektmr: What is relation to Metamask?
03:40:02 [Ian]
AdrianHB: There are quite a few efforts to do this with cryptocurrencies.
03:40:19 [Ian]
...if the hard dependency on crypto rather than ILP, that will be the end of the game for them
03:40:27 [Ian]
..until things are built into browsers, it's not going to take off
03:40:44 [Ian]
...if they were to do payments with payment systems we already use, they would be more successful
03:40:58 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:41:36 [html5cat]
If anyone has a hdmi-> display port adapter I'd really appreciate it
03:41:42 [jv]
jv has joined #wpwg
03:42:10 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
03:57:06 [bryanluo]
bryanluo has joined #wpwg
03:58:20 [jezza]
jezza has joined #wpwg
04:01:36 [mweksler]
mweksler has joined #wpwg
04:01:45 [bryanluo_]
bryanluo_ has joined #wpwg
04:03:58 [jv]
jv has joined #wpwg
04:07:52 [pranjal]
pranjal has joined #wpwg
04:11:06 [rouslan]
rouslan has joined #wpwg
04:18:31 [hendo]
hendo has joined #wpwg
04:21:16 [pranjal]
pranjal has joined #wpwg
04:25:41 [jv]
jv has joined #wpwg
04:25:49 [marcosc]
marcosc has joined #wpwg
04:32:53 [bryanluo]
bryanluo has joined #wpwg
04:34:57 [alex_liu]
alex_liu has joined #wpwg
04:35:32 [alex_liu_]
alex_liu_ has joined #wpwg
04:42:08 [mweksler]
mweksler has joined #wpwg
04:42:21 [jezza]
jezza has joined #wpwg
04:45:40 [jezza]
jezza has joined #wpwg
04:47:52 [bryanluo]
bryanluo has joined #wpwg
04:50:23 [mweksler]
mweksler has joined #wpwg
04:52:41 [alex_liu]
alex_liu has joined #wpwg
04:54:24 [marcosc]
marcosc has joined #wpwg
04:55:07 [marcosc]
marcosc has joined #wpwg
04:55:32 [jezza]
jezza has joined #wpwg
04:56:37 [alex_liu]
alex_liu has joined #wpwg
05:00:01 [frank]
frank has joined #wpwg
05:00:27 [saschanaz]
Sorry to distract everyone but am I only one hearing annoying high frequency noise in WP meeting room
05:01:33 [cwarnier]
cwarnier has joined #wpwg
05:01:46 [jessie]
jessie has joined #wpwg
05:02:57 [nicktr]
no, I can hear it too
05:03:32 [pea13]
pea13 has joined #wpwg
05:03:33 [canton_]
canton_ has joined #wpwg
05:03:36 [saschanaz]
It really distracts me and I want it to be fixed.. Not sure how
05:03:37 [bryanluo]
bryanluo has joined #wpwg
05:03:46 [jv]
jv has joined #wpwg
05:04:31 [AdrianHB]
AdrianHB has joined #wpwg
05:04:37 [Masa_JCB]
Masa_JCB has joined #wpwg
05:06:15 [marcosc]
marcosc has joined #wpwg
05:06:48 [norie]
norie has joined #wpwg
05:07:11 [takashi]
takashi has joined #wpwg
05:07:12 [jonathan]
jonathan has joined #wpwg
05:08:07 [jezza]
jezza has joined #wpwg
05:08:17 [Fawad_n]
Fawad_n has joined #WPWG
05:08:18 [Ian]
Topic: Web Authentication Update
05:08:36 [Ian]
Tony: We're working on WebAuthn2. Also, we'd like to understand better payment handlers.
05:08:48 [Ian]
...Web Authentication WG is rechartering through 2021
05:09:04 [Ian]
...some level 2 features include:
05:09:12 [Ian]
- iframe support (for origins other than top-level origins)
05:09:25 [Ian]
....can be helpful in payment flows you've described.
05:09:27 [Ian]
- some biometric things
05:09:30 [Ian]
- some specification cleanup
05:09:44 [Ciciley]
Ciciley has joined #wpwg
05:09:49 [Gerhard]
Gerhard has joined #wpwg
05:09:56 [Ian]
...We have deployment of WebAuthn1 in Chrome, Edge, Firefox. In development in Safari (desktop)
05:09:57 [Ciciley]
present+
05:10:08 [Ian]
...we'd like for payment handlers to be able to use WebAuthn
05:10:31 [Ian]
...we don't have delegation yet
05:10:44 [Ian]
..it takes place between the relying party (the handler) and the client (the browser)
05:10:48 [marcosc]
+q
05:10:56 [Ian]
..we'd like to understand your requirements for authentication beyond the payment handler itself
05:11:09 [Ian]
ack marcosc
05:11:12 [jonathan]
q+
05:11:14 [Gerhard]
q+
05:11:17 [tomasz]
q+
05:11:21 [ella]
ella has joined #wpwg
05:11:52 [Ian]
marcosc: We have a payment sheet that operates as a top-level browsing context.
05:11:58 [Ian]
AdrianHB: We still need to cover delegation
05:12:17 [Giulio]
Giulio has joined #wpwg
05:12:23 [Ian]
Tomasz: In the context of 3DS 2.0, there is a challenge flow that is sometimes implemented as an iframe.
05:12:26 [jezza]
jezza has joined #wpwg
05:12:36 [jezza]
q+
05:12:37 [Ian]
...it's not possible for the issuer to perform 3DS step-up without an iframe
05:12:44 [AdrianHB]
ack tomasz
05:12:45 [Ian]
Tony: I had pointed to a pull request:
05:13:04 [AdrianHB]
https://github.com/w3c/webauthn/issues/911
05:13:05 [Ian]
-> https://github.com/w3c/webauthn/issues/911
05:13:24 [Ian]
Tony: The group had wanted to go down the feature policy path; there were objections and we are trying to work through them
05:13:39 [Ian]
...I think it's just feature policy itself.
05:13:42 [Ian]
ack Jonathan
05:14:00 [Ian]
Jonathan: There are a few things we discussed yesterday..."delegation" is one
05:14:10 [Ian]
Tony: We want to understand your use case and determine the best approach.
05:14:30 [Ian]
...I have the feeling there are use cases where you'd like to carry authentication downstream.
05:14:36 [nicktr]
q+ to talk about a delegation use case
05:14:39 [bryanluo]
bryanluo has joined #wpwg
05:14:51 [urata]
urata has joined #wpwg
05:14:57 [Ian]
Jonathan: Someone who is not the relying party wants access to FIDO credentials and return signature back to relying party
05:15:25 [Ian]
...a second use case is something to facilitate 3DS where the issuer has created credentials and the merchants would like to use them
05:15:47 [Ian]
Tony: There is some information we've agreed to with EMVCo about what information will be passed along [to 3DS]
05:15:54 [urata]
urata has joined #wpwg
05:15:55 [jv]
jv has joined #wpwg
05:16:08 [Ian]
Jonathan: In that case the relying party is still the merchant. But there are use cases where the relying party is not the merchant.
05:16:25 [Ian]
...this morning we also discussed that it would be nice to distinguish from among users (that's more FIDO or platform thing)
05:16:36 [Ian]
Tony: Agree that's a platform question.
05:16:40 [Ian]
q?
05:17:00 [Ian]
zzzz: As mentioned earlier, profiles raise usability issues
05:17:25 [Ian]
...if the wallet is doing the WebAuthn directly on the device, there is no concept currently of segmentation of the use of the credential.
05:17:52 [Ian]
...it's easy to say "the wallet could do it" but then we'd have to have different enrollments all the way back up
05:18:01 [Ian]
...the complexity goes up when building up all the things around it
05:18:14 [Ian]
Jonathan: I had in mind that the relying party at enrollment time could create some new things (e.g., templates)
05:18:46 [Ian]
zzzz: That's theoretically possible but the infrastructure parts may not be able to handle the segmentation
05:18:56 [Ian]
q?
05:19:19 [jcj_moz]
jcj_moz has joined #wpwg
05:19:23 [Ian]
Jonathan: Yesterday we also spoke about the use case where the relying party wants to know what key ids belong to it.
05:19:42 [Ian]
...is that something that is standardized?
05:19:58 [Ian]
zzzz: It's standardized so that the relying party can never know that.
05:20:08 [Ian]
Jonathan: Even if the relying party created the keys?
05:20:26 [Ian]
JohnBradley: We can't create a super cookie that can be returned without user consent
05:20:39 [Ian]
..if you want to create a cookie to memorize credentials, you can just do that.
05:20:49 [jv_]
jv_ has joined #wpwg
05:20:53 [Ian]
s/zzzz/John Bradley/g
05:20:57 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:21:25 [Ian]
Jonathan: Is there a privacy issue to know what authenticators are on the platform?
05:21:27 [Ian]
JohnBradley: Yes
05:21:52 [Ian]
JohnBradley: There is at least one person on this side of the table who has concerns about adding to browser fingerprinting.
05:22:15 [Ian]
Jonathan: You would like to know whether there is an authenticator on the platform.
05:22:43 [Ian]
JohnBradley: You can learn "there is an authenticator" and for some platforms you know what that is, but you cannot find out what biometrics are supported by that authenticator
05:22:53 [Ian]
q?
05:23:00 [justin_toupin]
justin_toupin has joined #wpwg
05:23:11 [Ian]
Tony: You can ask for user verification, but you can't ask for implementation of that
05:23:22 [jezza]
jezza has joined #wpwg
05:23:32 [Ian]
Gerhard: I want to touch on 2 edges of the spectrum
05:23:48 [Ian]
...one things mentioned in SCA is secure display
05:24:04 [Ian]
...right now there are 2 levels: user presence, 2 factor
05:24:14 [jezza]
q-
05:24:15 [Ian]
...but there's missing a third level - secure display
05:24:31 [Ian]
...it would be great to combine "secure display" with getting biometric
05:24:54 [Ian]
JohnBradley: That's defined by the spec but supported in no browsers or authenticators...there's no support by browsers
05:25:14 [Ian]
...the counter-proposal would be to have something that is more generally deployable
05:25:22 [frank]
frank has joined #wpwg
05:25:26 [Ian]
...nothing in SCA says the secure display has to be part of the authenticator itself
05:25:36 [Ian]
...but I would argue if your browser is compromised you have bigger problems.
05:25:50 [Ian]
...so in WebAuthn we could have info from the payment handler signed as part of the client data
05:26:12 [Ian]
...I think we could meet SCA requirements across all browsers with existing authenticators...signing the payment handler output in client data
05:26:53 [Ian]
q?
05:26:55 [AdrianHB]
q?
05:27:03 [nicktr]
ack Gerhard
05:27:17 [florent]
florent has joined #wpwg
05:27:40 [Ian]
Gerhard: That is the open banking scenario; you may have registered 5 authenticators and the calling party (the "AISP") might have to reach out to all five, and all five might decide to do their token step-up and that would be a bad UX
05:27:47 [tomasz]
q?
05:27:48 [vkuntz]
vkuntz has joined #wpwg
05:27:58 [Ian]
...so any way to passively sign to give a lower risk indicator and defer step-up; that would be useful.
05:27:58 [vkuntz]
present+
05:28:13 [Ian]
JohnBradley: Silent signatures from relying parties raise the same fingerprinting concerns
05:28:48 [dezell]
dezell has joined #wpwg
05:28:57 [Ian]
Gerhard: I'd like to say "If I can prove who I am ..."
05:29:08 [Ian]
JohnBradley: Should be able to use cookie
05:29:20 [Ian]
...token binding comes to mind here
05:29:33 [Ian]
Tony: You could do something through cached credentials (somewhat how UAF does this today)
05:29:42 [Ian]
JohnBradley: It would be an interesting privacy discussion
05:29:43 [Ian]
q?
05:29:51 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:30:15 [Ian]
Gerhard: Many rules are based on risk assessments. If I can get more proof of who the person is, I can have less friction, and less abandonment.
05:30:50 [Ian]
JohnBradley: Token binding intended to fulfill that...but token binding is on hold as Google and MS work out issues.
05:31:20 [Ian]
JohnBradley: You can use token binding to ensure a cookie cannot be exfiltrated from browser.
05:31:58 [Ian]
Tony: I propose that we have a task force between our two WGs
05:32:06 [Ian]
...to ensure that we have the use cases and we do the flows
05:32:13 [Ian]
...and that can be brought back to the WG for discussion
05:32:37 [jezza]
jezza has joined #wpwg
05:32:50 [Ian]
NickTR: My use case builds on Gerhard's....you were describing account aggregation
05:33:02 [Ian]
..my vision of payment handlers in the credit transfer space is very similar
05:33:15 [Ian]
...imagine you have a payment handler that is aware of the user's different current accounts with different banks.
05:33:34 [Ian]
...in principle there's a use case where you authenticate once to the payment handler, and you don't have to re-authenticate for each bank account.
05:33:59 [Ian]
...if you read the primary legislation (PSD2), it's the bank's responsibility, but that could be delegated (to the payment handler)
05:34:14 [Ian]
...so the payment handler should be able to pass auth credentials to a bank without more user interaction
05:34:27 [Ian]
...nobody is going to use a flow with multiple authentications
05:34:34 [Ian]
...I'd love to dive into this use case (even if hard)
05:34:52 [Ian]
Jonathan: There is a distinction between "delegation" and "delegation." :)
05:35:16 [Ian]
...e.g., the bank could delegate to the merchant or payment handler who is the relying party
05:35:28 [Ian]
...but the second meaning of delegation is that the relying party IS the issuer
05:36:03 [Ian]
...so you registered with the issuer, and then in another context the bank says "I allow you to use my credentials"; that's a different form of delegation...the bank still owns the credentials, but they provide them to someone else who can return something to the bank
05:36:11 [Ian]
JohnBradley: We are considering the latter form of delegation
05:36:16 [Ian]
...the iframe could be invisible.
05:36:42 [Ian]
...you could do an invisible iframe to the bank and using post message and a protocol between merchant and bank for credentials
05:36:48 [Ian]
..that has some good privacy properties
05:36:52 [urata]
urata has joined #wpwg
05:37:09 [Ian]
...essentially if you allow the second model you enable correlated identifier that may be a backdoor tracking mechanism
05:37:22 [shu]
shu has joined #wpwg
05:37:27 [Ian]
...we want to figure out how to give equivalent functionality with privacy
05:37:35 [Ian]
NickTR: In my use case, nothing goes back to the merchant
05:37:47 [Ian]
JohnBradley: Replace merchant here with wallet provider; same issue
05:38:07 [Ian]
..if I had multiple merchants and multiple wallets and they all used the same credentials they could correlate.
05:38:15 [shu]
shu has joined #wpwg
05:38:37 [Ian]
AdrianHB: Raise your hand if you want to be part of the joint task force: Gerhard, NickTR, Jonathan
05:38:59 [shu]
shu has joined #wpwg
05:39:00 [bryanluo]
bryanluo has joined #wpwg
05:39:15 [Ian]
ACTION: Tony to convene a joint task force on payment use cases that involve Web Authentication
05:39:16 [trackbot]
Created ACTION-129 - Convene a joint task force on payment use cases that involve web authentication [on Tony England - due 2019-09-24].
05:39:20 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:40:03 [jezza]
jezza has joined #wpwg
05:40:28 [Ian]
Topic: Handling Payments
05:40:41 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:40:49 [jv]
jv has joined #wpwg
05:42:45 [jezza]
jezza has joined #wpwg
05:43:18 [jezza]
jezza has joined #wpwg
05:43:35 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
05:43:41 [jezza]
jezza has joined #wpwg
05:44:10 [rouslan]
q+100
05:44:17 [Ian]
AdrianHB: The context for my slides here come from a conversation yesterday where Marcos expressed concern that a lot was going into payment handlers that would make it harder for new implementations to catch up
05:44:20 [rouslan]
q- 100
05:44:22 [rouslan]
q+
05:44:29 [Ian]
ack nicktr
05:44:29 [Zakim]
nicktr, you wanted to talk about a delegation use case
05:44:36 [wonsuk]
wonsuk has joined #wpwg
05:45:30 [Ian]
AdrianHB: First observation is that Basic Card does not fit well with other things...in sheets there's a mix of payment handlers (wallets) and cards (instruments)
05:45:46 [Ian]
...but delegation of merchant-requested data to the payment handler changes the game
05:46:00 [Ian]
...payment handlers should be able to respond to the merchant's request
05:46:30 [Ian]
...this means that payment handlers end up doing everything done by the sheet
05:46:35 [Ian]
....so the question is: do we need the payment sheet?
05:46:42 [Ian]
q+
05:47:04 [Gerhard]
+q
05:47:12 [marcosc]
q+
05:47:18 [Ian]
AdrianHB: The sheet requires an extra click
05:47:42 [Ian]
...the payment sheet has been a blocker for implementation in some browsers
05:47:57 [Ciciley]
Ciciley has joined #wpwg
05:48:01 [Ciciley]
present+
05:48:03 [Ian]
...we've heard from all the browsers that implementing the payment sheet is outside their wheelhouse in terms of localization and because payments are not really the things of browser
05:48:28 [Ian]
...so what would it look like to ditch the shet?
05:48:40 [Ian]
...I found some examples of how the Share API works
05:48:59 [Ian]
-> https://web-share.glitch.me/
05:49:11 [Ian]
AdrianHB: When I hit "pay" I could get a list of payment handlers I could use
05:49:20 [Ian]
...we could have a number of optimizations like "skip-the-sheet"
05:49:43 [rouslan]
q?
05:49:52 [pranjal]
pranjal has joined #wpwg
05:49:56 [Ian]
Lawrence: How could a payment handler get in the list?
05:50:03 [Ian]
AdrianHB: Through registration via payment handler API
05:50:16 [Gerhard]
q-
05:51:17 [Ian]
AdrianHB: Instead of getting mix of instruments and wallets, you just see wallets
05:51:31 [jv]
jv has joined #wpwg
05:51:59 [Ian]
AdrianHB: Today the payment handler API has a registration flow. Service worker installed. This enables the browser to get a manifest and the browser can do just-in-time install
05:52:04 [Ian]
q?
05:52:17 [Ian]
AdrianHB: As Ian said, how it happens is platform-specific.
05:52:22 [Ian]
ack rouslan
05:52:56 [Ian]
Rouslan: Great idea. I think one comment rubbed me the wrong way - that payment handlers are becoming Frankenstein.
05:53:08 [Ian]
...the payment handler is just trying to bring all the options in PR API to Payment Handlers
05:53:42 [Ian]
...we are experimenting.
05:54:21 [Ian]
...overall as an idea that the sheet should go away...I think it could be strange for w3c to dictate UI...but I think it's an interesting idea.
05:54:37 [Ian]
ack marcosc
05:54:41 [jezza]
jezza has joined #wpwg
05:54:47 [Ian]
marcosc: I want to support what Rouslan said but wants to shift the perspective.
05:54:58 [Ian]
...PR API on its own and integration with native payment handlers makes a lot of sense
05:55:31 [Ian]
...but what was shown yesterday was that the handler modal was not suitable for some UI requirements.
05:55:38 [Ian]
...so it's becoming like an embedded iframe
05:55:50 [Ian]
...and Airbnb wants to enroll users, too
05:56:01 [Ian]
...so we end up with a component that can be co-opted to do a lot of things
05:56:24 [Ian]
...so let's not get rid of the sheet, but instead have a model browsing context that let's you do all these thins
05:56:30 [Ian]
...we just need a bi-directional channel
05:56:35 [Ian]
s/thins/things
05:57:04 [Ian]
AdrianHB: One of the things that came out of the discussion is that we've built a payments component that is using a lot of web features, but in a way that is only usable in those flows
05:57:18 [Ian]
...the modal window (of chrome) is special
05:57:37 [marcosc]
marcosc has joined #wpwg
05:57:42 [Ian]
...I think the modal window is a powerful feature for any cross-origin thing you want to do
05:57:46 [jv]
jv has joined #wpwg
05:58:52 [Ian]
AdrianHB: I think it's a valuable platform in general, and it makes the case for building blocks for payment handlers much stronger.
05:58:57 [Roy]
Roy has joined #wpwg
05:59:01 [Roy]
q+
05:59:06 [Ian]
...I'll call this the "modal dialog" feature
05:59:24 [marcosc]
"modal browsing context" - fight me
05:59:48 [Ian]
AdrianHB: You could not have popup abuse since only one at a time, and also you only get back to underlying context when you close it
05:59:49 [nicktr]
q+ to ask about security model. Does this rely still on the method manifest?
05:59:59 [Ian]
ack roy
06:00:17 [Ian]
roy: My main comment on that is, one value proposition of the payment sheet is that there's a level of trust
06:00:23 [marcosc]
q+
06:00:30 [Ian]
...I trust the browser vendors to do the right thing with that dialog.
06:00:37 [jezza]
jezza has joined #wpwg
06:00:40 [Ian]
ack nick
06:00:40 [Zakim]
nicktr, you wanted to ask about security model. Does this rely still on the method manifest?
06:00:50 [Masa_JCB]
Masa_JCB has joined #wpwg
06:01:01 [Ian]
nicktr: My question is similar - and payment handlers have a payment method manifest
06:01:18 [Ian]
marcosc: We are showing arbitrary content in something that people thing is secure, but it's not
06:01:44 [Ian]
...we won't present a trusted UI where there is arbitrary content.
06:01:55 [Ian]
q?
06:02:01 [Ian]
ack marcosc
06:02:19 [Ian]
q-
06:03:01 [Ian]
Action: AdrianHB to look into a modal dialog spec, organize testing of assumptions about dropping the sheet.
06:03:01 [trackbot]
Created ACTION-130 - Look into a modal dialog spec, organize testing of assumptions about dropping the sheet. [on Adrian Hope-Bailie - due 2019-09-24].
06:03:12 [Ian]
AdrianHB: Some other ideas: drop instruments, drop modifiers, drop OpenWindow
06:03:16 [marcosc]
Today, in order to do certain forms of authentication on the web we require either pop-ups, opening a new tab, a redirect, and so on... Payments introduced another UI component that affords OS-level payment integration (particularly for Apple Pay in Safari). When compared to native applications, most of these UI affordances lead to sub-optimal user experiences.
06:03:16 [marcosc]
To improve the situation, a common requirement appears to be:
06:03:16 [marcosc]
- a top-level browsing context that displays third party content.
06:03:17 [jezza]
jezza has joined #wpwg
06:03:17 [marcosc]
- it's modal.
06:03:19 [marcosc]
- it should be possible to position this browsing context at least relative to the top or bottom of the container window, and perhaps have the ability to visually expand the context (or let the user expand it) - and the ability to go fullscreen. The browsing context (not the opener) controls the dimensions.
06:03:21 [marcosc]
- the opener context needs to set the feature policy (e.g., allow web authn, camera access, credential management).
06:03:23 [marcosc]
- the opener context must a means to have by bi-directional communication channel (i.e., message ports or just post message).
06:03:25 [marcosc]
- the opener context must have the ability to close the browsing context.
06:03:27 [marcosc]
- an ability to indicate the kind of service that's needed (e.g., "payment", "authentication", "share", "mixed?")
06:03:29 [marcosc]
- An ability to open a pop-up (normal pop-up rules apply) - but associated with the browsing context... basically a less crappy tab experience on mobile.
06:03:34 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
06:03:45 [Ian]
[Break]
06:04:22 [mweksler]
mweksler has joined #wpwg
06:07:56 [jv]
jv has joined #wpwg
06:08:38 [bryanluo]
bryanluo has joined #wpwg
06:10:21 [jv_]
jv_ has joined #wpwg
06:11:38 [jezza]
jezza has joined #wpwg
06:12:02 [Ian]
[We note for the minutes that Tomasz is also interested in the Joint task force with WebAuthn]
06:12:10 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
06:14:54 [jezza]
jezza has joined #wpwg
06:21:09 [jv]
jv has joined #wpwg
06:23:58 [AdrianHB]
AdrianHB has joined #wpwg
06:27:50 [jessie]
jessie has joined #wpwg
06:28:12 [bryanluo]
bryanluo has joined #wpwg
06:29:58 [dave2037]
dave2037 has joined #wpwg
06:31:14 [jezza]
jezza has joined #wpwg
06:32:03 [dave2037]
dave2037 has joined #wpwg
06:34:05 [alex_liu]
alex_liu has joined #wpwg
06:36:28 [pranjal]
pranjal has joined #wpwg
06:38:04 [Ian]
Topic: Housekeeping
06:38:22 [jezza]
jezza has joined #wpwg
06:38:35 [pranjal_]
pranjal_ has joined #wpwg
06:38:43 [norie]
norie has joined #wpwg
06:39:11 [benoit]
benoit has joined #wpwg
06:40:30 [Ian]
Ian: With chairs we need to review the dense minutes
06:40:42 [takashi]
takashi has joined #wpwg
06:40:45 [Ian]
...I assume we will recharter so next meeting discussion assumes that
06:40:58 [Ian]
NickTR: Remember when we recharter - your AC reps need to step up to say Please Recharter!
06:41:09 [bryanluo]
bryanluo has joined #wpwg
06:41:24 [jezza]
jezza has joined #wpwg
06:41:44 [Ian]
Alex: Airbnb could host the next meeting, e.g., in Dublin or Paris
06:41:56 [Ian]
NickTR: +1 to Dublin
06:42:44 [Gerhard]
Gerhard has joined #wpwg
06:42:50 [Ian]
Action: NIckTR to investigate next FTF meeting options with Ian and Adrian
06:42:51 [trackbot]
Created ACTION-131 - Investigate next ftf meeting options with ian and adrian [on Nick Telford-Reed - due 2019-09-24].
06:42:57 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
06:43:13 [jezza]
jezza has joined #wpwg
06:43:22 [Ian]
Ian: Minutes available next week
06:43:26 [Ian]
NickTR: Do people read minutes?
06:43:32 [Ian]
[Several people say yes]
06:44:47 [rouslan]
q+
06:45:00 [Ian]
NickTR: As Chair it's good to understand what improvements you think we could make in running the group. E.g., who needs to be part of the discussion? We heard yesterday: PayPal, Alipay, WeChatPay
06:45:04 [Ian]
...so we'll work on that.
06:45:08 [Ian]
ack rouslan
06:45:56 [Ian]
Rouslan: I think once useful thing at each TPAC is to give a clearer picture of where we are with deployment. So I think some framing would be useful.
06:46:32 [Ian]
NickTR: Maybe we need to start main meeting at 10:00am on day one, and have a crash course before that.
06:46:49 [Ian]
Gerhard: Or do a video
06:47:10 [Ian]
https://github.com/w3c/payment-request/wiki
06:48:47 [nicktr]
q?
06:48:47 [Masa]
Masa has joined #wpwg
06:48:49 [Ian]
https://github.com/w3c/payment-request-info/wiki/FAQ
06:49:05 [Ian]
https://github.com/w3c/payment-request-info/wiki/Introductions
06:49:17 [jv]
Invite UPI from india, and OpenBanking UK we need to get more wallets, perhaps from Nordics where they are quite big too. Then south america, berletto?
06:49:18 [pranjal]
pranjal has joined #wpwg
06:49:52 [jv]
(boleto)
06:50:30 [Ian]
q?
06:50:45 [justin_toupin]
justin_toupin has joined #wpwg
06:51:03 [alex_liu]
alex_liu has joined #wpwg
06:51:03 [benoit]
q+ for consumer involvement?
06:52:32 [justin_toupin]
q+ Some of the authentication conversations would have had more impact if we had drawn out the key use-cases for authentication that we are trying to address / improve
06:52:45 [Ian]
IJ: Another idea is a merchant business group.
06:52:48 [Ian]
+1 from Frank
06:53:03 [Ian]
NickTR: Jeff Jaffe also mentioned a series of meetups (with merchants)
06:53:28 [Ian]
...could do them around other events like MRC
06:54:24 [urata]
urata has joined #wpwg
06:54:26 [Ian]
Vishal: Another conf is Payments Ed
06:54:46 [Ian]
David: Have we done anything about consumer involvement (e.g., for the UX)?
06:56:03 [rouslan]
q+
06:56:04 [pranjal_]
pranjal_ has joined #wpwg
06:56:44 [Ian]
Ian: Implementers do user testing. But we could have a big show-off-a-thon with lots of users and multiple browser vendors to get feedabck
06:57:05 [Ian]
ack Rous
06:57:50 [Ian]
rouslan: Perhaps what we are looking for is a user experience expert. Some people in the room have user experience experience. But we could bring UX experts (e.g., from Google) into a meeting to speak about how they think about those things
06:58:05 [Ian]
Justin: I generally agree with Ian that browser vendors and other implementers are on the front line of UX
06:58:21 [vishal]
vishal has joined #wpwg
06:58:24 [Ian]
...I think it could be useful to have them before the group here to point out how difficult it is.
06:58:43 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
06:59:08 [vishal]
+q do you use applause for anonymous user testing? that could be a good idea to continuously test user experiences without the UX experts in the group
06:59:15 [norie]
norie has joined #wpwg
06:59:17 [Ian]
NickTR: We are facing a problem standards efforts share: companies need things to work together but also want to maintain some advantage
06:59:22 [Ian]
ack Vishal
06:59:33 [Ian]
ack ben
06:59:33 [Zakim]
benoit, you wanted to discuss consumer involvement?
06:59:47 [Ian]
Vishal: We user Applause for anonymous user testing.
07:00:30 [Ian]
Alex: We use applause as well
07:01:51 [Ian]
Action: Jeremy to see whether Stripe could provide any data about PR API
07:01:51 [trackbot]
Error finding 'Jeremy'. You can review and register nicknames at <https://www.w3.org/Payments/WG/track/users>.
07:01:58 [Fawad_N]
Fawad_N has joined #wpwg
07:02:05 [jezza]
jezza has joined #wpwg
07:02:17 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:02:23 [Ian]
[Adjourned]
07:02:26 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:03:55 [Ian]
https://w3c.github.io/tpac-breakouts/sessions.html
07:06:30 [marcosc]
marcosc has joined #wpwg
07:07:32 [alex_liu]
alex_liu has joined #wpwg
07:07:55 [Ian]
rrsagent, make minutes
07:07:55 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
07:07:59 [Ian]
rrsagent, bye
07:07:59 [RRSAgent]
I see 6 open action items saved in https://www.w3.org/2019/09/16-wpwg-actions.rdf :
07:07:59 [RRSAgent]
ACTION: Justin to check internally at Google about what can be shared [1]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-22-00
07:07:59 [RRSAgent]
ACTION: Ian to work with Justin and Google on writing up payment handler benefits [2]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-37-24
07:07:59 [RRSAgent]
ACTION: Tony to convene a joint task force on payment use cases that involve Web Authentication [3]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T05-39-15
07:07:59 [RRSAgent]
ACTION: AdrianHB to look into a modal dialog spec, organize testing of assumptions about dropping the sheet. [4]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T06-03-01
07:07:59 [RRSAgent]
ACTION: NIckTR to investigate next FTF meeting options with Ian and Adrian [5]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T06-42-50
07:07:59 [RRSAgent]
ACTION: Jeremy to see whether Stripe could provide any data about PR API [6]
07:07:59 [RRSAgent]
recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-01-51
07:08:04 [alex_liu]
alex_liu has joined #wpwg
07:08:07 [Ian]
zakim, bye
07:08:07 [Zakim]
Zakim has left #wpwg
07:08:09 [Zakim]
leaving. As of this point the attendees have been vkuntz, jfontana, Ciciley, Fawad, nicktr, Ian, krystosterone, gildas, alex_liu, benoit, mweksler, jezza, Sophie, frank, heejin,
07:08:09 [Zakim]
... dave, Roy, jungkees, Vishal-Expedia, agektmr, Cheryl_M, cwarnier, jonathan, justin_toupin, rouslan, Giulio, tomasz, florent, wanli, dezell, bryanluo, sakiko, estes, JV,
07:08:09 [Zakim]
... AdrianHB, dongwoo, Wonsuk_Lee, html5cat, Gerhard, tobie