IRC log of wpwg on 2019-09-15
Timestamps are in UTC.
- 23:30:34 [RRSAgent]
- RRSAgent has joined #wpwg
- 23:30:34 [RRSAgent]
- logging to https://www.w3.org/2019/09/15-wpwg-irc
- 23:30:35 [Zakim]
- Zakim has joined #wpwg
- 23:30:50 [Ian]
- rrsagent, this meeting spans midnight
- 23:30:56 [Ian]
- Meeting: Web Payments Working Group
- 23:31:00 [Ian]
- Chair: NickTR
- 23:31:02 [wanli_]
- wanli_ has joined #wpwg
- 23:31:02 [Ian]
- Scribe: Ian
- 23:31:07 [Ian]
- Agenda: https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909
- 23:31:28 [mweksler]
- mweksler has joined #wpwg
- 23:32:09 [mweksler]
- mweksler has left #wpwg
- 23:32:13 [mweksler]
- mweksler has joined #wpwg
- 23:36:33 [Sophie]
- Sophie has joined #wpwg
- 23:39:02 [marcosc]
- marcosc has joined #wpwg
- 23:45:00 [mweksler]
- mweksler has joined #wpwg
- 23:45:03 [rouslan]
- rouslan has joined #wpwg
- 23:45:42 [norie]
- norie has joined #wpwg
- 23:45:54 [justin_toupin]
- justin_toupin has joined #wpwg
- 23:46:10 [Ciciley]
- Ciciley has joined #wpwg
- 23:46:29 [Ciciley]
- Hello!
- 23:46:49 [Ciciley]
- Present +
- 23:46:56 [Ciciley]
- Present+
- 23:47:13 [Ian]
- zakim, who's here?
- 23:47:13 [Zakim]
- Present: Ciciley
- 23:47:15 [Zakim]
- On IRC I see Ciciley, justin_toupin, norie, rouslan, mweksler, Sophie, wanli_, Zakim, RRSAgent, wonsuk, masa-JCB, canton_, pea13, falken, Travis, dlehn, dlongley, rbyers, yoav,
- 23:47:15 [Zakim]
- ... hober, nicktr, mkwst, jungkees, danyao, jeffh, slightlyoff, JakeA, Ian, trackbot
- 23:47:15 [Ian]
- present+
- 23:47:24 [alex_liu]
- alex_liu has joined #wpwg
- 23:47:30 [takashi]
- takashi has joined #wpwg
- 23:47:57 [mweksler]
- present+
- 23:48:00 [wanli_]
- present+
- 23:48:48 [nicktr]
- present+
- 23:49:11 [sahel]
- sahel has joined #WPWG
- 23:49:13 [rouslan]
- present+
- 23:49:43 [jonathan]
- jonathan has joined #wpwg
- 23:49:54 [florent]
- florent has joined #wpwg
- 23:50:06 [alex_liu]
- alex_liu has joined #wpwg
- 23:51:42 [agektmr]
- agektmr has joined #wpwg
- 23:51:44 [tomasz]
- tomasz has joined #wpwg
- 23:51:59 [Roy_]
- Roy_ has joined #wpwg
- 23:55:44 [helloworld]
- helloworld has joined #wpwg
- 23:56:24 [frank]
- frank has joined #wpwg
- 23:57:29 [marcosc]
- marcosc has joined #wpwg
- 23:59:32 [alex_liu]
- present+
- 00:00:21 [jfontana]
- jfontana has joined #wpwg
- 00:02:26 [helloworld]
- helloworld has joined #wpwg
- 00:02:47 [vkuntz]
- vkuntz has joined #wpwg
- 00:03:06 [vkuntz]
- present+
- 00:03:20 [jezza]
- jezza has joined #wpwg
- 00:04:52 [gildas]
- gildas has joined #wpwg
- 00:05:07 [florent]
- present+
- 00:05:11 [gildas]
- present+
- 00:05:35 [wonsuk]
- present+ Wonsuk_Lee
- 00:06:15 [krystosterone]
- krystosterone has joined #wpwg
- 00:06:46 [frank]
- present+
- 00:06:48 [tomasz]
- present+
- 00:06:49 [Roy_]
- present+
- 00:06:50 [Sophie]
- present+
- 00:06:50 [jonathan]
- present+
- 00:06:50 [krystosterone]
- present+
- 00:06:52 [justin_toupin]
- present+
- 00:06:54 [jfontana]
- present+
- 00:06:55 [cwarnier_]
- cwarnier_ has joined #wpwg
- 00:06:56 [sahel]
- present+
- 00:07:02 [benoit]
- benoit has joined #wpwg
- 00:07:05 [benoit]
- present+
- 00:07:06 [Ian]
- present+ Tony_Nadalin
- 00:07:13 [agektmr]
- present+
- 00:07:30 [marcosc]
- present+
- 00:07:30 [Giulio]
- Giulio has joined #wpwg
- 00:07:36 [Giulio]
- present+
- 00:07:37 [cwarnier_]
- present+
- 00:07:42 [AdrianHB]
- AdrianHB has joined #wpwg
- 00:07:44 [Gerhard]
- Gerhard has joined #wpwg
- 00:07:47 [Gerhard]
- present+
- 00:07:49 [html5cat]
- html5cat has joined #wpwg
- 00:08:20 [AdrianHB]
- present+
- 00:08:22 [html5cat]
- present+
- 00:08:36 [jv]
- jv has joined #wpwg
- 00:09:07 [Ian]
- present+ Bryan_Luo
- 00:09:28 [jv]
- present+ Jonathan_Vokes
- 00:09:39 [dwim]
- dwim has joined #wpwg
- 00:09:47 [tung]
- tung has joined #wpwg
- 00:09:55 [dwim]
- present +
- 00:10:30 [cwarnier__]
- cwarnier__ has joined #wpwg
- 00:10:56 [heejin]
- heejin has joined #wpwg
- 00:11:13 [jezza]
- present+
- 00:11:44 [heejin]
- present+
- 00:11:52 [sakiko]
- sakiko has joined #wpwg
- 00:12:09 [krystosterone_]
- krystosterone_ has joined #wpwg
- 00:12:14 [sakiko]
- present+
- 00:12:31 [Wu_yaohua]
- Wu_yaohua has joined #wpwg
- 00:12:57 [Ian]
- Topic: Introductions
- 00:13:28 [Ian]
- NickTR: Welcome to the meeting! It is your meeting; let Adrian and Ian and me know if you have priorities we are not addressing.
- 00:13:53 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 00:14:17 [Ian]
- NickTR: Meeting proceedings are public
- 00:14:24 [marcosc]
- nicktr: unlike other organizations
- 00:15:08 [Ian]
- -> https://www.w3.org/2008/04/scribe.html IRC how to
- 00:15:09 [rouslan]
- q+
- 00:15:09 [marcosc]
- q+
- 00:15:13 [Ian]
- q?
- 00:15:15 [AdrianHB]
- ack rouslan
- 00:15:20 [AdrianHB]
- ack marcos
- 00:15:29 [Ian]
- (Nick show us some IRC command magic)
- 00:15:32 [frank]
- frank has joined #wpwg
- 00:16:06 [Ian]
- present+ Jalpesh_Chitalia(Remote)
- 00:16:07 [Fawad]
- Fawad has joined #wpwg
- 00:17:40 [jv]
- jv has joined #wpwg
- 00:17:41 [Ian]
- [Nick reviews the agenda]
- 00:17:46 [Ian]
- -> https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909 Agenda
- 00:18:59 [L2WD02]
- L2WD02 has joined #wpwg
- 00:19:02 [vkuntz_]
- vkuntz_ has joined #wpwg
- 00:19:15 [vkuntz_]
- present+
- 00:19:31 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 00:20:55 [Ian]
- present+ Andy_Estes(RemoteA)
- 00:23:17 [Ian]
- present+ Vishal_Mehta
- 00:23:39 [Fawad]
- Fawad has joined #wpwg
- 00:23:50 [Ian]
- Topic: Meeting Objectives
- 00:23:55 [Fawad]
- present +
- 00:24:16 [Ian]
- ---
- 00:24:17 [Ian]
- Remove any blockers to moving Payment Request forward in publication process
- 00:24:17 [Ian]
- Explore enablers for wider engagement of community with Payment Handler
- 00:24:17 [Ian]
- Hear about developments in new payment methods
- 00:24:17 [Ian]
- Agree priorities for future work and re-chartering
- 00:24:19 [Ian]
- Continue to develop our web payment community
- 00:24:20 [Ian]
- ---
- 00:24:39 [Ian]
- NickTR: A big value of these meetings is the conversations that happen outside the room
- 00:24:56 [Ian]
- ..these relationships sustain us when we are not all in the same room
- 00:25:02 [frank]
- frank has joined #wpwg
- 00:25:22 [Ian]
- ..happy memories of reindeer and snowfall and the morning light over the fen.
- 00:26:18 [Ian]
- ...if we can walk away Tuesday knowing how we will complete PR API, PMI published, that will be very valuable
- 00:26:24 [bryanluo]
- bryanluo has joined #wpwg
- 00:26:35 [Ian]
- ...payment handlers is another important topic - but not as broadly implemented as we'd like
- 00:26:41 [maxh]
- maxh has joined #wpwg
- 00:26:43 [Ian]
- ...so we need to understand more of what we need to be doing.
- 00:26:57 [Ian]
- ..and then for payment methods I'm interested in hearing about SRC, payments in Asia, Web monetization
- 00:27:10 [estes]
- estes has joined #wpwg
- 00:27:31 [estes]
- present+
- 00:27:35 [bryanluo]
- present+
- 00:28:55 [jezza]
- jezza has joined #wpwg
- 00:29:07 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 00:29:59 [bryanluo]
- bryanluo has joined #wpwg
- 00:30:40 [Ian]
- present+ Jeremy_Wagemans
- 00:32:08 [Ian]
- Topic: Payment Request API 1.0 Status Update
- 00:32:17 [Ian]
- [We start with updates from the Chrome Team]
- 00:33:19 [Ian]
- Rouslan: The remaining Chrome issue wrt Payment Request is actually related to Feature Policy implementation, so we are working with them on it
- 00:33:29 [Ian]
- ...we estimate a fix in Chrome 80
- 00:33:45 [Ian]
- ...(current version of Chrome is 77(
- 00:34:59 [Ian]
- ...thanks to Jinho!
- 00:35:11 [Ian]
- [We see a demo of the new retry functionality]
- 00:35:16 [jv]
- jv has joined #wpwg
- 00:35:35 [Ian]
- ...the demo shows the merchant calling retry with an error message customized by the merchant
- 00:37:10 [html5cat]
- html5cat has joined #wpwg
- 00:37:39 [AdrianHB]
- ian: [talk through slides]
- 00:38:10 [jezza]
- jezza has joined #wpwg
- 00:38:21 [AdrianHB]
- ... features: identified in 2018, stable since CR (April 2019)
- 00:39:46 [html5cat_]
- html5cat_ has joined #wpwg
- 00:40:38 [AdrianHB]
- ... [ talk through tests]
- 00:40:59 [AdrianHB]
- ... some small fixes required to get us to CR for frozen feature set
- 00:42:29 [AdrianHB]
- ... proposal to address objection from Sam Weiler (W3C Staff) is to replace boolean request for data with requests for specific details of user data
- 00:42:59 [AdrianHB]
- ... Sam is happy with proposal but not fully implemented in browsers
- 00:43:16 [AdrianHB]
- ... and WG has no implementation experience
- 00:45:00 [AdrianHB]
- rouslan: we suggest this goes into 1.1 as we are already implementing it (i.e. spec version odesn't affect our work as a browser) but it shouldn't hold up having a solid spec (1.0) that has gone to CR
- 00:45:27 [estes]
- Ian: can I type instead?
- 00:45:42 [Ian]
- yes
- 00:46:32 [heejin]
- heejin has joined #wpwg
- 00:46:56 [AdrianHB]
- ian: people can deploy PR API today. There is no need to wait for CR but we need to know if there are members of the community that won't proceed unless the spec is finalized
- 00:47:03 [gildas]
- gildas has joined #wpwg
- 00:47:14 [Dongwoo]
- Dongwoo has joined #wpwg
- 00:47:24 [AdrianHB]
- nicktr: my sense is that getting to CR is a confidence signal
- 00:48:05 [estes]
- Ian: I think the existing requestShipping API with redaction rules is suitable for 1.0. Apple's implementation experience with that type of API is years long and I believe we're comfortable with its privacy characteristics. I'm comfortable with waiting for 1.1 or later for the improved address API.
- 00:48:43 [AdrianHB]
- ian: options for proceeding...
- 00:48:54 [AdrianHB]
- ... finish 1.0 with no mention of this feature
- 00:49:05 [heejin_]
- heejin_ has joined #wpwg
- 00:49:14 [AdrianHB]
- ... finish 1.0 with a mention of the feature as optional
- 00:49:24 [AdrianHB]
- ... include the feature in 1.0
- 00:49:28 [mweksler]
- +1 on finishing 1.0 without the feature and marking it as optional
- 00:49:36 [sakiko]
- sakiko has joined #wpwg
- 00:49:48 [Ian]
- 1) Finish 1.0 with no mention of feature
- 00:49:50 [sakiko]
- present+
- 00:49:53 [Ian]
- 2) Finish 1.0 with features optional
- 00:50:06 [Ian]
- 3) Wait for new feature before finalizing 1.0
- 00:50:09 [gildas_]
- gildas_ has joined #wpwg
- 00:50:29 [Ian]
- Where the feature is defined in this pull request: https://github.com/w3c/payment-request/pull/873#issuecomment-506864905
- 00:51:12 [marcosc]
- q+
- 00:51:13 [AdrianHB]
- ian: there has been a request to apply this to billing address too
- 00:51:15 [rouslan]
- Option 1, please
- 00:51:38 [AdrianHB]
- +1 for option 1
- 00:51:44 [mweksler]
- +1 on options number 2
- 00:51:56 [wanli_]
- +1 for option 2
- 00:52:25 [estes]
- I agree marcosc
- 00:52:38 [estes]
- I think the WebKit impl of this would not change the Apple Pay payment handler
- 00:52:44 [AdrianHB]
- marcos: browser could apply redaction to data even if payment handler provides full address
- 00:53:30 [Giulio]
- q+
- 00:53:38 [Ian]
- ack mar
- 00:53:41 [AdrianHB]
- ian: the data is in the payment method data
- 00:53:43 [Ian]
- ack giu
- 00:53:45 [benoit]
- q/=
- 00:53:49 [benoit]
- q+
- 00:54:07 [AdrianHB]
- rouslan: it is payment method specific (billing address)
- 00:54:41 [AdrianHB]
- giulio: can we add the feature as optional?
- 00:54:45 [AdrianHB]
- ian: that is option 2
- 00:54:49 [estes]
- +1 for option 1
- 00:55:08 [krystosterone]
- +1 for option 1
- 00:55:10 [jv]
- How long is adding the feature going to delay the spec, months or years?
- 00:55:11 [Ciciley]
- Option 2
- 00:55:18 [benoit]
- q+ ... again
- 00:55:32 [AdrianHB]
- ian: we will still support both features for merchants
- 00:55:37 [marcosc]
- q+
- 00:55:38 [Fawad]
- Fawad has joined #wpwg
- 00:55:41 [Ian]
- ack ben
- 00:55:46 [AdrianHB]
- ... chrome team suggest adding the feature will take 8 months
- 00:56:03 [Ian]
- benoit: I would opt for the option that does not delay the Rec stamp
- 00:56:14 [Ian]
- ...I would also like to see this feature for billing address as well
- 00:56:26 [Ian]
- ...billing is only needed to facilitate payment
- 00:56:27 [Ian]
- ack mar
- 00:56:33 [Ian]
- queue==
- 00:56:41 [Ian]
- Marcos: Let's break out on this topic!
- 00:56:48 [tomasz]
- +1
- 00:57:14 [Roy_]
- +1 for option 2
- 00:57:23 [Ian]
- show of hands for option 1: 9
- 00:57:43 [Ian]
- show of hands for option 2: 14
- 00:57:55 [Ian]
- show of hands for option 3 (in v1): 0
- 00:58:03 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 00:58:29 [Ian]
- scribe: Ian
- 00:58:34 [Ian]
- Topic: Payment Handlers
- 00:58:44 [Ian]
- [Justin Toupin from Google presenting]
- 00:58:52 [nicktr]
- q?
- 00:59:29 [Ian]
- [Reminder of what a payment handler is]
- 01:00:44 [Ian]
- Justin: Value proposition is we believe that there will be higher completion rates due to trust
- 01:00:54 [Ian]
- ...we also think there are better properties for connectivity
- 01:01:09 [Ian]
- ...we also think there is lower implementation effort for a payment handler for than other approaches
- 01:01:18 [Ian]
- ...we also think it will help improve reliability
- 01:01:27 [tobie]
- tobie has joined #wpwg
- 01:01:29 [Ian]
- ...we also think that this approach will improve payment security.
- 01:01:34 [Ian]
- ..the origin of the payment handler is visible
- 01:01:38 [Ian]
- ...help reduce phishing risks
- 01:01:53 [nicktr]
- q?
- 01:01:55 [Ian]
- Justin: We continue to invest in the improvement of payment handlers:
- 01:02:01 [Ian]
- - Respond to change events
- 01:02:17 [Ian]
- - Full delegation of requests for contact, shipping info to payment handlers (instead of browser-stored data)
- 01:02:26 [Ian]
- ...many payment handler providers see themselves as full identity providers
- 01:02:49 [Ian]
- - Improved ergonomics...we've heard from a number of people and have improved tooling
- 01:03:06 [Ian]
- - Additional UI options ... people wanted more flexibility to developers
- 01:03:17 [Fawad]
- Fawad has joined #wpwg
- 01:03:34 [Ian]
- Demo: Payment handler can get updated total from merchant based, on, e.g., changes in billing address
- 01:04:55 [nicktr]
- q?
- 01:05:33 [jezza]
- jezza has joined #wpwg
- 01:05:46 [Ian]
- gerhard: I'm following in the specs. In the payment handler spec is this defined?
- 01:06:21 [Ian]
- Rouslan: The event is part of payment request (paymentmethodchange event)
- 01:07:09 [marcosc]
- https://w3c.github.io/payment-request/#paymentmethodchangeevent-interface
- 01:08:36 [Ian]
- AdrianHB: You can see that the paymentMethodChangeEvent only tells you method name and "method details" blob
- 01:09:05 [nicktr]
- q?
- 01:09:06 [Ian]
- ...the question is whether we want the billing address to be a standard model...that might let us simplify the topic of removing pieces of billing address
- 01:09:31 [Ian]
- [Just in time install]
- 01:10:05 [jezza]
- jezza has joined #wpwg
- 01:10:18 [Ian]
- Rouslan: We now make just-in-time payment handler installation in more cases.
- 01:10:52 [Ian]
- ...so if the merchant accepts A and B and the user has a payment handler for A, chrome will now show B for just-in-time installation
- 01:11:03 [Ian]
- [Payment handler event logging]
- 01:11:31 [Ian]
- Rouslan: We have heard payment handler developers say that developing the handler can be confusing, so we have built a tool to help developer handlers
- 01:11:41 [Ian]
- ...some improvements include more verbose messaging
- 01:12:15 [urata]
- urata has joined #wpwg
- 01:12:25 [AdrianHB]
- q?
- 01:12:45 [Ian]
- ...we now put messages in the console while testing
- 01:13:02 [Ian]
- ...and when deployed, they can be collected on the server side and analyzed
- 01:13:18 [Ian]
- ..what we are seeing on the screen is the ability to see the events fired in the payment handler and see what happens
- 01:13:30 [vkuntz]
- vkuntz has joined #wpwg
- 01:13:43 [vkuntz]
- present+
- 01:14:10 [nicktr]
- q?
- 01:14:53 [Ian]
- [Delegation of requests for contact, shipping to payment handlers]
- 01:15:07 [Ian]
- [Sahel shows a proof of concept]
- 01:15:27 [Ian]
- See also the -> https://github.com/sahel-sh/shipping-contact-delegation/blob/master/Explainer.md Explainer from Sahel
- 01:15:53 [nicktr]
- q?
- 01:16:04 [Ian]
- ...we think that this will reduce checkout times due to skipping the sheet
- 01:16:18 [Ian]
- ...we propose that at registration time, the handler tells the browser what the handler can handle
- 01:16:52 [Fawad]
- Fawad has joined #wpwg
- 01:17:27 [Ian]
- ...if the payment handler can handle a request, we don't show the request in the sheet (and that is true for each type of data: address, contact)
- 01:18:00 [Ian]
- Justin: If the payment handler claims to be able to supply data, the expectation is that the payment handler will do so.
- 01:18:19 [jezza]
- jezza has joined #wpwg
- 01:18:26 [Ian]
- Sehal: Today we are doing partial delegation; another option is "all or nothing"
- 01:18:34 [tomasz]
- +q
- 01:18:41 [Ian]
- AdrianHB: You want to be sure the browser does not give data to the payment handler
- 01:18:42 [Ian]
- Justin: That's correct
- 01:19:03 [Ian]
- Sehal: Today the merchant has said what they want. They don't make any change to their call. It's just who handles it that changes.
- 01:19:20 [Ian]
- Tomasz:These are the payment options. (Our demo does not show billing address)
- 01:20:59 [AdrianHB]
- q?
- 01:21:01 [nicktr]
- ack
- 01:21:08 [nicktr]
- ack tomasz
- 01:21:12 [Ian]
- IJ: Payment handler API does not yet show passing these booleans to the payment handler; that is todo
- 01:21:28 [Ian]
- Sehal: What Chrome proposes is new APIs for change shipping address/options
- 01:21:46 [Ian]
- ...and notifying the merchant of changes so the merchant can update the total
- 01:22:17 [Ian]
- [More UX improvements in the payment handler implementation in Chrome]
- 01:22:35 [Ian]
- Rouslan: We have heard that people want a more native like user experience
- 01:23:21 [Ian]
- ...in first implementation payment handler screen was 70% of height of window
- 01:23:26 [jezza]
- jezza has joined #wpwg
- 01:23:38 [Ian]
- ...that is fixed and was creating some problems for payment handlers requiring more space
- 01:23:44 [bryanluo]
- bryanluo has joined #wpwg
- 01:23:52 [Ian]
- ...so we are experimenting with enabling payment handler UI to expand to the top of the screen
- 01:24:22 [Ian]
- Justin: The use case is payment sheets with long scroll bar...that would trigger automatic expansion in height
- 01:24:41 [Ian]
- AdrianHB: Does this change the spec?
- 01:24:52 [Ian]
- Justin: No. I'd like to hear from payment handler developers
- 01:25:17 [Ian]
- (7-ish payment handler developers in the room)
- 01:25:25 [Ian]
- NickTR: Why not more?? :)
- 01:26:17 [Ian]
- Rouslan: Some payment handler developers want the browser to handle some of the UI (e.g., list credit cards, authenticate the user)
- 01:26:24 [Ian]
- ...one thing that we are thinking about is "minimal UI flow"
- 01:27:05 [Ian]
- ...in some circumstances, some payment handlers could say "I would like to handle only name, total, account balance"
- 01:27:44 [nicktr]
- q?
- 01:28:08 [Ian]
- ....in this demo, user just initially sees a prompt to authenticate
- 01:28:15 [Ian]
- ..user can pull payment handler window up to see more
- 01:29:09 [Ian]
- ...we are thinking about various constraints.
- 01:29:30 [Ian]
- ...e.g., during registration there may be some sort of negotiation of when to show the minimal UI
- 01:29:44 [nicktr]
- q?
- 01:30:00 [Ian]
- ...one other thing is that if this UI is enabled, the payment handler would not be able to show other UX
- 01:30:26 [Ian]
- Justin: We have been exploring the range of complexity of payment handler UX
- 01:31:03 [Ian]
- Gerhard: These are great. One of the ones that we'd been looking for is to flip into a bank app, interact with the bank app, and then flip back
- 01:31:11 [Ian]
- Roiuslan: We have heard that use case. I Think we can use that today
- 01:31:18 [Ian]
- ..the bank app would alter their payment method manifest a bit
- 01:31:43 [Ian]
- ...and if the merchant calls PR API with the information that matches the banking app, then chrome will validate the app, flip into it, and then flip back to the merchant
- 01:31:49 [Ian]
- ...this is how Google pay works today in India
- 01:32:00 [Ian]
- ...Anders Rundgren has built a demo of this
- 01:32:11 [jezza]
- jezza has joined #wpwg
- 01:32:30 [Ian]
- IJ: Why did you call this Native as opposed to "Minimal"
- 01:32:45 [Ian]
- Justin: I agree "minimal" is probably a better description
- 01:33:19 [Ian]
- Ian: For the breakout: how payment handlers specify what they want.
- 01:33:44 [Ian]
- Justin some questions for discussion in the breakouts:
- 01:33:50 [Ian]
- - What do we need to do to make payment handlers successful?
- 01:33:58 [Ian]
- - What needs to be part of the payment handler API?
- 01:34:06 [Ian]
- - What parts of UX are exciting to people?
- 01:34:35 [jezza]
- jezza has joined #wpwg
- 01:34:56 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 01:35:10 [Ian]
- Ian: Another big topic for breakout session - how to get more payment handler support
- 01:36:18 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 01:43:20 [estes]
- estes has joined #wpwg
- 01:46:04 [Roy]
- Roy has joined #wpwg
- 01:51:30 [Vishal]
- Vishal has joined #wpwg
- 01:51:34 [bryanluo]
- bryanluo has joined #wpwg
- 01:52:15 [bryanluo]
- bryanluo has joined #wpwg
- 01:55:56 [jezza]
- jezza has joined #wpwg
- 01:58:00 [frank]
- frank has joined #wpwg
- 01:59:19 [jonathan]
- jonathan has joined #wpwg
- 01:59:26 [alex_liu]
- alex_liu has joined #wpwg
- 02:03:33 [rouslan]
- rouslan has joined #wpwg
- 02:04:41 [AdrianHB]
- AdrianHB has joined #wpwg
- 02:05:30 [jezza]
- jezza has joined #wpwg
- 02:05:53 [Ian]
- [End of break]
- 02:05:59 [marcosc]
- marcosc has joined #wpwg
- 02:06:41 [Ian]
- Topic: Card Payment Security
- 02:07:45 [nicktr]
- scribenick: nicktr
- 02:07:57 [bryanluo]
- bryanluo has joined #wpwg
- 02:08:01 [jalpesh]
- jalpesh has joined #wpwg
- 02:08:04 [Gerhard]
- Gerhard has joined #wpwg
- 02:08:07 [tobie]
- Present+
- 02:08:10 [jv]
- jv has joined #wpwg
- 02:08:14 [nicktr]
- Ian: welcome back. Can new joiners please identify themselves on irc with present+
- 02:08:19 [Vishal-Expedia]
- Vishal-Expedia has joined #wpwg
- 02:08:19 [jv]
- present+
- 02:08:24 [jalpesh]
- present+
- 02:08:30 [jezza]
- jezza has joined #wpwg
- 02:08:47 [nicktr]
- Topic: Security Task Force
- 02:08:50 [lgombos]
- lgombos has joined #wpwg
- 02:09:10 [masa-jcb]
- masa-jcb has joined #wpwg
- 02:09:31 [lgombos]
- Present+ Laszlo_Gombos
- 02:09:34 [nicktr]
- Ian: We had hoped to have an introduction on SRC from a delegate from EMVco but we couldn't get that sorted out
- 02:09:38 [benoit]
- +1 for SRC summary
- 02:10:25 [nicktr]
- ...but we do have a document that the task force have been working on
- 02:10:50 [Fawad]
- Fawad has joined #wpwg
- 02:11:10 [nicktr]
- Ian: this draft is not currently public so it's still work in progress
- 02:11:13 [bryanluo]
- bryanluo has joined #wpwg
- 02:11:51 [dave2037]
- dave2037 has joined #wpwg
- 02:11:57 [nicktr]
- Ian: (Pause while everyone reads the introduction to SRC on the screen)
- 02:12:33 [nicktr]
- q?
- 02:12:57 [nicktr]
- ...Any questions on SRC?
- 02:13:16 [Ian]
- [Ian does mini intro to SRC]
- 02:13:16 [nicktr]
- (None)
- 02:13:18 [Ian]
- scribenick: Ian
- 02:13:29 [Ian]
- Jonathan: I'll show progress since the April discussion and demo.
- 02:13:39 [bryanluo]
- bryanluo has joined #wpwg
- 02:13:44 [zino]
- zino has joined #wpwg
- 02:13:45 [Ian]
- ...in April we illustrated how the EMVCo SRC specifications could be implemented within PR API flows
- 02:13:56 [Ian]
- ...to show that the specs are not in competition but that they can be used together.
- 02:14:07 [Ian]
- ...in the 5 months since then we have been looking into the details of that integration
- 02:14:16 [Ian]
- ...what are the challenges we need to resolve?
- 02:14:20 [Ian]
- ..what data model is involved?
- 02:14:26 [Ian]
- ...how will identity and authentication work?
- 02:14:35 [Ian]
- ...how to identify the user to enable them to access enrolled SRC cards
- 02:14:41 [Ian]
- ...how can we leverage Web Authentication?
- 02:14:55 [Ian]
- ...or identities from other identity providers
- 02:15:09 [Ian]
- ....the goal today is to walk through some user experience flows
- 02:15:23 [Ian]
- ...have been working with Jalpesh (Visa) and Tomasz (Mastercard) on the details
- 02:15:32 [Ian]
- ...the first flow is "New user who is adding a card to SRC"
- 02:16:12 [Ian]
- ...the second flow is "Returning user on the same device; select a previously enrolled card"
- 02:16:26 [Ian]
- ...third flow is "Returning user but using Web Authentication"
- 02:16:28 [tomasz]
- More details on SRC, including set of specifications, can be found on EMVCo website: https://www.emvco.com/emv-technologies/src/
- 02:17:03 [Ian]
- ...the user may want to have protected access to cards or frictionless access to card.
- 02:17:20 [Ian]
- ...when I select a card to pay with, I may ALSO have to authenticate. We want to avoid the user having to do too many authentications
- 02:17:22 [gildas]
- gildas has joined #wpwg
- 02:17:31 [Ian]
- Tony: When you say "Authenticate the transaction" what are you authenticating to?
- 02:17:34 [Ian]
- Jonathan: The bank.
- 02:17:37 [Ian]
- ...that could be done in a few ways
- 02:17:53 [Ian]
- ...the goal is ultimately for the bank to recognize the cardholder.
- 02:18:03 [Ian]
- ...this could be required by PSD2, or simply based on a risk assessment
- 02:18:14 [Ian]
- Tony: You take into account the information provider in the PSd2 situation?
- 02:18:25 [Ian]
- ...are you authenticating both ";info provider" and "payment provider"?
- 02:18:32 [Ian]
- ...I may need some information before I do the payment.
- 02:18:40 [Ian]
- Jonathan: We'll dive in after the demo
- 02:19:35 [Ian]
- [Demo shows mobile checkout]
- 02:19:49 [Ian]
- Jonathan: I am going to buy shoes. I click the "Checkout" button which is the SRC trigger.
- 02:19:54 [Ian]
- ...ah, but first some assumptions;
- 02:20:22 [Ian]
- (1) payment method can be implemented by browser or payment handler
- 02:20:30 [Ian]
- (2) We show a demo of skipping the sheet
- 02:20:53 [Ian]
- ...some questions about payment handler ecosystem to discuss
- 02:21:17 [Ian]
- ....so in this demo I am a new user (to the SRC system(s))
- 02:21:31 [Ian]
- ...so I will enter a new card (in the SRC system)
- 02:22:38 [tung]
- tung has joined #wpwg
- 02:22:51 [Ian]
- Jonathan: I am glad Chrome is working on expanding the payment handler window when there's a lot of content!
- 02:23:09 [Ian]
- ...in this example, there's a user identity that is an email address
- 02:23:27 [Ian]
- ...that data could come from a variety of sources, including typing by the user but also some email known to the browser for this user
- 02:23:52 [Vishal-Expedia]
- q+
- 02:23:53 [MaheshK]
- MaheshK has joined #wpwg
- 02:24:13 [Ian]
- ...after i enter data in the payment handler I enroll it in the SRC system. This demo is frictionless, but the demo could do 3DS for example
- 02:24:32 [AdrianHB]
- q?
- 02:24:34 [Ian]
- q+
- 02:24:36 [Ian]
- ack Vishal
- 02:24:37 [norie]
- norie has joined #wpwg
- 02:24:59 [Ian]
- Vishal: This is not exactly frictionless. I have to wait for the customer to add a card to SRC
- 02:25:17 [Ian]
- ...the flow seems similar to google pay
- 02:25:46 [Ian]
- ...why as a merchant would I opt for SRC when I need the user to add a credit card.
- 02:25:48 [jalpesh]
- q+
- 02:25:52 [Ian]
- ...which might lead to a drop in auth rates
- 02:25:53 [nicktr]
- q?
- 02:26:13 [Ian]
- Jonathan: I mean by frictionless that there was no customer authentication.
- 02:26:35 [Ian]
- ...in this demo, the user has never enrolled a card. It could be that issuers already push cards into the system, which would reduce user typing.
- 02:27:14 [jv]
- q+
- 02:27:15 [Ian]
- ...part of the guest checkout experience in general requires the user to enter some card; but we are hoping for more and more experiences where the user doesn't have to enter info...this flow is the "worst case" one we are seeing; they are smoother once the user has enrolled a card.
- 02:27:39 [Ian]
- Jonathan: This email is stored by the SRC system to identify a user and cards. So when I change devices, I just have to enter email on a new device.
- 02:27:50 [Ian]
- ...but for a new device, I will need to be verified, and those approaches may vary
- 02:27:58 [Ian]
- ...e.g., OTP or trusting an identity provider, etc.
- 02:28:02 [sakiko]
- sakiko has joined #wpwg
- 02:28:10 [sakiko]
- present+
- 02:28:11 [Ian]
- ack Jalpesh
- 02:28:41 [Ian]
- jalpesh: I agree with Jonathan's comments. The key point I want to emphasize is that this flow does not come into play unless the merchant says the user has to key in data.
- 02:29:03 [Ian]
- ack jv
- 02:29:33 [justin_toupin]
- justin_toupin has joined #wpwg
- 02:29:39 [justin_toupin]
- +q
- 02:29:42 [Ian]
- ack me
- 02:29:44 [Ian]
- ack justin
- 02:29:53 [Ian]
- justin_toupin: How do you see this working with other payment handlers?
- 02:30:01 [jalpesh]
- q+
- 02:30:38 [Ian]
- Justin: How would this work with an existing wallet?
- 02:31:15 [Ian]
- Rouslan: Another way to ask the question: can you see PayPal, Google Pay, etc. accessing SRC for cards?
- 02:31:19 [Ian]
- Jonathan: Yes
- 02:31:21 [Ian]
- ack Jal
- 02:31:24 [jalpesh]
- q-
- 02:31:35 [bryanluo]
- bryanluo has joined #wpwg
- 02:31:38 [bryanluo]
- bryanluo has joined #wpwg
- 02:31:53 [Ian]
- [Demo of returning user; first is with frictionless auth and second is with user interaction]
- 02:32:59 [jezza]
- jezza has joined #wpwg
- 02:33:06 [Ian]
- Jonathan: In this demo, the payment handler queries SRC system(s) using the user identity. If the SRC systems have enrolled cards, they are displayed in the payment handler
- 02:33:30 [Ian]
- ..when a select a card, I get information about the card (and the token payload)
- 02:34:00 [Ian]
- ...so in this demo the user chooses a card and the token payload is returned through PR API to the merchant
- 02:34:07 [Vishal-Expedia]
- q+
- 02:34:16 [Ian]
- ..there was no need to authenticate the user to give access to the src-enrolled cards
- 02:34:23 [Ian]
- ...and no need in this demo to authenticate the user for this transaction
- 02:34:34 [Ian]
- ...3DS may have been invoked behind the scene
- 02:35:15 [Ian]
- Vishal-Expedia: Can the merchant say what information they want.
- 02:35:54 [Ian]
- Ian: PR API has shipping address as optional (for the merchant)
- 02:35:59 [Ian]
- Tomasz: SRC functions similarly
- 02:36:02 [Sophie]
- q+
- 02:36:13 [Ian]
- ack Vish
- 02:36:27 [Ian]
- present+ Lawrence_Cheng
- 02:36:31 [nicktr]
- ack Vishal-Expedia
- 02:37:31 [Ian]
- Lawrence: Payment doesn't happen yet when the user pushes "continue"
- 02:37:32 [Giulio]
- Giulio has joined #wpwg
- 02:37:50 [Ian]
- Jonathan: Correct; auth etc can happen at that stage
- 02:37:54 [Ian]
- ....e.g., 3DS or other
- 02:38:21 [Ian]
- ...3DS invocation could happen from within the payment handler if the merchant asks for the payment handler to do it on the merchant's behalf.
- 02:38:39 [Ian]
- Lawrence: How do you see this experience compared to Apple Pay and Google Pay?
- 02:38:43 [Giulio]
- q+
- 02:38:47 [Ian]
- Jonathan: That's the next demo
- 02:38:56 [Ian]
- ..we do some device auth as part of the payload you submit
- 02:39:45 [Ian]
- Sophie: Thanks, these demos are really helpful !
- 02:40:01 [Ian]
- ...the question I have is - how does the handoff happen between PR API and SRC system
- 02:40:08 [Ian]
- ...you could also do this without PR PAI
- 02:40:14 [Ian]
- s/PAI/API
- 02:40:23 [Ian]
- Jonathan: I am starting with the font end, then Tomasz will show backend work
- 02:40:40 [Ian]
- ace giu
- 02:40:46 [nicktr]
- ack Sophie
- 02:40:46 [Ian]
- s/ace giu//
- 02:40:50 [nicktr]
- ack Giulio
- 02:41:03 [maxh]
- maxh has joined #wpwg
- 02:41:30 [jfontana]
- jfontana has joined #wpwg
- 02:41:33 [Ian]
- Giulio: My understanding is that if the user had only once card enrolled (or 2 enrolled but 1 as a default) that you could skip a screen and go straight to the next screen.
- 02:41:38 [maxh]
- maxh has joined #wpwg
- 02:42:03 [jezza]
- jezza has joined #wpwg
- 02:42:31 [nicktr]
- q?
- 02:42:58 [Ian]
- [IJ: Skip the sheet is a browser thing; once a payment handler has been launched, it's up to the payment handler to do optimizations in user experience]
- 02:43:32 [wonsuk]
- wonsuk has joined #wpwg
- 02:43:37 [Ian]
- q?
- 02:43:38 [jalpesh]
- jalpesh has joined #wpwg
- 02:43:38 [jalpesh]
- q+
- 02:44:07 [Ian]
- Gerhard: In the flows you have ,you already say "welcome back Allison"...you could show a default card but allow the user to choose a different card.
- 02:44:17 [Ian]
- ...that's just an example of a streamlined flow optimization
- 02:44:34 [urata_]
- urata_ has joined #wpwg
- 02:44:35 [jezza]
- jezza has joined #wpwg
- 02:45:13 [jalpesh]
- q-
- 02:45:19 [Ian]
- (Consensus that payment handlers can optimize the UX)
- 02:45:28 [Ian]
- Giulio: You could also have the option of adding a card in the same way
- 02:45:30 [Ian]
- Joanthan: Agreed
- 02:45:45 [Ian]
- ...the real idea here is that when I click the "checkout" button I see my cards (however optimized()
- 02:45:48 [Ian]
- q?
- 02:47:24 [Ian]
- [Demo: Returning user on same device]
- 02:47:36 [Ian]
- Jonathan: Suppose I don't trust the device (eg., a shared device)
- 02:47:54 [Ian]
- ...in previous example, for example, a cookie might have been used once the user has been recognized.
- 02:48:03 [Ian]
- ...we can use web authentication to access the card list
- 02:48:20 [Ian]
- ...so I pick the payment handler, authenticate with my thumbprint, then I see the list of card.
- 02:49:34 [jezza]
- jezza has joined #wpwg
- 02:49:46 [Ian]
- ...one question is the user experience on a device with multiple web authn identifies
- 02:50:03 [jezza]
- jezza has joined #wpwg
- 02:50:03 [Ian]
- ...we did some demos and it worked with Chrome on Desktop but not on Chrome
- 02:50:16 [Ian]
- q?
- 02:50:48 [Ian]
- @@: When you showed the UI, was the content bound to the signature that FIDO gave?
- 02:51:08 [Ian]
- Jonathan: The WebAuthn here is to get access to card metadata.
- 02:51:19 [Ian]
- ...for that I need an identity that I can use with different SRC systems
- 02:51:29 [Ian]
- ...there is an assumption that the user had already enrolled previously (with FIDO keys)
- 02:51:40 [Ian]
- ...so that key is bound to the card list
- 02:51:51 [bryanluo]
- bryanluo has joined #wpwg
- 02:53:44 [Ian]
- [Discussion of how this works]
- 02:54:16 [Ian]
- JeffHodges: This is not yet specified but could occur as follows: the SRC system would say "the user is not authenticated; you're asking me to return info about a card but I don't yet know the user"
- 02:54:23 [Ian]
- ...there was no ambient authentication passed in.
- 02:54:25 [jalpesh]
- q+
- 02:54:55 [Ian]
- ....so if the SRC system wants to authenticate the user, it would make a request to the device, and that's where WebAuthentication would occur
- 02:55:12 [Ian]
- ...how WebAuthn is woven into SRC needs to be part of the SRC spec (If I am correct)
- 02:55:26 [rouslan]
- q+
- 02:55:47 [nicktr]
- ack jalpesh
- 02:56:18 [Ian]
- Jalpesh: I didn't quite follow that. But I agree with Jonathan's perspective. We are saying the relying party is the payment handler. The payment handler talks to the SRC system.
- 02:56:59 [Ian]
- Tony: The registration would have to happen to the SRC system at some point. The SRC system would then have the public key of the client. It would be up to the SRC system to look up the key to find out what key ids are related and then those are displayed accordingly.
- 02:57:09 [tomasz]
- +q
- 02:57:30 [jezza]
- q+
- 02:58:08 [tomasz]
- q-
- 02:58:13 [Ian]
- [We touch on the delegation of TLD+1...a topic for tomorrow]
- 02:59:09 [Ian]
- Rouslan: It's possible that SRC will invoke the authentication. But it's also possible that the payment handler does the WebAuthn and the backend trusts the payment handler.
- 02:59:20 [Ian]
- q?
- 02:59:22 [Ian]
- ack rouslan
- 02:59:53 [Ian]
- Jonathan: SRC system may decide to trust SOME payment handlers who do Web Authn for access to cards
- 03:00:25 [Ian]
- ...I agree there are two approaches: SRC does auth (for access to cards) or SRC trusts payment handler
- 03:01:02 [Ian]
- ...again here we are discussing access to card list, not cardholder authenticfation
- 03:01:09 [Ian]
- s/authenticfation/authentication
- 03:01:41 [Ian]
- q+ Lawrence
- 03:01:44 [Ian]
- ack jezza
- 03:02:22 [Ian]
- jezza: I want to clarify something around authentication. In the demo, the user authenticated with the SRC system. If my user is in Europe and the transaction is not exempted for SCA, then the user will need to re-authenticate with the issuer.
- 03:02:31 [Ian]
- ...so now we are in the scenario where the user has to authenticate twice
- 03:02:48 [Ian]
- Jonathan: Before trying to answer this question, let me show you another flow
- 03:03:21 [Ian]
- ...if we assume that I am a recognized user on a device and I can access the cards, and we merge the two together. ...
- 03:03:39 [Ian]
- ...when I select a card, because of PSD2 regulation or a risk decision, I may have to authenticate the consumer.
- 03:03:53 [Ian]
- ...it could be the merchant invoking 3DS or the merchant could delegate to the payment handler
- 03:04:07 [Ian]
- ..the payment handler could invoke 3DS OR the payment handler could authenticate with WebAuthn.....
- 03:04:22 [Ian]
- ..that means previously you had an enrollment for that card, where the user then authenticates the user with normal SCA
- 03:04:58 [tomasz]
- q?
- 03:05:24 [Ian]
- ...it is possible for the first Web Authentication used to access the card could be reused as input to a 3DS process.
- 03:05:57 [Ian]
- ...the strong signal would then reduce the odds of step-up under 3DS.
- 03:06:47 [Ian]
- IJ: So the payment handler reuses the blob from the first Web Authentication as input to the subsequent 3DS flow initiated by the payment handler
- 03:07:12 [Ian]
- Lawrence: What's in the payment method payload?
- 03:07:22 [Ian]
- Jonathan: Can include token and cryptogram.
- 03:07:39 [Ian]
- ...that is then used by the merchant or PSP for authorization
- 03:08:01 [tomasz]
- +q
- 03:08:17 [norie]
- norie has joined #wpwg
- 03:08:21 [AdrianHB]
- ack LAwrence
- 03:09:12 [Ian]
- Lawrence: If the payload contains the token which is uniquely identified to the consumer, would the issuing bank have to do the SCA?
- 03:09:38 [Ian]
- Jonathan: That's separate from the token. We are talking about authentication for the transaction. There are multiple options including merchant calling 3DS once they have the payload.
- 03:09:51 [Ian]
- ...or if it's the payment handler who has been doing this on the merchant's behalf.
- 03:09:52 [vkuntz]
- vkuntz has joined #wpwg
- 03:09:55 [vkuntz]
- present+
- 03:09:56 [Ian]
- q?
- 03:11:09 [Ian]
- Jonathan:The issuer is always responsible for the SCA. But the issuer can delegate this function, and the issuer can (based on WebAuthn data) can make a choice not to do SCA. That would still be compliant with SCA either through delegation or step-up if needed.
- 03:11:21 [norie]
- norie has joined #wpwg
- 03:11:25 [Ian]
- Nick: The issuer is definitely responsible. But that doesn't mean that they actually have to perform the task.
- 03:11:28 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:12:12 [Ian]
- Tomasz: The SRC-I role is the actor that invokes payment request on behalf of the merchant. (The merchant could also be the SRC-I). The SRC-I receives the credentials.
- 03:12:39 [Ian]
- ...the SRC-I can only receive displayable data (which merchant can display to the user)
- 03:13:02 [Ian]
- ...the merchant's PSP could receive the part of the data that is just for payments
- 03:13:24 [zino]
- zino has joined #wpwg
- 03:13:49 [Ian]
- [Tomasz shows data model]
- 03:14:45 [Ian]
- -> https://github.com/w3c/src/wiki DRAFT SRC Payment method
- 03:14:46 [jonathan]
- jonathan has joined #wpwg
- 03:16:19 [nicktr]
- q?
- 03:16:27 [nicktr]
- ack tomasz
- 03:16:35 [Ian]
- q+ to ask about conformance to draft data model
- 03:17:32 [nicktr]
- q+ to ask about SRCI role
- 03:18:13 [jeffh]
- thx
- 03:18:46 [Ian]
- Tomasz: Note that we have some redundancy between booleans in PR API to request some data and the draft SRC payment method; we need to look into simplifying that
- 03:19:26 [nicktr]
- q?
- 03:21:11 [jezza]
- jezza has joined #wpwg
- 03:23:07 [AdrianHB]
- tomazs: [talking through slides]
- 03:24:15 [AdrianHB]
- ian: our goal is to define a datamodel for SRC and PR API that is common between networks
- 03:25:03 [AdrianHB]
- ... next question will be whether or not we take this up as WG deliverable
- 03:25:16 [AdrianHB]
- ... so next question is, can you make a tx using the data model?
- 03:25:19 [nicktr]
- ack Ian
- 03:25:19 [Zakim]
- Ian, you wanted to ask about conformance to draft data model
- 03:25:23 [AdrianHB]
- tomasz: not yet
- 03:25:35 [Ian]
- tomasz: More work needed to complete the data model
- 03:25:50 [AdrianHB]
- scribe_nick: adrianhb
- 03:25:57 [Ian]
- Jonathan: If we want the data model to be totally complete, the question is who works on that, and how do we ensure it works with EMVCo.
- 03:26:03 [marcosc]
- +q
- 03:26:23 [Ian]
- Jonathan: So we probably need to invite EMVCo so send more people to the task force
- 03:26:24 [Ian]
- ack nick
- 03:26:24 [Zakim]
- nicktr, you wanted to ask about SRCI role
- 03:26:27 [gildas]
- gildas has joined #wpwg
- 03:26:45 [Ian]
- nicktr: The proposal as it stands assumes that the person building the PR API call is the SRC-I
- 03:27:02 [Ian]
- ...or that they are downstream from the SRC-I....but I"m not sure that's the correct assumption.
- 03:27:13 [Ian]
- ...that prevents the payment handler from being the SRC-I.
- 03:27:28 [Ciciley]
- Ciciley has joined #wpwg
- 03:27:39 [Ian]
- ....there are some things that look like payment handlers today that are aware of the identity of the merchant
- 03:28:03 [Ciciley]
- Present+
- 03:28:04 [Ian]
- ...the note I would give at this stage - I'm not sure we want to assume the SRC-I is on the side of the payment requestor.
- 03:28:23 [Ciciley]
- I had to reload the page
- 03:28:45 [hadleybeeman]
- hadleybeeman has joined #wpwg
- 03:29:22 [Ian]
- Jalpesh: There is no reason a company like Stripe couldn't be both the payment handler and the SRC-I
- 03:29:40 [Ian]
- ...payment handler / DCF plays role on behalf of consumer; SRC-I represents merchant (whether merchant or PSP)
- 03:29:47 [michelweksler]
- michelweksler has joined #wpwg
- 03:30:16 [AdrianHB]
- q?
- 03:30:27 [Ian]
- ...we don't have to call it the SRC-I in the w3c spec. Any developer can call PR API. In EMVCo terms that's called the SRC-I.
- 03:30:40 [Ian]
- Tomasz: I think it's probably important to discuss.
- 03:30:57 [Ian]
- ....if SRC-I does invoke PR API, the SRC-I can provide this information.
- 03:31:24 [Ian]
- q?
- 03:31:40 [Ian]
- ack mar
- 03:32:45 [Ian]
- marcosc: Please avoid "object" in WebIDL if you can due to security issues
- 03:32:46 [nicktr]
- q?
- 03:33:07 [Ian]
- Tomasz: Here's why we defined them as Object today - it's due to the EMVCo spec. We don't have specific typed objects in the SRC spec.
- 03:33:08 [Ian]
- ?
- 03:33:12 [Ian]
- q?
- 03:33:21 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:34:55 [nicktr]
- q?
- 03:35:30 [Gerhard]
- question: Can we get the link to the SRC Wiki, pls?
- 03:36:02 [Ian]
- -> https://github.com/w3c/src/wiki SRC WIki
- 03:38:27 [nicktr]
- q?
- 03:39:41 [Fawad]
- Fawad has joined #wpwg
- 03:40:18 [nicktr]
- q+ to ask if any EMV member has published their implementation specifications or a timetable yet?
- 03:40:40 [AdrianHB]
- ian: desire to ensure there is no gap in flow for users that have cards. Some experiments from with Chrome team
- 03:41:02 [AdrianHB]
- ... can we show individual cards in payment sheet?
- 03:41:34 [AdrianHB]
- ... another topic we need to explore is user identity
- 03:41:45 [AdrianHB]
- ... where does it come from, who vouches for it
- 03:41:45 [nicktr]
- q?
- 03:41:48 [rouslan]
- q+
- 03:42:15 [Ian]
- AdrianHB: We have something of an entity modeling challenge.
- 03:42:16 [Gerhard]
- q+
- 03:42:38 [wonsuk]
- wonsuk has joined #wpwg
- 03:42:42 [Ian]
- ...when we first designed this architecture, we had the concept of a payment handler which is executable code distributed by a publisher. And inside of that there are instruments.
- 03:42:55 [Ian]
- ...but it doesn't map well to SRC...there is more required in SRC on identity
- 03:42:56 [nicktr]
- q- later
- 03:43:28 [Ian]
- AdrianHB: I Think we can generalize some of the things that SRC is showing us
- 03:43:37 [AdrianHB]
- q?
- 03:43:46 [tomasz]
- q+
- 03:44:31 [jeffh]
- q?
- 03:44:34 [Ian]
- ack Rouslan
- 03:45:27 [Fawad_]
- Fawad_ has joined #wpwg
- 03:45:39 [Ian]
- Rouslan: Chrome Team would like to see some SRC experience in the market that is working end-to-end
- 03:45:56 [Ian]
- ....that will enable us to think more about how the browser can optimize the user experience.
- 03:46:08 [jalpesh]
- jalpesh has joined #wpwg
- 03:46:08 [jalpesh]
- q+
- 03:46:50 [Ian]
- Rouslan: Yes, we should continue SRC work.
- 03:47:20 [marcosc]
- q+
- 03:47:59 [marcosc]
- q-
- 03:48:08 [Ian]
- ...I am ack Ger
- 03:48:18 [nicktr]
- ack Ger
- 03:48:18 [Ian]
- s/...I am ack Ger//
- 03:48:46 [Ian]
- Gerhard: We are wondering (as reps of banks) how to add ourselves to the ecosystem. I have an option of being a payment handler.
- 03:49:12 [Ian]
- ...the ultimate authenticator will want to be the issuer
- 03:49:29 [Ian]
- ...is there a way in which the payment handler can hand off to the issuer for the authentication.
- 03:49:34 [Ian]
- ...I think something's possible
- 03:49:47 [Ian]
- ...so the question is whether there can be delegation
- 03:50:21 [Ian]
- ...we need to be clear about what the issuers need to do..otherwise the issuers are going to try to do too much, and confusion will prevent adoption
- 03:51:35 [Ian]
- NickTR: Have any schemes published SRC implementations or a timetable for such?
- 03:52:00 [Ian]
- Jalpesh: Visa publicly announced that we will migrate our acceptance and our experiences into SRC. We haven't quite published a timetable.
- 03:52:55 [jezza]
- jezza has joined #wpwg
- 03:53:07 [Ian]
- ...when available the systems will be available for testing by various parties in the ecosystem (including folks here)
- 03:54:04 [Ian]
- Jonathan: We made similar announcements.
- 03:54:15 [Ian]
- ..launch is imminent
- 03:54:29 [tomasz]
- q?
- 03:54:43 [AdrianHB]
- ack nicktr
- 03:54:43 [Zakim]
- nicktr, you wanted to ask if any EMV member has published their implementation specifications or a timetable yet?
- 03:54:45 [jalpesh]
- q-
- 03:55:03 [AdrianHB]
- ack tomasz
- 03:56:51 [nicktr]
- q?
- 03:57:09 [Ian]
- Tomasz: I agree we should continue; but also have more work on "how"
- 03:58:19 [Ciciley]
- Ciciley has joined #wpwg
- 03:58:39 [Ciciley]
- Present+
- 03:58:42 [Ciciley]
- Still here
- 03:59:04 [Ian]
- PROPOSED: The card payment task force should continue to work on an SRC payment method and its integration into the PR API ecosystem.
- 03:59:25 [AdrianHB]
- +1
- 03:59:26 [michelweksler]
- +1
- 03:59:29 [Sophie]
- +1
- 03:59:29 [rouslan]
- +1
- 03:59:32 [jezza]
- jezza has joined #wpwg
- 03:59:33 [Fawad_]
- +1
- 03:59:33 [benoit]
- +1
- 03:59:35 [krystosterone]
- +1
- 03:59:35 [bryanluo]
- +1
- 03:59:37 [rouslan]
- q+
- 03:59:38 [Dongwoo]
- +1
- 03:59:41 [jezza]
- +1
- 03:59:41 [Gerhard]
- +1
- 03:59:44 [jv]
- +1
- 03:59:44 [nicktr]
- +1
- 03:59:44 [dave2037]
- +1
- 03:59:46 [Ciciley]
- +1
- 03:59:50 [jonathan]
- jonathan has joined #wpwg
- 03:59:50 [Ian]
- ack rouslan
- 03:59:51 [wanli_]
- +1
- 03:59:58 [heejin]
- +1
- 04:00:02 [frank]
- frank has joined #wpwg
- 04:00:13 [jonathan]
- +1
- 04:00:20 [Roy]
- +0
- 04:00:23 [justin_toupin]
- +0
- 04:00:25 [frank]
- +0
- 04:00:32 [agektmr]
- +0
- 04:00:56 [jalpesh]
- present-
- 04:00:59 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 04:01:17 [mweksler]
- mweksler has joined #wpwg
- 04:01:52 [alex_liu]
- alex_liu has joined #wpwg
- 04:02:54 [alex_liu_]
- alex_liu_ has joined #wpwg
- 04:03:43 [bryanluo]
- bryanluo has joined #wpwg
- 04:19:30 [bryanluo]
- bryanluo has joined #wpwg
- 04:21:41 [mweksler]
- mweksler has joined #wpwg
- 04:25:19 [alex_liu]
- alex_liu has joined #wpwg
- 04:25:49 [jessie]
- jessie has joined #wpwg
- 04:34:12 [bryanluo]
- bryanluo has joined #wpwg
- 04:41:35 [rouslan]
- rouslan has joined #wpwg
- 04:45:34 [marcosc]
- marcosc has joined #wpwg
- 04:49:43 [alex_liu]
- alex_liu has joined #wpwg
- 04:50:04 [bryanluo]
- bryanluo has joined #wpwg
- 04:52:22 [alex_liu]
- alex_liu has joined #wpwg
- 05:00:17 [frank]
- frank has joined #wpwg
- 05:01:04 [Masa-JCB]
- Masa-JCB has joined #wpwg
- 05:01:24 [norie]
- norie has joined #wpwg
- 05:01:31 [mweksler]
- mweksler has joined #wpwg
- 05:02:04 [jezza]
- jezza has joined #wpwg
- 05:02:04 [rouslan]
- rouslan has joined #wpwg
- 05:03:19 [alex_liu]
- alex_liu has joined #wpwg
- 05:03:31 [canton]
- canton has joined #wpwg
- 05:03:32 [pea13]
- pea13 has joined #wpwg
- 05:04:34 [takashi]
- takashi has joined #wpwg
- 05:04:48 [michelweksler]
- michelweksler has joined #wpwg
- 05:04:59 [gildas]
- gildas has joined #wpwg
- 05:05:33 [benoit]
- benoit has joined #wpwg
- 05:05:34 [bryanluo]
- bryanluo has joined #wpwg
- 05:06:56 [AdrianHB]
- AdrianHB has joined #wpwg
- 05:08:25 [marcosc]
- marcosc has joined #wpwg
- 05:09:36 [cwarnier]
- cwarnier has joined #wpwg
- 05:11:46 [AdrianHB]
- takashi: [slides on QR code payments in Japan]
- 05:11:53 [Gerhard]
- Gerhard has joined #wpwg
- 05:12:03 [urata]
- urata has joined #wpwg
- 05:14:20 [Jinushi]
- Jinushi has joined #wpwg
- 05:16:57 [jezza]
- jezza has joined #wpwg
- 05:17:56 [bryanluo]
- bryanluo has joined #wpwg
- 05:18:16 [nicktr]
- q+ to ask about Japanese QR standard
- 05:18:46 [AdrianHB]
- nicktr: Is the new QR standard in Japan aligned with EMV?
- 05:18:52 [AdrianHB]
- takashi: No
- 05:18:53 [nicktr]
- ack nicktr
- 05:18:53 [Zakim]
- nicktr, you wanted to ask about Japanese QR standard
- 05:19:21 [fawad]
- fawad has joined #wpwg
- 05:21:53 [bryanluo]
- bryanluo has joined #wpwg
- 05:22:21 [jezza]
- jezza has joined #wpwg
- 05:22:36 [AdrianHB]
- q?
- 05:22:40 [nicktr]
- q?
- 05:23:04 [nicktr]
- q+ lawrence
- 05:23:27 [AdrianHB]
- AdrianHB: Can QR code be used for online payments?
- 05:23:45 [benoit]
- q+
- 05:23:51 [nicktr]
- ack Lawrence
- 05:24:02 [jv]
- jv has joined #wpwg
- 05:24:07 [AdrianHB]
- masa-JCB: no, it is focused on in-person
- 05:24:14 [AdrianHB]
- q?
- 05:24:49 [AdrianHB]
- lawrence: [question about UX, missed detail]
- 05:24:55 [jezza]
- jezza has joined #wpwg
- 05:25:14 [AdrianHB]
- masa-JCB: UX is not as good as card but better than cash
- 05:25:59 [AdrianHB]
- lawrence: what is the motivation to switch?
- 05:26:30 [AdrianHB]
- masa-JCB: the merchant is motivated and so offers cash-back to incentivise consumers
- 05:28:04 [AdrianHB]
- motivation from government is anything but cash so cash-back incentives are high
- 05:28:32 [AdrianHB]
- q?
- 05:28:34 [nicktr]
- q?
- 05:29:48 [AdrianHB]
- benoit: compared to AliPay, this seems like astatic data generated by the customer. What prevents me from stealing the code and using it somewhere?
- 05:30:58 [AdrianHB]
- masa-JCB: security is dealt with by providers, I'm not familiar with the details. It's not possible to reuse the barcode
- 05:31:11 [jessie_]
- jessie_ has joined #wpwg
- 05:31:13 [AdrianHB]
- q?
- 05:31:17 [Gerhard]
- q+
- 05:31:23 [nicktr]
- q?
- 05:31:27 [nicktr]
- ack benoit
- 05:31:42 [jezza]
- jezza has joined #wpwg
- 05:32:29 [AdrianHB]
- ack benoit
- 05:32:32 [nicktr]
- ack Gerhard
- 05:32:32 [AdrianHB]
- ack gerhard
- 05:32:57 [AdrianHB]
- gerhard: this looks like tokenization. Why not use the EMVCo standard?
- 05:33:16 [jezza]
- Q?
- 05:33:33 [AdrianHB]
- masa-JCB: I'm not familiar with the design discussions.
- 05:34:09 [AdrianHB]
- gerhard: I see the benefit of the form-preserving token but does it require merchants to add cameras to the terminal?
- 05:34:18 [urata]
- urata has joined #wpwg
- 05:34:24 [AdrianHB]
- masa-JCB: the majority of terminals already had the camera
- 05:34:47 [AdrianHB]
- gerhard: Which is more common, merchant presented vs consumer presented?
- 05:34:50 [jezza]
- jezza has joined #wpwg
- 05:35:32 [AdrianHB]
- masa-JCB: Providers all support both. The choice is driven by cost.
- 05:35:37 [nicktr]
- q?
- 05:35:44 [Ian]
- scribenick: Ian
- 05:36:12 [kimwooglae]
- kimwooglae has joined #wpwg
- 05:37:01 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:37:23 [Ian]
- [Sakiko Suzuki on payments in Asia]
- 05:37:29 [florent]
- florent has joined #wpwg
- 05:37:44 [masa-jcb]
- masa-jcb has joined #wpwg
- 05:38:41 [Ian]
- Sakiko: Market affected by (1) various instant payment initiatives in Europe and (2) new payment methods from China
- 05:39:01 [Ian]
- [Background on SWIFT]
- 05:39:07 [estes]
- estes has joined #wpwg
- 05:39:22 [Ian]
- Sakiko: SWIFT covers over 200 countries and multiple currencies.
- 05:40:03 [Ian]
- ...drivers of change: volumes, e-commerce, real-time, regulation, open banking
- 05:40:17 [Ian]
- ....volume is doubling each year
- 05:41:26 [Ian]
- ...in Europe we provide instant payments across multiple countries for cross-border payments
- 05:41:37 [Ian]
- ..in Australia we do so for all sorts of payments including P2P and B2B
- 05:41:52 [Ian]
- ...SWIFT is focusing on cross-border payments; regulation is really important
- 05:41:57 [Ian]
- ...there are issues like AML
- 05:42:12 [rouslan]
- rouslan has joined #wpwg
- 05:42:42 [Angel]
- Angel has joined #wpwg
- 05:42:57 [Ian]
- ...APIs help foster development
- 05:43:06 [Ian]
- ...we have three focus areas: modeling, publishing, consumption
- 05:43:57 [Ian]
- ...GPI is a new system to provide instant payments
- 05:43:57 [Ian]
- ll
- 05:44:01 [Ian]
- s/||/
- 05:44:07 [Ian]
- s/II//
- 05:44:33 [Ian]
- Sakiko: We are trying to connect additional networks as well since we cannot provide all solutions ourselves
- 05:44:58 [Ian]
- ..."NPP" (New Payment Platform) in Australia
- 05:45:01 [Ian]
- ...started in January 2018
- 05:45:16 [Ian]
- ...distributed architecture.
- 05:46:02 [Ian]
- ...allows Australian banks to do real-time clearing and settlement
- 05:46:17 [Ian]
- ...distributed model ensures continuity of payment services
- 05:46:27 [Angel_]
- Angel_ has joined #wpwg
- 05:46:29 [Ian]
- ...before NPP, Australian could not do real-time, 24/7
- 05:46:47 [Ian]
- ...based on ISO20022
- 05:46:59 [Ian]
- ....1400 data fields available
- 05:47:11 [Ian]
- ....24/7 real-time
- 05:47:21 [Ian]
- ....PayID or BSB and account number;
- 05:47:33 [nicktr]
- q?
- 05:48:28 [Fawad_]
- Fawad_ has joined #WPWG
- 05:48:34 [Ian]
- ....we provide an API sandbox to facilitate development
- 05:49:00 [Ian]
- ...after 1 year, NPP has 75 Members connected to the network; $75 Billion worth of transactions
- 05:49:19 [Ian]
- ...any type of payment can be supported by the network
- 05:49:30 [Roy]
- Roy has joined #wpwg
- 05:49:57 [Ian]
- ...GPI has been around for 3 years
- 05:50:08 [Ian]
- ....next year, all SWIFT Members will be on this network.
- 05:50:24 [Giulio]
- Giulio has joined #wpwg
- 05:50:38 [Ian]
- ...98% of transactions settled in 1 day; 40% in less than 5 minutes
- 05:50:59 [Ian]
- ...most of the advanced banks can settle in 10-20 seconds
- 05:51:27 [Ian]
- ...GPI instant: 20 seconds end to end on average; maximum 60 seconds
- 05:51:38 [Angel_]
- rrsagent, draft minutes
- 05:51:38 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Angel_
- 05:53:21 [Ian]
- [Trial participants include NAB, ANZ, ICBC, Bank of China, Bangkok Bank, DBS, UOB, Standard Chartered)
- 05:54:56 [wonsuk]
- wonsuk has joined #wpwg
- 05:56:26 [AdrianHB]
- q?
- 05:56:27 [nicktr]
- q?
- 05:56:59 [Ian]
- AdrianHB: If we push for real-time push payments, is the end goal retail?
- 05:57:20 [Ian]
- Sakiko: I think it's possible. SWIFT can provide account-to-account transer
- 05:57:26 [Ian]
- s/transer/transfer
- 05:58:33 [Ian]
- [Demo of GPI with PR API]
- 06:00:13 [Ian]
- Vkuntz: With PR API, merchant can get ask bank to track payment and let the merchant know if not received within 60 seconds.
- 06:01:28 [Ian]
- (Demo shows a gpi-tracked payment method)
- 06:01:35 [Ian]
- ...the user selects an account from which to make the payment
- 06:01:56 [Ian]
- ...selecting "confirm" causes payment information to be sent to the bank.
- 06:02:13 [Ian]
- ...the merchant gets back a tracking idea
- 06:02:33 [Ian]
- ...then we can simulate the bank initiating the transfer
- 06:02:49 [Ian]
- ...then the payment method enables the merchant to know that the payment has been initiated.
- 06:03:15 [nicktr]
- q?
- 06:04:58 [Ian]
- ...so the payment handler has closed, and the merchant can monitor the status of the payment.
- 06:05:33 [Ian]
- ...the payment response includes an identifier for the transaction in the GPI system
- 06:05:37 [Ian]
- q?
- 06:05:45 [Ian]
- IJ: What about authentication?
- 06:06:05 [Ian]
- vkuntz: Authentication is in g-link
- 06:06:09 [Ian]
- ...so we have it but have not applied it.
- 06:06:26 [jezza]
- jezza has joined #wpwg
- 06:06:31 [Ian]
- AdrianHB: What data is sent to the payment handler? How does the merchant identify itself?
- 06:07:02 [Ian]
- vkuntz: There's merchant account identifier.
- 06:07:29 [Ian]
- ..it's globally unique
- 06:07:44 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 06:07:52 [nicktr]
- q?
- 06:08:29 [norie]
- norie has joined #wpwg
- 06:08:30 [mweksler]
- mweksler has joined #wpwg
- 06:09:58 [jezza]
- jezza has joined #wpwg
- 06:12:07 [jezza]
- jezza has joined #wpwg
- 06:15:16 [alex_liu]
- alex_liu has joined #wpwg
- 06:16:35 [jezza]
- jezza has joined #wpwg
- 06:22:18 [bryanluo]
- bryanluo has joined #wpwg
- 06:27:52 [bryanluo]
- bryanluo has joined #wpwg
- 06:28:54 [mweksler]
- mweksler has joined #wpwg
- 06:29:20 [rouslan]
- rouslan has joined #wpwg
- 06:31:08 [Ciciley]
- Ciciley has joined #wpwg
- 06:31:18 [Ciciley]
- Present+
- 06:31:51 [jessie]
- jessie has joined #wpwg
- 06:32:40 [michelweksler]
- michelweksler has joined #wpwg
- 06:33:30 [Ian]
- Topic: Airbnb PR API Experience
- 06:34:51 [Ian]
- -> http://www.w3.org/2019/Talks/airbnb-20190916.pdf Airbnb slides
- 06:34:56 [gildas]
- gildas has joined #wpwg
- 06:35:10 [Ian]
- mweksler: Some points to think about as we go through the presentation
- 06:35:33 [Ian]
- - One goal was a desire to rely on payment request as the only step in a checkout flow
- 06:35:37 [Yaohua_Wu]
- Yaohua_Wu has joined #wpwg
- 06:35:46 [Ian]
- - Guest checkout v. card on file is another theme
- 06:36:30 [frank]
- frank has joined #wpwg
- 06:36:31 [Fawad]
- Fawad has joined #wpwg
- 06:36:34 [Ian]
- Alex: Lots of slides but I will go quickly
- 06:36:51 [Giulio]
- Giulio has joined #wpwg
- 06:37:13 [Ian]
- Alex: Airbnb has a number of top-level businesses all leverage the Airbnb platform.
- 06:37:16 [norie]
- norie has joined #wpwg
- 06:37:24 [vkuntz]
- vkuntz has joined #wpwg
- 06:37:24 [Ian]
- ...one functionality within that platform is payments
- 06:37:34 [vkuntz]
- present+
- 06:37:36 [Ian]
- ...Airbnb has about 200 people working on payments
- 06:38:00 [Ian]
- ...we operate in lots of countries and accept a lot of currencies.
- 06:38:16 [Ian]
- ....we go through multiple PSPs for redundancy
- 06:38:20 [urata_]
- urata_ has joined #wpwg
- 06:38:47 [Ian]
- ...we have our own coupons, credit plans
- 06:38:52 [Ian]
- [Opportunities]
- 06:39:16 [Ian]
- Alex: We wanted to redesign the Web experience; lots of people start from Web (not native)
- 06:39:26 [Ian]
- ...wanted a streamlined first time booking experience
- 06:39:36 [Ian]
- ...and thought we could use PR API to collect information.
- 06:40:00 [Ian]
- ...we have a signup wall and thought we could use PR API to streamline that rocess.
- 06:40:11 [Ian]
- ...we also wanted to use PR API to be able to support more payment methods
- 06:40:19 [Ian]
- ...e.g., access to Apple Pay and Google Pay
- 06:40:30 [Ian]
- ...so PR API gave us access to more payment methods.
- 06:40:31 [Fawad_]
- Fawad_ has joined #wpwg
- 06:41:00 [Fawad_]
- Fawad_ has left #wpwg
- 06:41:08 [Ian]
- ...in Brazil we have to collect a lot more information ...
- 06:41:12 [Ian]
- ...forms lead to drop-off
- 06:41:23 [fawad_]
- fawad_ has joined #wpwg
- 06:41:32 [Ian]
- ...with PR API we don't have to manage all the form fields, and resizing and display
- 06:41:47 [Fawad_N]
- Fawad_N has joined #wpwg
- 06:41:55 [Ian]
- ...we also thought we could speed up checkout for use cases where users already had *Pay setups
- 06:41:59 [Ian]
- [Exploration]
- 06:42:13 [Ian]
- Alex: We integrated it with desktop web via moweb
- 06:42:30 [masa_jcb]
- masa_jcb has joined #wpwg
- 06:43:07 [Ian]
- (We see a demo using basic card, and a demo using google pay)
- 06:43:37 [Ian]
- Alex: We saw a lot of benefits - no complex forms, use existing wallets, access to more payment methods, no custom billing form, buit-in infrastructure
- 06:44:25 [Ian]
- Alex: For us, we liked the standard API because it was easy to swap in, and have it work across browsers
- 06:44:30 [Ian]
- [Challenges]
- 06:44:40 [jonathan]
- jonathan has joined #wpwg
- 06:44:43 [AdrianHB]
- q?
- 06:45:04 [Ian]
- Jonathan: Are you using PR API all the time, or just first time user?
- 06:45:36 [Ian]
- mweksler: PR API remains an option, but previously used cards are available in subsequent checkouts (card on file)
- 06:46:07 [Ian]
- Alex: If you start adding card-on-file, once you have a mix of instruments (card-on-file, card-in-browser, google pay) that can be confusing to the user
- 06:46:29 [Ian]
- Alex: Biggest pain point is lack of official payment handlers.
- 06:46:35 [Ian]
- ...e.g., no PayPal
- 06:46:52 [Ian]
- ...even for the ones that are there (e.g., Google Pay) only there for one browser and not the other
- 06:47:13 [Ian]
- Alex: You should be able to see all the payment methods on all the browsers
- 06:48:01 [Ian]
- Alex: Second point is consistency across browsers. Suppose we use Chrome basic card implementation...experience on mobile not same as experience on desktop
- 06:49:28 [Ian]
- IJ: Do label customizations help?
- 06:49:32 [Ian]
- Alex: Yes, that could help
- 06:49:39 [nicktr]
- q?
- 06:49:53 [Ian]
- Alex: so we'd like to see (1) more official payment handlers (2) support across browsers (2) configuration of form fields / labels
- 06:49:58 [Ian]
- ....that is, customization
- 06:50:22 [Ian]
- ...even if the browser does not allow customization, make it possible for us to know the strings that would have been rendered and we can match them
- 06:50:39 [Ian]
- Alex: Second challenge was stored instruments
- 06:51:06 [Ian]
- ....if the user has some cards on file with Airbnb but also cards in browser and so they get a difference experience
- 06:51:31 [Ian]
- ...not obvious to users how to find most up-to-date card information
- 06:51:43 [Ian]
- ....so might be nice to integrate on-platform instruments into the sheet.
- 06:52:21 [Ian]
- Alex: Another topic is "tokenization". If we were to implement PR API, on the back end (e.g., Stripe, Braintree) the backend integrations are different
- 06:53:31 [takashi]
- takashi has joined #wpwg
- 06:54:08 [Ian]
- IJ: Do you want a standardized API on the backend or a standardized payload?
- 06:54:16 [nicktr]
- q+
- 06:54:53 [Ian]
- mweksler: For a merchant would be great to have a standardized token shape, but PSPs may not want that level of interoperability
- 06:54:57 [benoit]
- q+
- 06:55:00 [Ian]
- ack nicktr
- 06:55:38 [Ian]
- nicktr: I think this is a live debate within payment providers whether to have tokens that can be moved among payment platforms.
- 06:55:42 [Gerhard]
- Gerhard has joined #wpwg
- 06:55:53 [Ian]
- ....there is nothing in the ecosystem today that prevents transportable tokens from being built.
- 06:56:01 [Ian]
- ...you can use EMVCo tokens today
- 06:56:12 [Ian]
- ...but the tokenized card payment method could support that
- 06:57:00 [Ian]
- ...I think that if there were 20 large merchants who wanted EMVCo tokens, there might be product managers willing to make a business case in their org.
- 06:57:00 [Ian]
- q?
- 06:57:13 [Ian]
- ack benoit
- 06:57:24 [Ian]
- benoit: Regarding universal tokens - I would personally love that
- 06:58:02 [Ian]
- ...whenever anything changes in the payment chain, you need to gain new authorization from the cardholder (this is a compliance issue
- 06:58:17 [jv]
- jv has joined #wpwg
- 06:58:17 [Ian]
- ...so seamless backend swapping is technically not allowed
- 06:58:47 [Ian]
- IJ: But at least you could get rid of some technical friction
- 06:59:30 [Ian]
- mweksler: There are multiple ways that we could comply (including user agreement up front)
- 06:59:32 [Ian]
- q?
- 06:59:37 [AdrianHB]
- q?
- 06:59:53 [Ian]
- NickTR: The question is "who is the token requestor"...if the token requestor were the merchant (bound to the merchant) then do-able
- 07:00:36 [Ian]
- mweksler: What we are after is slightly more nuanced - we don't want to put the burden on merchants that is associated with being token requestor. We want the PSPs to do the heavy lifting, and then we want to be able to use the tokens wherever we want.
- 07:00:46 [rouslan]
- q+
- 07:01:01 [Ian]
- Tony: Delegation is tricky (e.g., key exchange)
- 07:01:06 [Ian]
- ...so more tricky than just user consent
- 07:01:21 [Ian]
- AdrianHB: That's probably why our efforts at a tokenized card payment method didn't progress.
- 07:01:33 [Ian]
- ack rous
- 07:02:03 [Ian]
- rouslan: You expressed a sentiment that if more payment handlers on more platforms that would be great; I completely agree
- 07:02:03 [jeff_]
- jeff_ has joined #wpwg
- 07:02:15 [Ian]
- ...so the question is: what does Chrome need to do for people to start using payment handler API
- 07:02:20 [jeff_]
- present+
- 07:03:15 [Ian]
- mweksler: Lack of payment handler implementations I think is a big challenge; merchants need to treat it as "yet another payment method" instead of the "single payment method API"
- 07:03:51 [Ian]
- ...another topic is the user experience when there is both card-on-file and card-in-browser
- 07:04:06 [Ian]
- ...some sort of merging of the two worlds would be helpful
- 07:04:23 [Ian]
- ...I refer to this as "on boarding existing users to PR API"
- 07:04:28 [Ian]
- q?
- 07:04:57 [Ian]
- AdrianHB: The second topic is interesting
- 07:05:18 [Ian]
- mweksler: Every large merchant would have to write the same payment handler, which suggests it is a possibility for standardization
- 07:05:59 [Ian]
- ...we don't store the cards (people do that for us)
- 07:06:09 [Ian]
- ...we'd like to merge them into PR API
- 07:06:28 [Ian]
- (Tradeoffs)
- 07:06:34 [Ian]
- - integration with airbnb systems
- 07:06:40 [Ian]
- - customization
- 07:06:42 [Ian]
- - ease
- 07:06:56 [Ian]
- Regarding integration: it works really well today when replacing a single payment method.
- 07:07:08 [Ian]
- ...e.g., PR API with just Apple Pay or just GooglePay
- 07:07:23 [Ian]
- Regarding ux consistency:
- 07:07:38 [Ian]
- - imagine large merchants adopting this - you'd have consistency across sites and that would build trust
- 07:07:44 [Ian]
- - great for device-specific payment methods
- 07:07:48 [Ian]
- BUT:
- 07:08:00 [Ian]
- - not consistent with other Airbnb pages
- 07:08:03 [Ian]
- ...different branding for example
- 07:08:18 [Ian]
- ...also the ux is different across browsers (since different platforms)
- 07:08:23 [Ian]
- Customization:
- 07:08:36 [Ian]
- - would be great to be able to customized display sections, and get label consistency
- 07:09:12 [Ian]
- RRSAGENT, make minutes
- 07:09:12 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:10:30 [Ian]
- Topic: Breakout sessions
- 07:10:34 [Ian]
- - Payment handlers
- 07:10:41 [Ian]
- - Intersection of PR API, guest checkout, sign-up
- 07:14:33 [Ian]
- - Moving billing address from payment method to payment request
- 07:15:54 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:16:08 [Ian]
- Topic: Payment Handlers
- 07:16:28 [Roy_]
- Roy_ has joined #wpwg
- 07:16:43 [Ian]
- Justin: What should we be investing in to get more payment handler adoption?
- 07:16:43 [Roy_]
- q+
- 07:16:51 [Ian]
- ack Roy
- 07:17:25 [Ian]
- Roy_: One thing that would be helpful is to know the ecosystem of adoption of PR API
- 07:18:31 [jeff_]
- q+
- 07:18:46 [marcosc]
- marcosc has joined #wpwg
- 07:18:56 [Ian]
- Justin: The volume in terms of transactions is growing
- 07:18:57 [jv]
- +q
- 07:19:14 [AdrianHB]
- q?
- 07:19:35 [Ian]
- mweksler: I think you should encourage people internally that the more info can be shared the more adoption is likely to increase
- 07:19:37 [Ian]
- ack Jeff
- 07:19:47 [Vishal-Expedia]
- q+
- 07:19:59 [tomasz_]
- tomasz_ has joined #wpwg
- 07:20:12 [Ian]
- jeff_: I'd like to understand more why the information about adoption is proprietary, or whether we can have some conversations about stripping the proprietary information
- 07:20:40 [Ian]
- ...even reducing to a single figure of merit (e.g., growing x% per year)
- 07:20:48 [Ian]
- ack jv
- 07:21:12 [Ian]
- jv: EMV manages to publish annual maps about card adoption
- 07:21:22 [Ian]
- ....they anonymize data
- 07:21:38 [nicktr]
- q?
- 07:21:44 [Ian]
- AdrianHB: So each vendor could provide data to W3C and W3C could anonymize the consolidated data
- 07:22:00 [Ian]
- ACTION: Justin to check internally at Google about what can be shared
- 07:22:01 [trackbot]
- Created ACTION-128 - Check internally at google about what can be shared [on Justin Toupin - due 2019-09-23].
- 07:22:32 [jessie34]
- jessie34 has joined #wpwg
- 07:22:36 [Ian]
- vishal: I think from a decision perspective good to know (1) has there been an increase in number of merchants adopting it?
- 07:22:48 [Ian]
- ...so doesn't need to be user numbers, can be merchant numbers.
- 07:23:13 [Ian]
- ...regarding intro - we have examples in the payments industry about branding
- 07:23:56 [AdrianHB]
- ian: we did a lot of study on that topic
- 07:24:14 [AdrianHB]
- ... there was no support because the observation was that PR API is not a payment method
- 07:24:27 [AdrianHB]
- ... users recognize payment method brands
- 07:25:14 [Ian]
- Vishal: I'd like to see a credit card logo without specific brands, to indicate triggering PR API
- 07:25:31 [Ian]
- ....PR API is a payment method from an end-user perspective
- 07:25:54 [Sophie]
- Sophie has joined #wpwg
- 07:26:04 [gildas]
- gildas has joined #wpwg
- 07:26:10 [Ian]
- AdrianHB: I think the goal is that users don't think of it as a payment method...ideally we should figure out a way to make the experience fit into the current branding requirements of some of the big payment methods
- 07:26:21 [Ian]
- ...e.g., Apple requires an Apple Logo
- 07:26:50 [Ian]
- ...we have an unsolved problem about exposing the supported payment methods of the user and exposing them as actionnable buttons on the page
- 07:26:51 [Ian]
- q?
- 07:26:54 [Ian]
- ack Vish
- 07:27:51 [Ian]
- Rouslan: What is the biggest obstacle to people writing a payment handler today?A
- 07:27:57 [Ian]
- ..this will help us focus our energy
- 07:28:07 [nicktr]
- q?
- 07:28:25 [bryanluo]
- q+
- 07:28:42 [benoit]
- issue: https://github.com/w3c/payment-request/issues/870 is one for me, but likely not for many others
- 07:28:43 [trackbot]
- Created ISSUE-2 - Https://github.com/w3c/payment-request/issues/870 is one for me, but likely not for many others. Please complete additional details at <https://www.w3.org/Payments/WG/track/issues/2/edit>.
- 07:28:52 [Ian]
- q+ Gerhard
- 07:28:54 [Ian]
- ack bryanluo
- 07:28:55 [Gerhard]
- q+
- 07:29:26 [Ian]
- bryanluo: Two things come to mind for us. The first question I will be asked is "What's the business value for doing a payment handler?"
- 07:29:35 [jezza]
- jezza has joined #wpwg
- 07:29:52 [Ian]
- ....it's not exactly clear at this point. The second topic is more technical, but a couple of things come to mind:
- 07:30:07 [Ian]
- ...flexibility and extensibility within the API. As a payment handler there will always be edge cases
- 07:30:53 [Ian]
- ...PSP integration is a big part of the payment handler business model...where does it fit in?
- 07:31:44 [Ian]
- ....industry is moving away from iframe....does this PH approach create another isolated thing
- 07:31:48 [Ian]
- Rouslan: Thanks for this information!
- 07:32:13 [Ian]
- Rouslan: Payment handler is a top-level window, so it does not suffer from cookie restrictions on iframes
- 07:32:28 [Ian]
- bryanluo: So it's like a popup that has a special UI?
- 07:32:29 [Ian]
- Rouslan: Yes
- 07:32:55 [Ian]
- AdrianHB: Regarding data model -the payment method owner owns the data model
- 07:33:33 [Ian]
- Bryanluo: Ah, so there is already an open channel between merchant and payment handler
- 07:33:35 [Ian]
- AdrianHB: Yes
- 07:34:18 [Ian]
- ...also note that OAuth experience in the PH modal happens without losing the merchant context
- 07:34:29 [Ian]
- q?
- 07:34:42 [Ian]
- q+ to ask Google for blog post on handler benefits
- 07:34:47 [Ian]
- ack Gerhard
- 07:34:51 [nicktr]
- ack Gerhard
- 07:35:22 [Ian]
- Gerhard: If I get to the checkout page and PR API is the third option, I am likely to pick the first 2, so instrument-level display would be helpful
- 07:35:44 [Ian]
- Gerhard: It could also be useful for merchants to load payment tokens in
- 07:35:44 [jeff_]
- q+
- 07:35:53 [Vishal-Expedia]
- q+
- 07:36:05 [nicktr]
- q?
- 07:36:44 [AdrianHB]
- ian: we do have a long standing request for "instrument level display" on the page
- 07:36:49 [AdrianHB]
- q?
- 07:36:51 [nicktr]
- ack Ian
- 07:36:51 [Zakim]
- Ian, you wanted to ask Google for blog post on handler benefits
- 07:36:52 [AdrianHB]
- ack Ian
- 07:37:24 [Ian]
- Action: Ian to work with Justin and Google on writing up payment handler benefits
- 07:37:25 [trackbot]
- 'Ian' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., IFSF-EFT-WG-Lead, ijacobs).
- 07:37:47 [angel]
- angel has joined #wpwg
- 07:37:48 [jezza]
- jezza has joined #wpwg
- 07:38:06 [nicktr]
- ack jeff_
- 07:38:11 [Ian]
- Justin: Our thesis is that PH API can improve conversion rates; that's a key data point; we'd like to partner with people to get that data.
- 07:38:14 [Ian]
- ack Jeff_
- 07:38:30 [alex_liu]
- alex_liu has joined #wpwg
- 07:38:53 [Ian]
- Jeff_: The question at the beginning was how to get more payment handler adoption. Lots of good pieces "bottom-up"
- 07:39:06 [Ian]
- ..but a different approach is to ask which payment handlers we most need.
- 07:40:34 [AdrianHB]
- ian: My observation is that chrome took that approach and picked the industry leader and continue to work with them. The one blocker is that the potential payment handler will only move forward with more browser support (specifically Safari on iOS)
- 07:41:15 [Ian]
- mweksler: For Airbnb, definitely PayPal would be great
- 07:41:26 [Ian]
- ...I think two that are not as big but also strategic are Alipay and WeChat
- 07:41:46 [jeff_]
- q+ to follow-up on Paypal, Alipay, and we-chat
- 07:42:10 [Ian]
- Rouslan: Are you talking about China market or international market?
- 07:42:34 [Ian]
- mweksler: Primary market would be China. When you look at their online payment methods, the most popular ones are the mobile ones that redirect to their app
- 07:42:44 [Ian]
- ...it's not an easy payment handler, but it's interesting
- 07:43:00 [Ian]
- AdrianHB: That integration already exists on some platforms (e.g., Android)
- 07:43:17 [Ian]
- Rouslan: Side-loading apps would not be good for security reasons
- 07:43:37 [Ian]
- Rouslan: Alipay did demos about integration with Chrome on Android
- 07:43:48 [Ian]
- ...signature verification does not happen with legacy redirect
- 07:43:56 [Ciciley]
- Ciciley has joined #wpwg
- 07:44:08 [Ian]
- wmeksler: If you have a payment handler provided by Alipay you may not need to redirect
- 07:44:08 [Ian]
- q?
- 07:44:18 [Ian]
- s/wmesksler/mweksler
- 07:44:29 [nicktr]
- q?
- 07:44:33 [Ian]
- ack Vish
- 07:45:07 [Ian]
- Vishal-Expedia: We have been talking about 3DS 2.0. Entering the OTP is in the payments page, which is great.
- 07:45:36 [Ian]
- ....seeing that flow compared to PR API overlay, its kind of clunky to have an overlay compared to in-page display
- 07:45:45 [Ian]
- ....choosing of the payment method in the page would be nice
- 07:46:19 [Ian]
- ....I don't see many merchants in this meeting; need more exposure to merchants
- 07:47:04 [Ian]
- IJ: Who besides MAG?
- 07:47:12 [Ian]
- Vishsal: MRC
- 07:47:14 [AdrianHB]
- ian: we work with MAG (who are meeting this week so can't be here). Any suggestions for others are appreciated?
- 07:47:34 [Ian]
- ...we have a meeting in January in Singapore
- 07:47:45 [Ian]
- ack Jeff_
- 07:47:45 [Zakim]
- jeff_, you wanted to follow-up on Paypal, Alipay, and we-chat
- 07:47:53 [nicktr]
- q?
- 07:48:05 [Ciicley]
- Ciicley has joined #wpwg
- 07:48:15 [Ciicley]
- Present+
- 07:48:19 [Ian]
- Jeff_: If I were running this as a business, I would figure out how the WG should go after each opportunity. PayPal conversations are underway.
- 07:48:34 [Ian]
- ...for Alipay, the head of standards of Alibaba is here this week
- 07:48:39 [angel_]
- angel_ has joined #wpwg
- 07:48:52 [Ian]
- ....it would be good to build a story for Alipay
- 07:49:05 [Ian]
- ...WeChat is Tencent, also a W3C member
- 07:49:45 [Ian]
- ...as far as Merchant outreach, having a meetup between MAG executive council and the WPWG might be a more effective way to drive adoption
- 07:49:52 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:49:53 [nicktr]
- q?
- 07:49:53 [Ian]
- q?
- 07:50:46 [Ian]
- Rouslan: Question for browser vendors - should some implementation features of Chrome be "standardized" (even if not in spec):
- 07:50:50 [Ian]
- - Just-in-time installation
- 07:50:53 [Ian]
- - Skip the sheet
- 07:52:08 [jezza]
- jezza has joined #wpwg
- 07:52:14 [Ian]
- -> https://www.w3.org/blog/wpwg/2018/08/20/further-streamlining-the-payment-request-user-experience/ See details on JIT installation and skip-the-sheet
- 07:53:19 [Ian]
- Rouslan: These are user experiences and we've tried to not standardize them as a result
- 07:53:54 [Ian]
- ....my feeling for skip-the-sheet is that should not be normative in the spec, but could be mentioned as an informative note
- 07:54:13 [nicktr]
- q?
- 07:54:36 [jv]
- +q
- 07:54:46 [Ian]
- marcos: Agree that generally we would not put something like this in the spec
- 07:55:00 [Ian]
- ack jv
- 07:55:10 [Ian]
- jv: But having same experience across browsers would help adoption
- 07:56:23 [Ian]
- q+
- 07:56:32 [rouslan]
- q+
- 07:56:49 [Ian]
- Marcos: Putting this into the spec may not help; browsers will do the right thing in order to provide the right UX
- 07:57:08 [nicktr]
- ack rouslan
- 07:57:14 [michelweksler]
- q+
- 07:57:29 [Ian]
- Rouslan: We have documented the conditions where Chrome skips the sheet
- 07:58:31 [jessie]
- jessie has joined #wpwg
- 07:58:35 [Ian]
- ack me
- 08:00:11 [Ian]
- AdrianHB: Any changes we need to make to the spec to make it easier to implement as a browser?
- 08:00:23 [jezza]
- jezza has joined #wpwg
- 08:00:25 [Ian]
- Marcos: Architecturally we need to do a bunch of things to support the spec.
- 08:00:44 [alex_liu]
- alex_liu has joined #wpwg
- 08:00:47 [Ian]
- ...so don't want the spec to go too far ahead, but also like the adoption experience so looking for a balance
- 08:01:11 [Ian]
- ack mw
- 08:01:11 [nicktr]
- q?
- 08:01:13 [Ian]
- ack mi
- 08:01:33 [Ian]
- mweksler: I wanted to add a comment to the skip-the-sheet discussion
- 08:01:40 [Ian]
- ....I think there are other cases beyond "just one payment hadnler"
- 08:01:54 [Ian]
- ...for example, configuration to allow me to use same payment handler always on same site
- 08:02:06 [Ian]
- ...that info could be stored either by the browser or the site
- 08:02:26 [Ian]
- ...e.g., Airbnb could store the preference and tell the browser to skip the sheet and which payment handler to use
- 08:02:49 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:02:54 [Ian]
- q?
- 08:03:20 [Ian]
- AdrianHB: I think that full delegation is an important piece of this - that the handler can handle shipping address
- 08:04:14 [Ian]
- Sehal: In the demo we did today, if payment handler supports delegation, we do skip up
- 08:04:18 [Ian]
- s/up/UI
- 08:04:33 [Ian]
- Justin: We showed the minimal UI flow
- 08:05:24 [bryanluo]
- bryanluo has joined #wpwg
- 08:05:37 [nicktr]
- q+ to ask about minimal desktop experience
- 08:05:44 [AdrianHB]
- ian: this is getting close to previous Mozilla comments on UI risks
- 08:06:02 [michelweksler]
- q+
- 08:06:04 [AdrianHB]
- marcos: there is a lot of UX work around permissions and constraints
- 08:06:38 [Gerhard]
- q+
- 08:07:35 [Ian]
- ack nicktr
- 08:07:35 [Zakim]
- nicktr, you wanted to ask about minimal desktop experience
- 08:07:46 [bryanluo]
- bryanluo has joined #wpwg
- 08:08:02 [Ian]
- nicktr: The "minimal UI" is a special case of the special case
- 08:08:17 [Ian]
- ...if I were a Payment Method owner that was struggling to get traction across a huge installed base,
- 08:08:47 [Ian]
- ...you could offer slick 1-click experiences because you'd know, even with guest checkout, that the consumer has a primed payment handler
- 08:08:51 [Ian]
- ..this seems like a great thing
- 08:09:08 [Ian]
- ...have you done work with minimal UI on desktop?
- 08:09:33 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:09:41 [Ian]
- Justin: No not yet
- 08:09:53 [AdrianHB]
- q+
- 08:09:58 [Ian]
- michelweksler: I like the minimal UI. I am wondering if we can go even further.
- 08:10:14 [alex_liu]
- alex_liu has joined #wpwg
- 08:10:28 [Ian]
- ...is there a way for the user to say I authorize micropayments up to a certain amount?
- 08:10:31 [Ian]
- ...could be less intrusive
- 08:10:39 [Ian]
- ack michel
- 08:10:52 [Ian]
- ack Gerhard
- 08:11:11 [Ian]
- Gerhard: I have four use cases:
- 08:11:36 [Ian]
- 1) The "no user auth" use case. We've already established credibility within a bank context. You flip into it and you flip out
- 08:11:50 [Ian]
- 2) FIDO
- 08:12:04 [Ian]
- ..if the FIDO credential is in another domain, you could flip into it, do biometric, and flip back
- 08:12:50 [Ian]
- 3) Bank has an issuer wallet (there is a token + cryptogram in the native app)...needs to retrieve the cryptogram from the app
- 08:13:28 [Ian]
- 4) External device authentication (eg., browsing on desktop, authenticate via phone)
- 08:13:36 [Ian]
- q?
- 08:13:52 [Ian]
- 5) In south africa we've hooked up with mobile operators to use USSD
- 08:13:57 [jezza]
- jezza has joined #wpwg
- 08:14:28 [Ian]
- ...text-based interface; phone wakes up; you type in a number to grant consent
- 08:14:39 [Ian]
- ...we do some sim-card protection
- 08:14:50 [Ian]
- ...it works on feature phones
- 08:15:33 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:15:45 [nicktr]
- q?
- 08:16:26 [Ian]
- ack AdrianHB
- 08:16:37 [Ian]
- AdrianHB: I want the minimal UI to be more minimal
- 08:16:46 [Ian]
- ...for Web monetization, the use case is that I enroll up front
- 08:17:03 [Ian]
- ..I have a concept of a balance..and an agent in my browser making decisions about when to pay and how much
- 08:17:19 [Ian]
- ...our idea is that payment handlers are invoked, but the payment handler is not interactive
- 08:17:44 [sakiko]
- sakiko has joined #wpwg
- 08:17:54 [sakiko]
- present+
- 08:18:06 [Ian]
- q?
- 08:18:30 [vkuntz]
- vkuntz has joined #wpwg
- 08:19:14 [AdrianHB]
- ian: the payment sheet + basic-card is a variant of a minimal UI in some sense
- 08:19:27 [jeff_]
- jeff_ has left #wpwg
- 08:20:15 [AdrianHB]
- ... i.e. the sheet provides UI to the payment handler
- 08:20:28 [jezza]
- jezza has joined #wpwg
- 08:20:29 [AdrianHB]
- rouslan: that's not how we have done it now
- 08:20:52 [AdrianHB]
- ... we want to support push payments which will have a financial impact each time they are invoked
- 08:21:30 [alex_liu]
- q+
- 08:22:01 [AdrianHB]
- ian: it feels like you're doing the same thing so you could move the browser local basic-card payment handler into a "minimal UX payment handler"
- 08:22:31 [AdrianHB]
- tomasz: I like the idea of making the "basic-card" handler behave more like other handlers
- 08:23:08 [Ian]
- ack Alex
- 08:23:30 [Ian]
- Alex: I want to add onto that. Maybe comes back to the question as well for the merchant who has cards on file
- 08:23:36 [AdrianHB]
- q?
- 08:23:44 [Ian]
- ...if we could shove instruments into the sheet, that's a powerful use case for us.
- 08:24:16 [Ian]
- AdrianHB: If we just enhanced basic card so that if you passed in a list of things on file, and if the user picks one, the response data is an index back to the card that the merchant provided
- 08:24:42 [Ian]
- Alex: Passing in reference is interesting
- 08:25:24 [Ian]
- AdrianHB: I think we want to move away from using basic card. I wonder if there's a way to move an instrument into a more secure version.
- 08:26:11 [Ian]
- Tomasz: Airbnb could have its own headless payment handler that registers instruments with the browser.
- 08:27:13 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:28:14 [norie]
- norie has joined #wpwg
- 08:28:37 [Ian]
- Topic: Connecting guest checkout with signup
- 08:29:08 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:29:47 [AdrianHB]
- michelweksler: Can we unify the guest checkout + website sign-up?
- 08:30:40 [Ian]
- ...can we tie it together with authentication?
- 08:30:49 [nicktr]
- q+
- 08:30:59 [Ian]
- ....info about user, information about credentials, what's needed to use them in the future
- 08:31:04 [Ian]
- ack nicktr
- 08:31:21 [jezza]
- jezza has joined #wpwg
- 08:31:22 [agektmr]
- q+
- 08:31:40 [Giulio]
- Giulio has joined #wpwg
- 08:31:45 [Ian]
- on this site"
- 08:32:01 [Ian]
- NickTR: There is a trusted site concept in PSD2 flows
- 08:32:04 [Ian]
- s/on this site"//
- 08:32:07 [Ian]
- q?
- 08:32:07 [rouslan]
- q+
- 08:32:10 [Giulio]
- q+
- 08:32:35 [Ian]
- mweksler: I am thinking more about unifying the flow of identifying yourself with the payment step and future login step
- 08:33:23 [Ian]
- ...maybe merchant says "I also want to create an account for the user"
- 08:34:20 [nicktr]
- q+ marcos
- 08:34:22 [rouslan]
- q?
- 08:34:41 [Ian]
- AdrianHB: I hear two use cases:
- 08:34:41 [Ciicley]
- q+ for Marcos
- 08:34:58 [Ian]
- - Sign up and consent to my profile being used for payment later
- 08:35:17 [Ian]
- - When making a payment agree to terms of service as well
- 08:35:24 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:35:52 [jezza]
- jezza has joined #wpwg
- 08:35:55 [Ian]
- agektmr: I think it's interesting to add a password option so user can create account with new password easily
- 08:36:12 [Ian]
- ...important to make clear to user the info is being used for signup
- 08:36:13 [Ian]
- q?
- 08:36:38 [nicktr]
- ack agektmr
- 08:36:47 [justin_toupin]
- justin_toupin has joined #wpwg
- 08:37:06 [Ian]
- AdrianHB: Right now PR API allows merchant to request email. The merchant should be able to tell the browser to tell the user that data will be used to create an account as well
- 08:37:18 [Ian]
- ...that is, make it easier to create an account as part of checkout
- 08:37:44 [Ian]
- Tony: In a PSD2 situation, I may want to go to the information provider to get that information
- 08:38:36 [Ian]
- AdrianHB: Question is whether we can enhance API to support authentication and later log-in
- 08:38:39 [Roy_]
- q+
- 08:38:52 [AdrianHB_]
- AdrianHB_ has joined #wpwg
- 08:39:07 [Ian]
- Rouslan: Can you tell me what you would do instead of a password? FIDO? Or OAuth into google or facebook? Or password generation?
- 08:39:28 [Ian]
- mweksler: We have building blocks to not do passwords. We could use OAuth or WebAuthn or other
- 08:39:47 [Ian]
- ..what I'm seeing is an opportunity to tie things together
- 08:40:22 [Ian]
- Alex: You could delay password creation to later
- 08:40:40 [Ian]
- Mweksler: There's an opportunity to get rid of passwords and use WebAuthn
- 08:40:43 [Ian]
- q?
- 08:40:57 [Ian]
- zakim, close the queue
- 08:40:57 [Zakim]
- ok, Ian, the speaker queue is closed
- 08:41:34 [Ian]
- Rouslan: So I'm imagining that in the sheet has an action button that says "Pay and Create Account"
- 08:43:33 [Ian]
- mweksler: Need also to be able to provide access to terms of service agreed to for sign-up
- 08:43:36 [Roy_]
- q-
- 08:43:41 [AdrianHB_]
- ack rouslan
- 08:43:41 [Ian]
- ...in short: let's do all things at once rather than serially
- 08:44:06 [Ian]
- Rouslan: If we build this, will you start using this?
- 08:44:31 [Ian]
- mweksler: This is one of the things that the team that evaluated PR API were looking at as a key benefit
- 08:44:39 [Ian]
- ...if they had had this feature they would have used it
- 08:44:55 [Ian]
- Alex: One of the biggest priorities is the guest checkout experience
- 08:45:43 [Ian]
- Alex: The high priority is getting the payment and signup done
- 08:46:00 [Ian]
- ...once the user has paid and has an active reservation, it's easier to ask the user to provide data
- 08:46:11 [AdrianHB_]
- ack giulio
- 08:46:16 [Ian]
- ...but if you have to get all the data in advance, it's less likely the user will complete the reservation
- 08:46:26 [Ian]
- Giulio: With Apple Pay we are big pay of guest checkout
- 08:46:46 [Ian]
- ...we have several implementations that can accomplish this goal.
- 08:46:49 [nicktr]
- s/big pay/big fans/
- 08:46:57 [Ian]
- ...get the payment and then use the info to create an account
- 08:47:08 [Ian]
- ....the big question is what's the data: password? birthday?
- 08:47:46 [Ian]
- ...there are several examples of this sort of thing being done
- 08:48:04 [Ian]
- ...we have some examples where at end of payment a "silent account" was created without a password
- 08:48:14 [Ian]
- ...but we've moved away from that.
- 08:48:44 [Ian]
- ...for a while the approach was to add a password after the payment. ... but now we are moving toward "sign in with apple"
- 08:48:49 [Ian]
- q?
- 08:48:54 [Ian]
- ack marcos
- 08:49:19 [Ian]
- Marcos: For Airbnb you may need to send passport photo.
- 08:49:31 [Ian]
- ...at some point we are going to end up at just another browser tab
- 08:49:59 [Ian]
- ...I am concerned that payment handlers become too heavy....we have APIs to achieve some of these things already
- 08:50:33 [Ian]
- ....do we just need an overlay browser context for payment handlers?
- 08:50:58 [Ian]
- ...we want to be able to do logins on the Web....I think we all want to solve that problem
- 08:51:07 [Ian]
- ack Cicely
- 08:51:10 [Ian]
- ack Cilc
- 08:51:13 [Ian]
- ack Cii
- 08:51:13 [Zakim]
- Ciicley, you wanted to discuss Marcos
- 08:51:15 [nicktr]
- ack Ciicley
- 08:51:18 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:52:00 [alex_liu]
- alex_liu has joined #wpwg
- 08:52:45 [alex_liu]
- alex_liu has joined #wpwg
- 08:53:12 [Ian]
- NickTR: Dinner at 7pm. Thanks everyone for concentration today!
- 08:53:31 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 08:54:25 [mweksler]
- mweksler has joined #wpwg
- 09:00:08 [bryanluo]
- bryanluo has joined #wpwg
- 09:02:53 [bryanluo_]
- bryanluo_ has joined #wpwg
- 09:07:16 [benoit]
- benoit has joined #wpwg
- 09:20:49 [AdrianHB]
- AdrianHB has joined #wpwg
- 09:33:42 [jezza]
- jezza has joined #wpwg
- 09:34:36 [alex_liu]
- alex_liu has joined #wpwg
- 10:15:34 [jessie]
- jessie has joined #wpwg
- 11:16:23 [Zakim]
- Zakim has left #wpwg
- 11:25:43 [benoit]
- benoit has joined #wpwg
- 12:14:20 [AdrianHB]
- AdrianHB has joined #wpwg
- 12:15:33 [alex_liu]
- alex_liu has joined #wpwg
- 12:17:40 [alex_liu]
- alex_liu has joined #wpwg
- 13:06:57 [bryanluo]
- bryanluo has joined #wpwg
- 13:24:36 [rouslan]
- rouslan has joined #wpwg
- 14:07:37 [rouslan]
- rouslan has joined #wpwg
- 14:20:30 [bryanluo]
- bryanluo has joined #wpwg
- 14:44:31 [rouslan]
- rouslan has joined #wpwg
- 15:04:05 [alex_liu]
- alex_liu has joined #wpwg
- 16:14:55 [stpeter]
- stpeter has joined #wpwg
- 16:30:33 [marcosc]
- marcosc has joined #wpwg
- 16:46:46 [marcosc]
- marcosc has joined #wpwg
- 16:48:06 [marcosc]
- marcosc has joined #wpwg
- 17:22:54 [marcosc]
- marcosc has joined #wpwg
- 18:03:00 [rouslan]
- rouslan has joined #wpwg
- 18:24:37 [marcosc]
- marcosc has joined #wpwg
- 19:30:15 [marcosc]
- marcosc has joined #wpwg
- 20:12:22 [rouslan]
- rouslan has joined #wpwg
- 20:32:14 [marcosc]
- marcosc has joined #wpwg
- 21:08:01 [rouslan]
- rouslan has joined #wpwg
- 21:33:06 [marcosc]
- marcosc has joined #wpwg
- 21:43:43 [marcosc_]
- marcosc_ has joined #wpwg
- 22:06:46 [rouslan]
- rouslan has joined #wpwg
- 22:38:36 [marcosc]
- marcosc has joined #wpwg
- 22:54:20 [rouslan]
- rouslan has joined #wpwg
- 23:00:28 [justin_toupin]
- justin_toupin has joined #wpwg
- 23:42:24 [bryanluo]
- bryanluo has joined #wpwg
- 23:43:13 [takashi]
- takashi has joined #wpwg
- 23:44:02 [norie]
- norie has joined #wpwg
- 23:44:17 [Masa_JCB]
- Masa_JCB has joined #wpwg
- 23:44:40 [bryanluo_]
- bryanluo_ has joined #wpwg
- 23:45:51 [alex_liu]
- alex_liu has joined #wpwg
- 23:46:58 [AdrianHB]
- AdrianHB has joined #wpwg
- 23:51:33 [jezza]
- jezza has joined #wpwg
- 23:52:31 [cwarnier]
- cwarnier has joined #wpwg
- 23:52:55 [gildas]
- gildas has joined #wpwg
- 23:54:34 [mweksler]
- mweksler has joined #wpwg
- 23:57:00 [Fawad]
- Fawad has joined #wpwg
- 23:57:51 [Cheryl_M]
- Cheryl_M has joined #wpwg
- 23:57:52 [Vishal-Expedia]
- Vishal-Expedia has joined #wpwg
- 23:57:56 [pranjal]
- pranjal has joined #wpwg
- 23:58:49 [benoit]
- benoit has joined #wpwg
- 00:03:05 [bryanluo]
- bryanluo has joined #wpwg
- 00:03:18 [AdrianHB]
- AdrianHB has joined #wpwg
- 00:03:20 [jezza]
- jezza has joined #wpwg
- 00:03:45 [krystosterone]
- krystosterone has left #wpwg
- 00:03:47 [Masa_JCB]
- Masa_JCB has joined #wpwg
- 00:03:55 [krystosterone]
- krystosterone has joined #wpwg
- 00:04:07 [dave2037]
- dave2037 has joined #wpwg
- 00:05:41 [jfontana]
- jfontana has joined #wpwg
- 00:05:41 [jeff]
- jeff has joined #wpwg
- 00:05:44 [rouslan]
- rouslan has joined #wpwg
- 00:06:01 [jfontana]
- present+
- 00:06:23 [Ciciley]
- Ciciley has joined #wpwg
- 00:06:27 [Sophie]
- Sophie has joined #wpwg
- 00:06:31 [Ciciley]
- Present+
- 00:07:00 [frank]
- frank has joined #wpwg
- 00:07:04 [Fawad]
- present +
- 00:07:29 [Zakim]
- Zakim has joined #wpwg
- 00:07:32 [Ian]
- RRSAGENT
- 00:07:34 [Ian]
- invite RRSAGENT
- 00:07:57 [Ian]
- Meeting: Web Payments Working Group
- 00:08:02 [Ian]
- Chair: Nick Telford-Ree
- 00:08:10 [vkuntz]
- vkuntz has joined #wpwg
- 00:08:18 [vkuntz]
- present+
- 00:08:21 [Ian]
- Agenda: https://github.com/w3c/webpayments/wiki/FTF-Agenda-201909
- 00:08:24 [Ian]
- present+ jfontana
- 00:08:26 [Ian]
- present+ Ciciley
- 00:08:29 [Ian]
- present+ Fawad
- 00:08:35 [nicktr]
- present+ nicktr
- 00:08:49 [Ian]
- present+
- 00:09:03 [krystosterone]
- present+
- 00:09:09 [Ian]
- Topic: Merchant/Consumer Pain Points
- 00:09:11 [jezza]
- jezza has joined #wpwg
- 00:10:50 [gildas]
- present+
- 00:10:53 [alex_liu]
- present+
- 00:11:04 [benoit]
- present+
- 00:11:04 [heejin]
- heejin has joined #wpwg
- 00:11:05 [mweksler]
- present+
- 00:11:07 [jezza]
- present+
- 00:11:09 [Sophie]
- present+
- 00:11:09 [frank]
- present+
- 00:11:12 [agektmr]
- agektmr has joined #wpwg
- 00:11:12 [Roy]
- Roy has joined #wpwg
- 00:11:13 [heejin]
- present+
- 00:11:15 [jonathan]
- jonathan has joined #wpwg
- 00:11:15 [dave2037]
- present+
- 00:11:15 [Roy]
- present+
- 00:11:16 [jungkees]
- present+
- 00:11:16 [Vishal-Expedia]
- present+
- 00:11:16 [Fawad]
- present+
- 00:11:17 [agektmr]
- present+
- 00:11:19 [Cheryl_M]
- present+
- 00:11:19 [cwarnier]
- present+
- 00:11:20 [jonathan]
- present+
- 00:11:21 [justin_toupin]
- present+
- 00:11:25 [rouslan]
- present+
- 00:11:26 [Ian]
- rrsagent, this meeting spans midnight
- 00:11:28 [Giulio]
- Giulio has joined #wpwg
- 00:11:31 [tomasz]
- tomasz has joined #wpwg
- 00:11:35 [florent]
- florent has joined #wpwg
- 00:11:35 [Giulio]
- present+
- 00:11:37 [wanli]
- wanli has joined #wpwg
- 00:11:41 [tomasz]
- present+
- 00:11:41 [florent]
- present+
- 00:11:47 [bryanluo]
- bryanluo has joined #wpwg
- 00:11:48 [dezell]
- dezell has joined #wpwg
- 00:11:50 [wanli]
- present+
- 00:11:53 [nicktr]
- scribenick: nicktr
- 00:12:00 [dezell]
- present+
- 00:12:19 [nicktr]
- Topic: Consumer and Merchant pain points
- 00:12:20 [bryanluo]
- present+
- 00:12:24 [sakiko]
- sakiko has joined #wpwg
- 00:12:31 [sakiko]
- present+
- 00:12:38 [JV]
- JV has joined #WPWG
- 00:12:57 [nicktr]
- Ian: Our first session comes after a suggestion from Lawrence Cheng
- 00:13:23 [nicktr]
- ...We have collated information about both consumer and merchant painpoints
- 00:13:38 [estes]
- estes has joined #wpwg
- 00:13:43 [nicktr]
- ...Later we will run some mini-breakouts
- 00:13:45 [estes]
- present+
- 00:13:48 [JV]
- present+
- 00:13:51 [AdrianHB]
- present+
- 00:14:13 [nicktr]
- [Slides] -> https://www.w3.org/2019/Talks/ij-painpoints-201909/#start
- 00:14:46 [nicktr]
- [Slide - painpoints at checkout]
- 00:16:07 [nicktr]
- Ian - I think we have done pretty well on tackling many of these points
- 00:16:24 [AdrianHB]
- present+ dongwoo
- 00:16:30 [nicktr]
- Lawrence - I am sure we can add to these
- 00:16:55 [nicktr]
- Lawrence: We should look at these with a "pinch of salt"
- 00:17:00 [vkuntz]
- vkuntz has joined #wpwg
- 00:17:08 [nicktr]
- ...and what is the wider context
- 00:17:23 [nicktr]
- ...and does payment request address these?
- 00:17:45 [jezza]
- jezza has joined #wpwg
- 00:17:55 [nicktr]
- Ian: Would be great to collate more point points from the group (invites colleagues to contribute via IRC)
- 00:17:57 [nicktr]
- q?
- 00:18:43 [maxh]
- maxh has joined #wpwg
- 00:19:04 [html5cat]
- html5cat has joined #wpwg
- 00:19:04 [nicktr]
- Vincent: shipping options/addresses for smaller countries are often not well provided for
- 00:19:27 [nicktr]
- [Slide - trust, security and privacy]
- 00:19:27 [vkuntz]
- vkuntz has joined #wpwg
- 00:20:23 [nicktr]
- Ian: We may not be able to do so much on these topics
- 00:21:00 [nicktr]
- vkuntz: the bigger online sellers are not present in Belgium (for example) and do not ship there
- 00:21:11 [rouslan]
- q+
- 00:21:26 [nicktr]
- ...but often the consumer doesn't know about this till the end of checkout
- 00:21:42 [jezza]
- jezza has joined #wpwg
- 00:21:56 [nicktr]
- ack rouslan
- 00:22:04 [vkuntz]
- Pain points: shipping location not indicated upfront - shipping actually not possible to a specific country
- 00:22:27 [nicktr]
- rouslan: vkuntz's use case is very interesting
- 00:22:53 [nicktr]
- ...I would probably start by geo-locating the IP address of the consumer and display a warning
- 00:23:44 [nicktr]
- yyyy: what does best practise look like with payment request?
- 00:24:00 [AdrianHB]
- s/yyyy/ciciley/
- 00:24:08 [nicktr]
- Ian: we have some developer documentation but happy to add that to the list
- 00:24:39 [AdrianHB]
- [group takes moment to pat itself on the back]
- 00:25:00 [nicktr]
- ian: next we look at merchant painpoints
- 00:25:24 [nicktr]
- [back to slides - payments and checkout]
- 00:25:44 [Vishal-Expedia]
- q+
- 00:25:49 [nicktr]
- ian: redirection to hosted payment page is called out as poor user experience
- 00:26:21 [nicktr]
- ack Vishal-Expedia
- 00:26:52 [nicktr]
- vishal-expedia: how does Payment Request deal with the hosted payment page challenge?
- 00:27:21 [nicktr]
- ian: here's a demo
- 00:27:39 [nicktr]
- [demo appears in japanese]
- 00:28:15 [nicktr]
- ian: payment handlers solve for this. User doesn't lose the merchant context
- 00:28:54 [nicktr]
- Vishal-Expedia: what about 3DS 2.x?
- 00:28:59 [rouslan]
- q+
- 00:29:07 [Ciciley]
- q+ comment: there are concerns about issuer approval rates as well
- 00:29:26 [marcosc]
- marcosc has joined #wpwg
- 00:29:33 [nicktr]
- ian: the security task force is looking at this - in short it's tackled by the improved experience of handler
- 00:30:09 [nicktr]
- rouslan: payment handleris treated like a full page redirect but appears as an overlay
- 00:30:21 [nicktr]
- ack rouslan
- 00:30:21 [benoit]
- q+
- 00:30:30 [nicktr]
- ack Ciciley
- 00:31:04 [nicktr]
- Ciciley: the other pain point is that stronger authentication negatively affects approval rates
- 00:31:35 [nicktr]
- ...most merchants are frustrated about why transactions are being declined (cards)
- 00:32:29 [nicktr]
- jonathan: the point of 3DS2 is to provide better scorer to the issuer but this information may not be known to the merchant
- 00:32:40 [nicktr]
- s/scorer/scores/
- 00:32:52 [nicktr]
- ...so the expectation is that approval rates should improve
- 00:32:56 [nicktr]
- q?
- 00:33:47 [Ian]
- David: Login while traveling a pain point
- 00:33:48 [nicktr]
- benoit: I think the demo showed a good pain point - localisation which might not be appropriate
- 00:34:22 [nicktr]
- ...but also if the issuer doesn't step up the authentication and then declines the subsequent tx then that really sucks
- 00:34:50 [nicktr]
- ian: on trust/security, payment handler attempts to reduce the complexity/cost of providing more secure experiences
- 00:35:12 [nicktr]
- q+
- 00:35:16 [nicktr]
- ack benoit
- 00:35:35 [nicktr]
- lawrence: on security, I think the key is "that work for customers"
- 00:35:41 [Ciciley]
- q+ comment friendly fraud
- 00:35:52 [nicktr]
- ...also would be good to talk about firendly fraud
- 00:35:57 [Ian]
- ack nicktr
- 00:36:03 [Ian]
- scribenick: Ian
- 00:36:24 [Ian]
- Ciciley: Lawrence, I was queued up to talk about friendly fraud.
- 00:36:36 [nicktr]
- q?
- 00:36:44 [Ian]
- ...I think it's appropriate for this group to figure out during auth to figure out it's the "parent not the child"
- 00:37:10 [Ian]
- ...where issuer thinks parent authorized a transaction, then the bank is liable and they'd like to reduce that
- 00:37:16 [Ian]
- ...too many Fortnite purchases.
- 00:37:32 [Ian]
- ....that's another step in the right direction....ensuring the right person is authorizing the transaction.
- 00:37:39 [jonathan]
- q+
- 00:37:41 [Ian]
- ack Nick
- 00:37:55 [html5cat]
- What is "friendly fraud"?
- 00:37:57 [Ian]
- NickTR: People would be shocked at the size of the friendly fraud problem, e.g., on the order or 40%
- 00:38:03 [Ian]
- ...or "buyer regret"
- 00:38:42 [vkuntz_]
- vkuntz_ has joined #wpwg
- 00:38:54 [Ian]
- NickTR: Many children can unlock their parents' phones
- 00:39:03 [Ian]
- ...I think it's something that would be hard for us to trackle.
- 00:39:08 [Ian]
- s/trackle/tackle
- 00:39:33 [Ian]
- ..I note also that some payment mechanisms (non-card) do not include chargeback mechanisms
- 00:39:37 [Ian]
- q?
- 00:39:54 [Ian]
- ack Jonathan
- 00:39:55 [nicktr]
- q?
- 00:40:00 [Masa_JCB]
- Masa_JCB has joined #wpwg
- 00:40:02 [Ian]
- Jonathan: I think the use of WebAuthn and biometrics helps a lot
- 00:40:26 [Ian]
- ...the problem we have with device biometrics is that there is no way to link to a specific individual
- 00:40:33 [wonsuk]
- wonsuk has joined #wpwg
- 00:40:49 [wonsuk]
- present+ Wonsuk_Lee
- 00:40:55 [Ian]
- ...if there were a way for a given transaction to have more specific authentication, that could be interesting
- 00:40:56 [nicktr]
- q?
- 00:40:57 [Ian]
- present+
- 00:42:00 [benoit]
- unlocking a device and authenticating payment should be different things
- 00:42:05 [nicktr]
- scribenick: nicktr
- 00:42:08 [Vishal-Expedia]
- q+
- 00:42:40 [nicktr]
- lawrence: if we could crack some of these points, then we could give ourselves a real leg-up in getting merchant adoption
- 00:42:56 [nicktr]
- ...so the question is do we see any USPs in payment request
- 00:43:25 [nicktr]
- ian: for our webauthn colleagues in the room, are you looking at this issue of more personalised ID?
- 00:43:43 [Vishal-Expedia]
- Unique Selling Point
- 00:43:53 [nicktr]
- zzzz: it's something we've looked at - many platforms are missing the ability
- 00:44:17 [Ian]
- (IJ hears: "segmenting biometric templates" raises usability issues)
- 00:44:37 [nicktr]
- zzzz: we may end up with a system that is too complex for consumers to use
- 00:44:58 [nicktr]
- xxxx: it's the individualistic biometrics that are difficult
- 00:45:20 [nicktr]
- zzzz: you could have separate hardware tokens for different users
- 00:45:33 [benoit]
- q+
- 00:45:49 [nicktr]
- zzzz: once you have multiple templates on a single device, it gets very difficult to understand
- 00:46:39 [Ian]
- ack Vishal-Expedia
- 00:46:41 [nicktr]
- zzzz: and it's difficult to design biometric systems which are not defeatable
- 00:47:12 [nicktr]
- vishal: it's not just kids - also criminals forcing users to biometrically authenticate
- 00:47:19 [Ian]
- Vishal: Netflix does this well - ok to have friction to set up new profile
- 00:47:28 [Ian]
- ...they ensure there's a kids profile
- 00:47:33 [Ian]
- q?
- 00:48:14 [Ian]
- Jonathan: You can have different profiles, but the same biometrics can access the profiles
- 00:48:39 [Ian]
- zzzz: On newest Android, and where not blocked by carriers, templates are available
- 00:48:41 [Ian]
- q?
- 00:48:44 [Ian]
- ack benoit
- 00:49:00 [Ian]
- benoit: Multiple profiles on the phone is a good concept but agree with usability challenge
- 00:49:02 [dezell]
- q+
- 00:49:25 [Ian]
- ...I think the real solution to this (but not necessarily for this WG)....I could set up a flag on a biometric "this fingerprint cannot be used to authorized payments"
- 00:49:32 [Ian]
- ack de
- 00:50:20 [Ian]
- dezell: Some pain points for us at Conexxus:
- 00:50:24 [Ian]
- - EMV at the pump
- 00:50:28 [jezza]
- jezza has joined #wpwg
- 00:50:32 [rouslan]
- q?
- 00:50:34 [Ian]
- - Second generation EMV
- 00:50:50 [nicktr]
- +1 for better granularity of control of permissions granted to specific biometrics (but consumers are unlikely to set up)
- 00:50:59 [Ian]
- - SRC seems ok but Conexxus members still waiting to see how works with PR API
- 00:51:37 [jonathan]
- +1 for better granularity as well
- 00:51:51 [Ian]
- - Anticipate more remote payments (e.g., barcode based payments)
- 00:52:25 [Ian]
- dezell: I think this group has done a great job, industry has evolved since we started this work; and this group has not done harm! :)
- 00:53:24 [Ian]
- dezell: Merchants need more consumer data; but GPDR and and California rules make it challenging
- 00:53:31 [nicktr]
- scribenick: nicktr
- 00:53:36 [nicktr]
- ian: back to the slides
- 00:54:20 [nicktr]
- ian: integration is complex - we heard yesterday from AirBnB that it would be great to do more (like sign up) with PR
- 00:54:57 [nicktr]
- q?
- 00:55:41 [nicktr]
- [rules and regulations]
- 00:56:49 [nicktr]
- ian: we have a lot of items on our backlog for shipping
- 00:57:01 [sakiko]
- sakiko has joined #wpwg
- 00:57:07 [sakiko]
- present+
- 00:57:21 [jezza]
- jezza has joined #wpwg
- 00:58:17 [nicktr]
- ian: but we have not looked (to date) at a lot of new features because the consensus was to finish v1 first
- 00:58:21 [html5cat]
- present+
- 00:58:52 [nicktr]
- ian: let's organise into 4 groups and prioritise this list of 16 pain points
- 00:58:52 [html5cat]
- q
- 00:58:57 [html5cat]
- q+
- 00:59:08 [nicktr]
- q?
- 00:59:37 [nicktr]
- ack html5cat
- 01:00:04 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 01:00:40 [jezza]
- jezza has joined #wpwg
- 01:00:45 [nicktr]
- html5cat: at Puma browser, we would like to see if our browser could be helpful for some of these painpoints - we are not bound by the incumbent user bases of the big browsers
- 01:00:47 [rouslan]
- +1
- 01:00:54 [nicktr]
- ...we can innovate quickly
- 01:01:05 [jezza]
- jezza has joined #wpwg
- 01:01:31 [nicktr]
- [breakouts occur]
- 01:03:51 [jessie]
- jessie has joined #wpwg
- 01:03:53 [html5cat]
- my email is yuriy@pumabrowser.com if anything and our site is https://www.pumabrowser.com . I'll be at Coil sponsor booth if you're at TPAC in-person.
- 01:18:30 [bryanluo]
- bryanluo has joined #wpwg
- 01:22:25 [mweksler]
- mweksler has joined #wpwg
- 01:24:21 [marcosc]
- marcosc has joined #wpwg
- 01:27:11 [frank]
- frank has joined #wpwg
- 01:33:46 [rouslan]
- rouslan has joined #wpwg
- 01:34:17 [bryanluo]
- bryanluo has joined #wpwg
- 01:34:24 [jessie]
- jessie has joined #wpwg
- 01:40:22 [pranjal]
- pranjal has joined #wpwg
- 01:45:57 [jezza]
- jezza has joined #wpwg
- 01:46:45 [jessie]
- jessie has joined #wpwg
- 01:47:55 [pranjal]
- pranjal has joined #wpwg
- 01:50:04 [bryanluo]
- bryanluo has joined #wpwg
- 01:52:57 [dezell]
- dezell has joined #wpwg
- 01:54:14 [pranjal_]
- pranjal_ has joined #wpwg
- 01:54:58 [pranjal_]
- pranjal_ has joined #wpwg
- 01:55:01 [HirokiEndo]
- HirokiEndo has joined #wpwg
- 01:55:19 [HirokiEndo]
- HirokiEndo has left #wpwg
- 01:55:25 [pranjal]
- pranjal has joined #wpwg
- 01:55:26 [bryanluo]
- bryanluo has joined #wpwg
- 01:56:25 [HirokiEndo]
- HirokiEndo has joined #wpwg
- 01:57:56 [mweksler]
- mweksler has joined #wpwg
- 02:00:36 [hendo]
- hendo has joined #wpwg
- 02:01:27 [michelweksler]
- michelweksler has joined #wpwg
- 02:03:23 [frank]
- frank has joined #wpwg
- 02:03:47 [jonathan]
- jonathan has joined #wpwg
- 02:04:29 [AdrianHB]
- AdrianHB has joined #wpwg
- 02:04:52 [Masa-JCB]
- Masa-JCB has joined #wpwg
- 02:04:55 [takashi]
- takashi has joined #wpwg
- 02:05:39 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 02:05:51 [Ian]
- Topic: Review of pain point breakout findings
- 02:05:56 [Ian]
- -> https://www.w3.org/2019/09/wpwg-ftf/ Images
- 02:06:40 [Ian]
- scribenick: Ian
- 02:07:18 [Gerhard]
- Gerhard has joined #wpwg
- 02:07:20 [Gerhard]
- present+
- 02:08:31 [Ian]
- -> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp1.jpg Adrian's group
- 02:08:43 [Ian]
- AdrianHB: We thought everything was important
- 02:08:48 [Fawad]
- Fawad has joined #wpwg
- 02:08:58 [Ian]
- ...a common theme was that a lot of pain points could be addressed through more widespread use of payment handlers
- 02:09:54 [jv]
- jv has joined #wpwg
- 02:10:07 [urata]
- urata has joined #wpwg
- 02:10:47 [gildas]
- gildas has joined #wpwg
- 02:11:27 [marcosc]
- marcosc has joined #wpwg
- 02:11:37 [tobie]
- present+
- 02:12:48 [Ian]
- -> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp2.jpg Ian's group
- 02:12:59 [Ian]
- -> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp3.jpg Lawrence's group
- 02:13:21 [Ian]
- Lawrence: For global players, simplifying cross-border important and difficult
- 02:13:40 [Ian]
- ....for local merchants that do export today, there are not a lot of options for them to do cross-border payments and it can be expensive
- 02:14:06 [Ian]
- ...at the same time, we have situation with wallet players for cross-border payments....the volumes are quite low (e.g., Chinese tourists using Apple Pay today)
- 02:14:23 [Ian]
- ..the other one I want to point out is "optimal speed for checkout"...not too fast/too slow
- 02:14:39 [Ian]
- ...for new-to-merchant consumers we thought it was important but somewhat difficult
- 02:15:10 [Ian]
- ..but for returning customers, as important but not as difficult
- 02:15:20 [Ian]
- Ian: We also talked about not too fast/not too slow
- 02:15:36 [Ian]
- Lawrence: We observed our goal ultimately is imperative conversion and reduce chargebacks.
- 02:15:56 [Ian]
- ....to be able to tick the box that we have succeeded we need to be able to show scale
- 02:16:11 [Ian]
- -> https://www.w3.org/2019/09/wpwg-ftf/wpwg-pp4.jpg Nick's group
- 02:16:31 [Ian]
- Rouslan: We had some challenge figuring out who this was related to (difficult for whom? important to whom?)
- 02:16:43 [Ian]
- ...maybe privacy would be super important to users if more was communicated to them.
- 02:17:20 [Ian]
- ...on the other hand, in terms of difficulty, some things may be difficult for PSPs today, but some things might be shifted to UAs through web payments
- 02:17:30 [Ian]
- ...our process was first to figure out what was important, then we assigned difficulty
- 02:17:34 [Ian]
- [Ian: We did that as well]
- 02:18:34 [Ian]
- ....we had some confusion around "account-free checkout"
- 02:18:40 [Ian]
- ...who is the account with?
- 02:19:08 [Ian]
- ...I think the most difficult things to figure out are things that are product challenges (moreso than engineering challenges)
- 02:19:28 [Ian]
- ...so reduce auth friction and speed up checkout...those are great...it requires a lot of experimentation and user studies to do this well
- 02:19:37 [Ian]
- ...so it's actually quite challenging to do in practice
- 02:20:00 [nicktr]
- q?
- 02:20:33 [jezza]
- jezza has joined #wpwg
- 02:21:01 [Ciciley]
- Ciciley has joined #wpwg
- 02:21:13 [Ciciley]
- present+
- 02:21:17 [Ian]
- Ian: Next steps - four of us synthesize and report back
- 02:21:20 [Ian]
- Topic: Rechartering
- 02:23:11 [nicktr]
- Topic: Rechartering
- 02:28:25 [vkuntz_]
- q+ to note that Credit Transfers will probably become more relevant with PSD2 in Europe
- 02:32:17 [rouslan]
- q+
- 02:32:26 [marcosc]
- q+
- 02:33:14 [rouslan]
- q++++
- 02:33:26 [rouslan]
- q- +++
- 02:33:34 [michelweksler]
- lol
- 02:34:40 [Giulio]
- Giulio has joined #wpwg
- 02:35:47 [nicktr]
- q- ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 02:36:10 [Gerhard]
- q+
- 02:36:12 [Ian]
- ack vkuntz_
- 02:36:12 [Zakim]
- vkuntz_, you wanted to note that Credit Transfers will probably become more relevant with PSD2 in Europe
- 02:36:32 [nicktr]
- Lawrence: can we have a table showing the possible and actual combinations of browsers and payment methods?
- 02:36:37 [AdrianHB]
- lawrence: can we table the combinations of browser and payment method that we expect to work/not work?
- 02:36:58 [Ian]
- ack rouslan
- 02:37:24 [nicktr]
- Rouslan: Chrome's position is to support as many options as possible
- 02:37:52 [nicktr]
- ...so we'd like to see no tie-in between handler and browser
- 02:37:59 [nicktr]
- ...though that isn't the current reality
- 02:38:04 [Ian]
- scribenick: Ian
- 02:38:18 [saschanaz]
- saschanaz has joined #wpwg
- 02:38:28 [Ian]
- nicktr: Payment handlers can help localize the user experience; there's now way that a browser is going to adapt to all the local requirements
- 02:38:33 [Ian]
- ...so payment handlers are the future
- 02:38:34 [nicktr]
- rouslan: we think the future is more payment handlers - especially for edge case
- 02:38:38 [Ian]
- s/nicktr:/rouslan:
- 02:38:56 [nicktr]
- rouslan: basic card isn't really implemented anywhere but Chrome
- 02:38:57 [Ian]
- rouslan: We can probably stop working on Basic Card.
- 02:39:03 [Ian]
- w?
- 02:39:06 [Ian]
- q?
- 02:39:07 [Ian]
- ack mar
- 02:39:11 [nicktr]
- ...but we could probably stop supporting it
- 02:39:20 [sakiko]
- sakiko has joined #wpwg
- 02:39:25 [Sophie_]
- Sophie_ has joined #wpwg
- 02:39:28 [sakiko]
- present+
- 02:39:29 [Ian]
- marcosc: We think that basic card is "worth it" but it's challenging to do well; we had about 10 people working on it
- 02:39:47 [Ian]
- ...if anyone out there wants to be the Basic Card provider for FF, contact me!
- 02:39:56 [nicktr]
- q?
- 02:40:17 [Ian]
- marcosc: I agree that having multiple payment handlers would be ideal
- 02:40:37 [nicktr]
- q?
- 02:40:39 [Ian]
- ...FF would need resources to do and maintain Basic Card.
- 02:40:41 [Ian]
- ack Gerhard
- 02:40:44 [nicktr]
- ack Gerhard
- 02:40:48 [Ian]
- Gerhard: I think Basic Card is useful.
- 02:40:59 [Ian]
- ...regarding SRC subsuming 3DS and tokenization
- 02:41:23 [Ian]
- ...all three of them are "optional" and "interoperable" but need not be used all together
- 02:41:41 [jezza]
- jezza has joined #wpwg
- 02:41:47 [Ian]
- ...it's important for me and I think the industry that with PR API that the flexibility be maintained
- 02:42:06 [nicktr]
- q?
- 02:42:07 [Ian]
- ...I agree that the 3 together would be a beautiful symphony, but don't assume merchants will demand to use all three of them.
- 02:42:15 [benoit]
- q+
- 02:42:21 [urata_]
- urata_ has joined #wpwg
- 02:42:22 [jv]
- q+
- 02:42:37 [Ian]
- Jungkee: I agree with how Ian captured the spec status in Edge.
- 02:42:53 [Ian]
- ...we support the idea of supporting multiple payment handlers. We don't have any plans to disable any payment handlers.
- 02:43:00 [Ian]
- ...regarding Basic Card, Edge already supports it.
- 02:43:37 [Ian]
- ...I see no reason to stop working on Basic Card
- 02:43:40 [Ian]
- q?
- 02:44:10 [AdrianHB]
- q+ to distinguish between basic-card and the need for basic-card handler built into browsers
- 02:44:38 [Ian]
- Jungkee: It's an ongoing discussion with MS about relationship to MS Wallet; but I don't have any updates about MS Pay
- 02:44:59 [rouslan]
- q+
- 02:45:04 [jbarclay]
- jbarclay has joined #wpwg
- 02:45:06 [rouslan]
- q-
- 02:45:09 [rouslan]
- q+ justin
- 02:45:11 [Ian]
- Jungkee: So we'd like to figure out how to further promote PR API
- 02:45:14 [dwim]
- dwim has joined #wpwg
- 02:45:21 [Ian]
- ...including more communication with customers, merchants, partners
- 02:45:41 [Ian]
- ...are there good ways to approach merchants let's discuss
- 02:45:56 [Ian]
- q?
- 02:46:24 [Ian]
- dongwoo: Here's a status update from Samsung - we also support Basic Card in Samsung Internet browser.
- 02:46:37 [Ian]
- ...so I think Basic Card remains useful and we should at least maintain this as a solution
- 02:46:43 [Ian]
- ...Samsung Pay also works on Android.
- 02:46:58 [Ian]
- ...and we're happy to work with other browsers and other collaborations with payment handlers
- 02:47:01 [Ian]
- ack benoit
- 02:47:44 [Ian]
- benoit: Will SRC be required for all issuing banks? If the answer is no, then we need another payment method for other cards the are issued
- 02:48:05 [Ian]
- Jonathan: SRC does not require tokens
- 02:48:24 [nicktr]
- q+
- 02:48:55 [Ian]
- [Question about whether SRC would ultimately subsume Basic Card]
- 02:49:23 [Ian]
- benoit: We can't eliminate Basic Card unless we have a replacement that meets the requirements.
- 02:49:27 [nicktr]
- q?
- 02:49:34 [Ciciley]
- q+
- 02:49:36 [Ian]
- JonathanG: Could you list the requirements you have in mind?
- 02:50:29 [Vishal-Expedia]
- q+
- 02:50:29 [Ian]
- jv: The basic premise is we need a minimal level of interop; card payments (basic) are the de facto. Seems Basic Card is basically done (but for Safari).
- 02:50:38 [Ian]
- ....we need something that works "most of the time" otherwise PR API won't be adopted.
- 02:50:45 [tomasz]
- q?
- 02:50:58 [Ian]
- ....3DS is no longer really optional (cf Europe)
- 02:51:13 [Ian]
- ...tokens are not that hard to do, so I think they will be increasingly used as a trinity
- 02:51:23 [Ian]
- AdrianHB: I think it's important to make the following distinction -
- 02:51:36 [rouslan]
- +1
- 02:51:42 [Ian]
- ...merchants should be able to get card details back, but that doesn't necessarily mean that the card details need to be returned by the browser.
- 02:51:49 [Ian]
- (Rouslan gives a +1 to that assertion)
- 02:51:57 [Gerhard]
- q+
- 02:52:01 [Ian]
- ack jv
- 02:52:13 [Ian]
- AdrianHB: Today Basic Card is basically replacing autofill....in my opinion, that's the sticking point for the moment
- 02:52:24 [tomasz]
- q+
- 02:52:35 [Ian]
- ...I think it's useful to distinguish the simple ability to return card details, but can we change how that's implement today?
- 02:52:40 [Ian]
- ack Adr
- 02:52:40 [Zakim]
- AdrianHB, you wanted to distinguish between basic-card and the need for basic-card handler built into browsers
- 02:52:48 [Ian]
- ack justin
- 02:52:49 [estes]
- q+
- 02:52:59 [AdrianHB]
- q?
- 02:53:09 [Ian]
- justin: Chrome ships with an implementation of basic card. There could be third parties that are willing to support basic card (think "Firefox")
- 02:53:35 [jeff_]
- jeff_ has joined #wpwg
- 02:53:35 [Ian]
- ...if the browsers are not building support, are there third-party payment handlers willing to step up to support the payment method?
- 02:53:56 [Ian]
- ...we had a lot of conversation yesterday about 3DS....I also challenge the assumption that it's covered by SRC.
- 02:54:07 [Ian]
- ...I think there's some more thinking to do on that
- 02:54:10 [Ian]
- ack nick
- 02:54:13 [AdrianHB]
- ack nicktr
- 02:54:39 [Ian]
- nicktr: As much as I'd like to see Basic Card go away (due to security challenges), the reality is that we need to have basic card
- 02:54:44 [jv]
- +1 Keep 3DS/Authentication separate from SRC
- 02:54:50 [Ian]
- ...so I think it's difficult for merchants to see the benefit of implementing PR API
- 02:55:16 [Ian]
- ...because there is not a single payment method supported across all browsers, that's a key disincentive to adoption
- 02:55:24 [Fawad_N]
- Fawad_N has joined #WPWG
- 02:55:29 [Ian]
- ...if I could pick one key thing in rechartering, it would be to have one payment method that works across browsers.
- 02:55:30 [Ian]
- q?
- 02:55:40 [AdrianHB]
- ack ciciley
- 02:55:50 [AdrianHB]
- zakim, close the queue
- 02:55:50 [Zakim]
- ok, AdrianHB, the speaker queue is closed
- 02:56:02 [Ian]
- Ciciley: There are some payment brands that have landed support for some aspects of SRC
- 02:56:19 [AdrianHB]
- ack Vishal-Expedia
- 02:56:43 [Ian]
- Vishal-Expedia: We've been having SRC conversations for 1 year. There are some use cases within Expedia where Basic Card is absolutely required
- 02:56:58 [Ian]
- ....so not having Basic Card would mean we would not adopt PR API
- 02:57:08 [AdrianHB]
- ack Gerhard
- 02:57:10 [Ian]
- ...I think you need to ask 100 merchants for their views on the importance of Basic Card
- 02:58:07 [Ian]
- Gerhard: Maybe the answer is to extend Basic Card to support an e-commerce token (that merchants are being required to accept)
- 02:58:36 [AdrianHB]
- ack tomasz
- 02:58:59 [Ian]
- ..perhaps useful for merchants to reduce PCI burden via e-commerce token
- 02:59:25 [rouslan]
- q+ to talk about the "killing"
- 02:59:26 [Ian]
- Tomasz: What else would we add to Basic Card? We could stop work on Basic Card and it could still be used by the industry.
- 02:59:28 [nicktr]
- I'd like to suggest that the security task force looks at Gerhard's suggestion - we were looking at "tokenized" payments before SRC came along. Can we support both?
- 03:00:01 [Ian]
- Rouslan: We are not really talking about killing Basic Card, just no longer working on the spec.
- 03:01:13 [kimwooglae]
- kimwooglae has joined #wpwg
- 03:02:09 [Ian]
- [Andy can you type?]
- 03:02:13 [estes]
- I don't want to derail the meeting, so it's ok if you can't hear me :)
- 03:02:15 [estes]
- sure, I'll type
- 03:02:25 [marcosc]
- marcosc has joined #wpwg
- 03:02:30 [hendo_]
- hendo_ has joined #wpwg
- 03:02:32 [jezza]
- jezza has joined #wpwg
- 03:04:29 [Ian]
- AdrianHB: If we are going to fully embrace payment handlers, shouldn't basic card support be more like other payment handlers?
- 03:05:20 [Ian]
- ...I have some slides for after lunch
- 03:06:24 [justin_toupin]
- justin_toupin has joined #wpwg
- 03:06:36 [jeff__]
- jeff__ has joined #wpwg
- 03:07:06 [AdrianHB]
- ian: one question to consider, are there other payment methods we need to consider
- 03:07:26 [AdrianHB]
- ... prioritization of future work
- 03:07:49 [AdrianHB]
- ... we have developed good liasons with FIDO and EMVCo, are there others?
- 03:08:07 [AdrianHB]
- ... we also need to think about how long the new charter should last
- 03:08:27 [AdrianHB]
- [STRAWPOLL] Any objections to recharting?
- 03:08:31 [AdrianHB]
- - None
- 03:09:01 [AdrianHB]
- ian: next steps is for chairs to draft proposed new charter
- 03:09:07 [nicktr]
- q?
- 03:09:12 [AdrianHB]
- zakim, open the queue
- 03:09:12 [Zakim]
- ok, AdrianHB, the speaker queue is open
- 03:09:21 [nicktr]
- ack estes
- 03:09:26 [estes]
- Ian: I just wanted to agree with AdrianHB
- 03:10:07 [Ian]
- Gerhard: Yesterday we say a presentation on QR codes. EMVCo has a standard. We are seeing more demand for it. Should we explore QR codes in our charter?
- 03:10:09 [AdrianHB]
- +1
- 03:10:11 [nicktr]
- +1 for QR
- 03:10:21 [estes]
- Ian: we didn't see basic card built into safari as a meaningful improvement over autofill
- 03:10:41 [michelweksler]
- +1 for QR
- 03:11:01 [estes]
- Ian: and thought it could introduce user confusion to show a payment sheet that might look like Apple Pay but not offer its security benefits
- 03:11:09 [rouslan]
- q+ to talk about autofill and basic-card
- 03:11:46 [Ian]
- Ian: Could auto-fill plug into PR API requests for Basic Card
- 03:11:48 [jv]
- jv has joined #wpwg
- 03:11:56 [Ian]
- Justin: Some issues around user-consent in that model
- 03:12:19 [Ian]
- Rouslan: For auto-fill-to-basic-card...something even more interesting than that is flowing in the other direction...
- 03:12:33 [Ian]
- ...data flows from basic card payment handler to auto-fill fields
- 03:12:47 [Ian]
- ...so the merchant doesn't need to use PR API, but Payment Handlers are still useful to users.
- 03:12:52 [Ian]
- q?
- 03:12:55 [Ian]
- ack rouslan
- 03:12:55 [Zakim]
- rouslan, you wanted to talk about autofill and basic-card
- 03:13:12 [Ian]
- AdrianHB: We've had at least one example of a 3rd party payment handler that did Basic Card (this was Klarna)
- 03:13:30 [norie]
- norie has joined #wpwg
- 03:13:33 [Ian]
- ...are there others who might explore that if Basic Card were the ubiquitous option?
- 03:14:00 [Gerhard]
- +1
- 03:14:14 [Ian]
- IJ: I recall the value proposition was riding basic card rails without requiring any changes to merchant site
- 03:14:35 [Ian]
- RRSAGENT, make minutes
- 03:14:35 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:15:20 [frank]
- frank has joined #wpwg
- 03:15:33 [Ian]
- Ian: So next steps is for the Chairs to come up with a draft charter based on your comments and other data from this meeting
- 03:15:39 [Ian]
- Topic: Web Monetization
- 03:15:42 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:16:02 [Ian]
- AdrianHB: This is just a quick-ee intro; we can go listen to Stefan across the hall for more in 30 mins
- 03:16:29 [Ian]
- ...a site that wants to accept streaming micropayments puts a <meta> tag in their site
- 03:16:42 [Ian]
- ...the content of the tag is a URL that is a payment pointer
- 03:16:57 [Ian]
- ...the way that the protocol works is that the browser fetches the document at that URL
- 03:17:09 [Ian]
- ...the browser generates a session header (unique)
- 03:17:21 [Ian]
- ...when payments are sent to the address, the address is slightly different for each session
- 03:17:24 [Ian]
- ...to avoid correlation
- 03:17:39 [Ian]
- ...the proposal in the WICG is a monetization object
- 03:17:55 [Ian]
- -> https://interledger.org/rfcs/0028-web-monetization/ Web Monetization spec
- 03:18:14 [rouslan]
- q+ to ask whether the web has any other progress type events
- 03:18:21 [nicktr]
- q?
- 03:18:25 [Ian]
- ...the event fires every time a payment is sent by the browser
- 03:18:45 [Ian]
- ....in terms of sending the payments, Coil has implemented this as a browser plug-in; Puma has implemented this natively
- 03:18:59 [Ian]
- ..what we are looking for is a new payment method called "monetization"
- 03:19:16 [Ian]
- ..and implicitly there is no user interaction; there is assumed some pre-authorization of an amount
- 03:19:25 [Ian]
- ...and as the user browsers small amounts of value are transmitted
- 03:19:48 [Ian]
- ...a "web monetization agent" is a component in the browser that makes decisions on the user's behalf about how much to spend on each site
- 03:20:04 [Ian]
- ...users need to be able to control their ability to pay on certain sites.
- 03:20:32 [Ian]
- ...a core requirement is privacy - how do we build a client-side component that evaluates how much to pay and how much, but without becoming a tool for parties to track users?
- 03:21:00 [Ian]
- ...the monetization agenda is authorized to make payments out of the user's wallet (which may be the same or different party from the party that does the monetization agent
- 03:21:04 [Ian]
- s/agenda/agent
- 03:21:21 [Ian]
- ...we've decoupled monetization agent from wallet.
- 03:21:36 [Ian]
- ...e.g., use Coil's web monetization agent but pay via google pay
- 03:21:38 [Ian]
- ack rouslan
- 03:21:38 [Zakim]
- rouslan, you wanted to ask whether the web has any other progress type events
- 03:21:47 [pranjal]
- pranjal has joined #wpwg
- 03:21:58 [dezell]
- dezell has joined #wpwg
- 03:21:59 [Ian]
- Rouslan: This is an interesting idea. A "progress" type event might be tricky to event
- 03:22:03 [Ian]
- s/event/implement
- 03:22:08 [jonathan]
- jonathan has joined #wpwg
- 03:22:16 [Ian]
- Rouslan: Marcos, do you know of any progress-type events?
- 03:22:24 [Ian]
- marcosc: There is a progress element that has one
- 03:22:44 [Ian]
- -> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/progress Progress indicator element
- 03:22:53 [Ian]
- AdrianHB: We have been thinking about this as a streaming protocol
- 03:23:29 [Ian]
- q?
- 03:23:34 [marcosc]
- rouslan, e.g., progress event from XHR https://xhr.spec.whatwg.org/#interface-progressevent
- 03:23:58 [Ian]
- AdrianHB: On 16 September we (Coil) announced a "Grant for the Web"
- 03:24:17 [Ian]
- -> https://www.grantfortheweb.org/ Grant for the Web
- 03:24:38 [Ian]
- AdrianHB: We've set aside funds for grants to people who are developing content to push this ecosystem forward.
- 03:24:51 [Ian]
- ...joint announcement with Mozilla and Creative Commons
- 03:25:06 [Ian]
- ...the overlap with the WPWG is:
- 03:25:11 [Ian]
- * Definition of a monetization payment method
- 03:25:15 [Ian]
- * Role of payment handlers
- 03:25:30 [Ian]
- ...one idea is web site calls PR API (instead of "meta") and payment handlers respond
- 03:25:45 [Ian]
- ...there are breakouts tomorrow on this topic
- 03:25:49 [nicktr]
- q?
- 03:26:28 [jezza]
- jezza has joined #wpwg
- 03:26:37 [Ian]
- IJ: Describe user flow?
- 03:27:12 [Ian]
- AdrianHB: You have money in a wallet. I get an authorization from that wallet in the form of an access token. I give that to the monetization agent.
- 03:27:24 [Ian]
- ...I leave it up to that agent to make decisions about how to pay for content
- 03:27:36 [Ian]
- IJ: What is payment request role?
- 03:27:38 [html5cat]
- q+
- 03:27:57 [Ian]
- AdrianHB: Potentially the merchant could use it to invoke web monetization, but without user interaction
- 03:28:18 [Ian]
- IJ: That would require a change to PR API that requires a user gesture
- 03:28:25 [nicktr]
- ack html5cat
- 03:28:37 [Ian]
- Yuri: If you pick up the Coil gift bag, you get some access to a Coil account, etc. etc.
- 03:29:00 [Ian]
- Yuri: Get Puma!
- 03:29:10 [Ian]
- Marcosc: I encourage people to check it out
- 03:29:29 [Ian]
- [The crowd chants for demo!]
- 03:30:18 [bryanluo_]
- bryanluo_ has joined #wpwg
- 03:32:16 [html5cat]
- https://flood.enclavegames.com
- 03:34:25 [jezza]
- jezza has joined #wpwg
- 03:34:29 [Ian]
- AdrianHB: It's up to each site to figure out how they reward the monetization offer
- 03:34:46 [Ian]
- ....e.g., in the above demo, the game provider offers free coins. Somebody else might, say, not show ads.
- 03:35:23 [rouslan]
- q+
- 03:35:42 [Ian]
- ack rouslan
- 03:35:51 [Ian]
- Rouslan: Web Monetization based on ILP?
- 03:35:55 [Ian]
- AdrianHB: Yes.
- 03:36:05 [Ian]
- AdrianHB: The way we've done the payments rails is using ILP
- 03:36:28 [Ian]
- ..ILP let's us set up an addressing space.
- 03:36:36 [Ian]
- ...it's easy for us as Coil to route payments that way
- 03:36:57 [Ian]
- ...it's not a payment network per se...just an addressing overlay on existing payment systems
- 03:37:03 [Ian]
- Rouslan: Is that a hard dependency on ILP
- 03:37:22 [Ian]
- AdrianHB: Not theoretically, but yes practically. There is no other way that is cost-effective for sending such small payments
- 03:37:56 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:38:14 [Ian]
- Rouslan: Is Interledger being done at W3C?
- 03:38:52 [Ian]
- AdrianHB: Work started at the W3C Interledger CG. There is now an Interledger Foundation. The intent is for all the IP to be held by that organization, and to stay open and RF
- 03:38:52 [agektmr]
- q+
- 03:39:13 [Ian]
- AdrianHB: https://tools.ietf.org/html/draft-thomas-interledger-00 is not standards track
- 03:39:20 [Ian]
- ...we've not taken anything on a formal standards track
- 03:39:32 [Ian]
- ..these are community-developed documents.
- 03:39:36 [Ian]
- ack agektmr
- 03:39:52 [Ian]
- agektmr: What is relation to Metamask?
- 03:40:02 [Ian]
- AdrianHB: There are quite a few efforts to do this with cryptocurrencies.
- 03:40:19 [Ian]
- ...if the hard dependency on crypto rather than ILP, that will be the end of the game for them
- 03:40:27 [Ian]
- ..until things are built into browsers, it's not going to take off
- 03:40:44 [Ian]
- ...if they were to do payments with payment systems we already use, they would be more successful
- 03:40:58 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:41:36 [html5cat]
- If anyone has a hdmi-> display port adapter I'd really appreciate it
- 03:41:42 [jv]
- jv has joined #wpwg
- 03:42:10 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 03:57:06 [bryanluo]
- bryanluo has joined #wpwg
- 03:58:20 [jezza]
- jezza has joined #wpwg
- 04:01:36 [mweksler]
- mweksler has joined #wpwg
- 04:01:45 [bryanluo_]
- bryanluo_ has joined #wpwg
- 04:03:58 [jv]
- jv has joined #wpwg
- 04:07:52 [pranjal]
- pranjal has joined #wpwg
- 04:11:06 [rouslan]
- rouslan has joined #wpwg
- 04:18:31 [hendo]
- hendo has joined #wpwg
- 04:21:16 [pranjal]
- pranjal has joined #wpwg
- 04:25:41 [jv]
- jv has joined #wpwg
- 04:25:49 [marcosc]
- marcosc has joined #wpwg
- 04:32:53 [bryanluo]
- bryanluo has joined #wpwg
- 04:34:57 [alex_liu]
- alex_liu has joined #wpwg
- 04:35:32 [alex_liu_]
- alex_liu_ has joined #wpwg
- 04:42:08 [mweksler]
- mweksler has joined #wpwg
- 04:42:21 [jezza]
- jezza has joined #wpwg
- 04:45:40 [jezza]
- jezza has joined #wpwg
- 04:47:52 [bryanluo]
- bryanluo has joined #wpwg
- 04:50:23 [mweksler]
- mweksler has joined #wpwg
- 04:52:41 [alex_liu]
- alex_liu has joined #wpwg
- 04:54:24 [marcosc]
- marcosc has joined #wpwg
- 04:55:07 [marcosc]
- marcosc has joined #wpwg
- 04:55:32 [jezza]
- jezza has joined #wpwg
- 04:56:37 [alex_liu]
- alex_liu has joined #wpwg
- 05:00:01 [frank]
- frank has joined #wpwg
- 05:00:27 [saschanaz]
- Sorry to distract everyone but am I only one hearing annoying high frequency noise in WP meeting room
- 05:01:33 [cwarnier]
- cwarnier has joined #wpwg
- 05:01:46 [jessie]
- jessie has joined #wpwg
- 05:02:57 [nicktr]
- no, I can hear it too
- 05:03:32 [pea13]
- pea13 has joined #wpwg
- 05:03:33 [canton_]
- canton_ has joined #wpwg
- 05:03:36 [saschanaz]
- It really distracts me and I want it to be fixed.. Not sure how
- 05:03:37 [bryanluo]
- bryanluo has joined #wpwg
- 05:03:46 [jv]
- jv has joined #wpwg
- 05:04:31 [AdrianHB]
- AdrianHB has joined #wpwg
- 05:04:37 [Masa_JCB]
- Masa_JCB has joined #wpwg
- 05:06:15 [marcosc]
- marcosc has joined #wpwg
- 05:06:48 [norie]
- norie has joined #wpwg
- 05:07:11 [takashi]
- takashi has joined #wpwg
- 05:07:12 [jonathan]
- jonathan has joined #wpwg
- 05:08:07 [jezza]
- jezza has joined #wpwg
- 05:08:17 [Fawad_n]
- Fawad_n has joined #WPWG
- 05:08:18 [Ian]
- Topic: Web Authentication Update
- 05:08:36 [Ian]
- Tony: We're working on WebAuthn2. Also, we'd like to understand better payment handlers.
- 05:08:48 [Ian]
- ...Web Authentication WG is rechartering through 2021
- 05:09:04 [Ian]
- ...some level 2 features include:
- 05:09:12 [Ian]
- - iframe support (for origins other than top-level origins)
- 05:09:25 [Ian]
- ....can be helpful in payment flows you've described.
- 05:09:27 [Ian]
- - some biometric things
- 05:09:30 [Ian]
- - some specification cleanup
- 05:09:44 [Ciciley]
- Ciciley has joined #wpwg
- 05:09:49 [Gerhard]
- Gerhard has joined #wpwg
- 05:09:56 [Ian]
- ...We have deployment of WebAuthn1 in Chrome, Edge, Firefox. In development in Safari (desktop)
- 05:09:57 [Ciciley]
- present+
- 05:10:08 [Ian]
- ...we'd like for payment handlers to be able to use WebAuthn
- 05:10:31 [Ian]
- ...we don't have delegation yet
- 05:10:44 [Ian]
- ..it takes place between the relying party (the handler) and the client (the browser)
- 05:10:48 [marcosc]
- +q
- 05:10:56 [Ian]
- ..we'd like to understand your requirements for authentication beyond the payment handler itself
- 05:11:09 [Ian]
- ack marcosc
- 05:11:12 [jonathan]
- q+
- 05:11:14 [Gerhard]
- q+
- 05:11:17 [tomasz]
- q+
- 05:11:21 [ella]
- ella has joined #wpwg
- 05:11:52 [Ian]
- marcosc: We have a payment sheet that operates as a top-level browsing context.
- 05:11:58 [Ian]
- AdrianHB: We still need to cover delegation
- 05:12:17 [Giulio]
- Giulio has joined #wpwg
- 05:12:23 [Ian]
- Tomasz: In the context of 3DS 2.0, there is a challenge flow that is sometimes implemented as an iframe.
- 05:12:26 [jezza]
- jezza has joined #wpwg
- 05:12:36 [jezza]
- q+
- 05:12:37 [Ian]
- ...it's not possible for the issuer to perform 3DS step-up without an iframe
- 05:12:44 [AdrianHB]
- ack tomasz
- 05:12:45 [Ian]
- Tony: I had pointed to a pull request:
- 05:13:04 [AdrianHB]
- https://github.com/w3c/webauthn/issues/911
- 05:13:05 [Ian]
- -> https://github.com/w3c/webauthn/issues/911
- 05:13:24 [Ian]
- Tony: The group had wanted to go down the feature policy path; there were objections and we are trying to work through them
- 05:13:39 [Ian]
- ...I think it's just feature policy itself.
- 05:13:42 [Ian]
- ack Jonathan
- 05:14:00 [Ian]
- Jonathan: There are a few things we discussed yesterday..."delegation" is one
- 05:14:10 [Ian]
- Tony: We want to understand your use case and determine the best approach.
- 05:14:30 [Ian]
- ...I have the feeling there are use cases where you'd like to carry authentication downstream.
- 05:14:36 [nicktr]
- q+ to talk about a delegation use case
- 05:14:39 [bryanluo]
- bryanluo has joined #wpwg
- 05:14:51 [urata]
- urata has joined #wpwg
- 05:14:57 [Ian]
- Jonathan: Someone who is not the relying party wants access to FIDO credentials and return signature back to relying party
- 05:15:25 [Ian]
- ...a second use case is something to facilitate 3DS where the issuer has created credentials and the merchants would like to use them
- 05:15:47 [Ian]
- Tony: There is some information we've agreed to with EMVCo about what information will be passed along [to 3DS]
- 05:15:54 [urata]
- urata has joined #wpwg
- 05:15:55 [jv]
- jv has joined #wpwg
- 05:16:08 [Ian]
- Jonathan: In that case the relying party is still the merchant. But there are use cases where the relying party is not the merchant.
- 05:16:25 [Ian]
- ...this morning we also discussed that it would be nice to distinguish from among users (that's more FIDO or platform thing)
- 05:16:36 [Ian]
- Tony: Agree that's a platform question.
- 05:16:40 [Ian]
- q?
- 05:17:00 [Ian]
- zzzz: As mentioned earlier, profiles raise usability issues
- 05:17:25 [Ian]
- ...if the wallet is doing the WebAuthn directly on the device, there is no concept currently of segmentation of the use of the credential.
- 05:17:52 [Ian]
- ...it's easy to say "the wallet could do it" but then we'd have to have different enrollments all the way back up
- 05:18:01 [Ian]
- ...the complexity goes up when building up all the things around it
- 05:18:14 [Ian]
- Jonathan: I had in mind that the relying party at enrollment time could create some new things (e.g., templates)
- 05:18:46 [Ian]
- zzzz: That's theoretically possible but the infrastructure parts may not be able to handle the segmentation
- 05:18:56 [Ian]
- q?
- 05:19:19 [jcj_moz]
- jcj_moz has joined #wpwg
- 05:19:23 [Ian]
- Jonathan: Yesterday we also spoke about the use case where the relying party wants to know what key ids belong to it.
- 05:19:42 [Ian]
- ...is that something that is standardized?
- 05:19:58 [Ian]
- zzzz: It's standardized so that the relying party can never know that.
- 05:20:08 [Ian]
- Jonathan: Even if the relying party created the keys?
- 05:20:26 [Ian]
- JohnBradley: We can't create a super cookie that can be returned without user consent
- 05:20:39 [Ian]
- ..if you want to create a cookie to memorize credentials, you can just do that.
- 05:20:49 [jv_]
- jv_ has joined #wpwg
- 05:20:53 [Ian]
- s/zzzz/John Bradley/g
- 05:20:57 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:21:25 [Ian]
- Jonathan: Is there a privacy issue to know what authenticators are on the platform?
- 05:21:27 [Ian]
- JohnBradley: Yes
- 05:21:52 [Ian]
- JohnBradley: There is at least one person on this side of the table who has concerns about adding to browser fingerprinting.
- 05:22:15 [Ian]
- Jonathan: You would like to know whether there is an authenticator on the platform.
- 05:22:43 [Ian]
- JohnBradley: You can learn "there is an authenticator" and for some platforms you know what that is, but you cannot find out what biometrics are supported by that authenticator
- 05:22:53 [Ian]
- q?
- 05:23:00 [justin_toupin]
- justin_toupin has joined #wpwg
- 05:23:11 [Ian]
- Tony: You can ask for user verification, but you can't ask for implementation of that
- 05:23:22 [jezza]
- jezza has joined #wpwg
- 05:23:32 [Ian]
- Gerhard: I want to touch on 2 edges of the spectrum
- 05:23:48 [Ian]
- ...one things mentioned in SCA is secure display
- 05:24:04 [Ian]
- ...right now there are 2 levels: user presence, 2 factor
- 05:24:14 [jezza]
- q-
- 05:24:15 [Ian]
- ...but there's missing a third level - secure display
- 05:24:31 [Ian]
- ...it would be great to combine "secure display" with getting biometric
- 05:24:54 [Ian]
- JohnBradley: That's defined by the spec but supported in no browsers or authenticators...there's no support by browsers
- 05:25:14 [Ian]
- ...the counter-proposal would be to have something that is more generally deployable
- 05:25:22 [frank]
- frank has joined #wpwg
- 05:25:26 [Ian]
- ...nothing in SCA says the secure display has to be part of the authenticator itself
- 05:25:36 [Ian]
- ...but I would argue if your browser is compromised you have bigger problems.
- 05:25:50 [Ian]
- ...so in WebAuthn we could have info from the payment handler signed as part of the client data
- 05:26:12 [Ian]
- ...I think we could meet SCA requirements across all browsers with existing authenticators...signing the payment handler output in client data
- 05:26:53 [Ian]
- q?
- 05:26:55 [AdrianHB]
- q?
- 05:27:03 [nicktr]
- ack Gerhard
- 05:27:17 [florent]
- florent has joined #wpwg
- 05:27:40 [Ian]
- Gerhard: That is the open banking scenario; you may have registered 5 authenticators and the calling party (the "AISP") might have to reach out to all five, and all five might decide to do their token step-up and that would be a bad UX
- 05:27:47 [tomasz]
- q?
- 05:27:48 [vkuntz]
- vkuntz has joined #wpwg
- 05:27:58 [Ian]
- ...so any way to passively sign to give a lower risk indicator and defer step-up; that would be useful.
- 05:27:58 [vkuntz]
- present+
- 05:28:13 [Ian]
- JohnBradley: Silent signatures from relying parties raise the same fingerprinting concerns
- 05:28:48 [dezell]
- dezell has joined #wpwg
- 05:28:57 [Ian]
- Gerhard: I'd like to say "If I can prove who I am ..."
- 05:29:08 [Ian]
- JohnBradley: Should be able to use cookie
- 05:29:20 [Ian]
- ...token binding comes to mind here
- 05:29:33 [Ian]
- Tony: You could do something through cached credentials (somewhat how UAF does this today)
- 05:29:42 [Ian]
- JohnBradley: It would be an interesting privacy discussion
- 05:29:43 [Ian]
- q?
- 05:29:51 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:30:15 [Ian]
- Gerhard: Many rules are based on risk assessments. If I can get more proof of who the person is, I can have less friction, and less abandonment.
- 05:30:50 [Ian]
- JohnBradley: Token binding intended to fulfill that...but token binding is on hold as Google and MS work out issues.
- 05:31:20 [Ian]
- JohnBradley: You can use token binding to ensure a cookie cannot be exfiltrated from browser.
- 05:31:58 [Ian]
- Tony: I propose that we have a task force between our two WGs
- 05:32:06 [Ian]
- ...to ensure that we have the use cases and we do the flows
- 05:32:13 [Ian]
- ...and that can be brought back to the WG for discussion
- 05:32:37 [jezza]
- jezza has joined #wpwg
- 05:32:50 [Ian]
- NickTR: My use case builds on Gerhard's....you were describing account aggregation
- 05:33:02 [Ian]
- ..my vision of payment handlers in the credit transfer space is very similar
- 05:33:15 [Ian]
- ...imagine you have a payment handler that is aware of the user's different current accounts with different banks.
- 05:33:34 [Ian]
- ...in principle there's a use case where you authenticate once to the payment handler, and you don't have to re-authenticate for each bank account.
- 05:33:59 [Ian]
- ...if you read the primary legislation (PSD2), it's the bank's responsibility, but that could be delegated (to the payment handler)
- 05:34:14 [Ian]
- ...so the payment handler should be able to pass auth credentials to a bank without more user interaction
- 05:34:27 [Ian]
- ...nobody is going to use a flow with multiple authentications
- 05:34:34 [Ian]
- ...I'd love to dive into this use case (even if hard)
- 05:34:52 [Ian]
- Jonathan: There is a distinction between "delegation" and "delegation." :)
- 05:35:16 [Ian]
- ...e.g., the bank could delegate to the merchant or payment handler who is the relying party
- 05:35:28 [Ian]
- ...but the second meaning of delegation is that the relying party IS the issuer
- 05:36:03 [Ian]
- ...so you registered with the issuer, and then in another context the bank says "I allow you to use my credentials"; that's a different form of delegation...the bank still owns the credentials, but they provide them to someone else who can return something to the bank
- 05:36:11 [Ian]
- JohnBradley: We are considering the latter form of delegation
- 05:36:16 [Ian]
- ...the iframe could be invisible.
- 05:36:42 [Ian]
- ...you could do an invisible iframe to the bank and using post message and a protocol between merchant and bank for credentials
- 05:36:48 [Ian]
- ..that has some good privacy properties
- 05:36:52 [urata]
- urata has joined #wpwg
- 05:37:09 [Ian]
- ...essentially if you allow the second model you enable correlated identifier that may be a backdoor tracking mechanism
- 05:37:22 [shu]
- shu has joined #wpwg
- 05:37:27 [Ian]
- ...we want to figure out how to give equivalent functionality with privacy
- 05:37:35 [Ian]
- NickTR: In my use case, nothing goes back to the merchant
- 05:37:47 [Ian]
- JohnBradley: Replace merchant here with wallet provider; same issue
- 05:38:07 [Ian]
- ..if I had multiple merchants and multiple wallets and they all used the same credentials they could correlate.
- 05:38:15 [shu]
- shu has joined #wpwg
- 05:38:37 [Ian]
- AdrianHB: Raise your hand if you want to be part of the joint task force: Gerhard, NickTR, Jonathan
- 05:38:59 [shu]
- shu has joined #wpwg
- 05:39:00 [bryanluo]
- bryanluo has joined #wpwg
- 05:39:15 [Ian]
- ACTION: Tony to convene a joint task force on payment use cases that involve Web Authentication
- 05:39:16 [trackbot]
- Created ACTION-129 - Convene a joint task force on payment use cases that involve web authentication [on Tony England - due 2019-09-24].
- 05:39:20 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:40:03 [jezza]
- jezza has joined #wpwg
- 05:40:28 [Ian]
- Topic: Handling Payments
- 05:40:41 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:40:49 [jv]
- jv has joined #wpwg
- 05:42:45 [jezza]
- jezza has joined #wpwg
- 05:43:18 [jezza]
- jezza has joined #wpwg
- 05:43:35 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 05:43:41 [jezza]
- jezza has joined #wpwg
- 05:44:10 [rouslan]
- q+100
- 05:44:17 [Ian]
- AdrianHB: The context for my slides here come from a conversation yesterday where Marcos expressed concern that a lot was going into payment handlers that would make it harder for new implementations to catch up
- 05:44:20 [rouslan]
- q- 100
- 05:44:22 [rouslan]
- q+
- 05:44:29 [Ian]
- ack nicktr
- 05:44:29 [Zakim]
- nicktr, you wanted to talk about a delegation use case
- 05:44:36 [wonsuk]
- wonsuk has joined #wpwg
- 05:45:30 [Ian]
- AdrianHB: First observation is that Basic Card does not fit well with other things...in sheets there's a mix of payment handlers (wallets) and cards (instruments)
- 05:45:46 [Ian]
- ...but delegation of merchant-requested data to the payment handler changes the game
- 05:46:00 [Ian]
- ...payment handlers should be able to respond to the merchant's request
- 05:46:30 [Ian]
- ...this means that payment handlers end up doing everything done by the sheet
- 05:46:35 [Ian]
- ....so the question is: do we need the payment sheet?
- 05:46:42 [Ian]
- q+
- 05:47:04 [Gerhard]
- +q
- 05:47:12 [marcosc]
- q+
- 05:47:18 [Ian]
- AdrianHB: The sheet requires an extra click
- 05:47:42 [Ian]
- ...the payment sheet has been a blocker for implementation in some browsers
- 05:47:57 [Ciciley]
- Ciciley has joined #wpwg
- 05:48:01 [Ciciley]
- present+
- 05:48:03 [Ian]
- ...we've heard from all the browsers that implementing the payment sheet is outside their wheelhouse in terms of localization and because payments are not really the things of browser
- 05:48:28 [Ian]
- ...so what would it look like to ditch the shet?
- 05:48:40 [Ian]
- ...I found some examples of how the Share API works
- 05:48:59 [Ian]
- -> https://web-share.glitch.me/
- 05:49:11 [Ian]
- AdrianHB: When I hit "pay" I could get a list of payment handlers I could use
- 05:49:20 [Ian]
- ...we could have a number of optimizations like "skip-the-sheet"
- 05:49:43 [rouslan]
- q?
- 05:49:52 [pranjal]
- pranjal has joined #wpwg
- 05:49:56 [Ian]
- Lawrence: How could a payment handler get in the list?
- 05:50:03 [Ian]
- AdrianHB: Through registration via payment handler API
- 05:50:16 [Gerhard]
- q-
- 05:51:17 [Ian]
- AdrianHB: Instead of getting mix of instruments and wallets, you just see wallets
- 05:51:31 [jv]
- jv has joined #wpwg
- 05:51:59 [Ian]
- AdrianHB: Today the payment handler API has a registration flow. Service worker installed. This enables the browser to get a manifest and the browser can do just-in-time install
- 05:52:04 [Ian]
- q?
- 05:52:17 [Ian]
- AdrianHB: As Ian said, how it happens is platform-specific.
- 05:52:22 [Ian]
- ack rouslan
- 05:52:56 [Ian]
- Rouslan: Great idea. I think one comment rubbed me the wrong way - that payment handlers are becoming Frankenstein.
- 05:53:08 [Ian]
- ...the payment handler is just trying to bring all the options in PR API to Payment Handlers
- 05:53:42 [Ian]
- ...we are experimenting.
- 05:54:21 [Ian]
- ...overall as an idea that the sheet should go away...I think it could be strange for w3c to dictate UI...but I think it's an interesting idea.
- 05:54:37 [Ian]
- ack marcosc
- 05:54:41 [jezza]
- jezza has joined #wpwg
- 05:54:47 [Ian]
- marcosc: I want to support what Rouslan said but wants to shift the perspective.
- 05:54:58 [Ian]
- ...PR API on its own and integration with native payment handlers makes a lot of sense
- 05:55:31 [Ian]
- ...but what was shown yesterday was that the handler modal was not suitable for some UI requirements.
- 05:55:38 [Ian]
- ...so it's becoming like an embedded iframe
- 05:55:50 [Ian]
- ...and Airbnb wants to enroll users, too
- 05:56:01 [Ian]
- ...so we end up with a component that can be co-opted to do a lot of things
- 05:56:24 [Ian]
- ...so let's not get rid of the sheet, but instead have a model browsing context that let's you do all these thins
- 05:56:30 [Ian]
- ...we just need a bi-directional channel
- 05:56:35 [Ian]
- s/thins/things
- 05:57:04 [Ian]
- AdrianHB: One of the things that came out of the discussion is that we've built a payments component that is using a lot of web features, but in a way that is only usable in those flows
- 05:57:18 [Ian]
- ...the modal window (of chrome) is special
- 05:57:37 [marcosc]
- marcosc has joined #wpwg
- 05:57:42 [Ian]
- ...I think the modal window is a powerful feature for any cross-origin thing you want to do
- 05:57:46 [jv]
- jv has joined #wpwg
- 05:58:52 [Ian]
- AdrianHB: I think it's a valuable platform in general, and it makes the case for building blocks for payment handlers much stronger.
- 05:58:57 [Roy]
- Roy has joined #wpwg
- 05:59:01 [Roy]
- q+
- 05:59:06 [Ian]
- ...I'll call this the "modal dialog" feature
- 05:59:24 [marcosc]
- "modal browsing context" - fight me
- 05:59:48 [Ian]
- AdrianHB: You could not have popup abuse since only one at a time, and also you only get back to underlying context when you close it
- 05:59:49 [nicktr]
- q+ to ask about security model. Does this rely still on the method manifest?
- 05:59:59 [Ian]
- ack roy
- 06:00:17 [Ian]
- roy: My main comment on that is, one value proposition of the payment sheet is that there's a level of trust
- 06:00:23 [marcosc]
- q+
- 06:00:30 [Ian]
- ...I trust the browser vendors to do the right thing with that dialog.
- 06:00:37 [jezza]
- jezza has joined #wpwg
- 06:00:40 [Ian]
- ack nick
- 06:00:40 [Zakim]
- nicktr, you wanted to ask about security model. Does this rely still on the method manifest?
- 06:00:50 [Masa_JCB]
- Masa_JCB has joined #wpwg
- 06:01:01 [Ian]
- nicktr: My question is similar - and payment handlers have a payment method manifest
- 06:01:18 [Ian]
- marcosc: We are showing arbitrary content in something that people thing is secure, but it's not
- 06:01:44 [Ian]
- ...we won't present a trusted UI where there is arbitrary content.
- 06:01:55 [Ian]
- q?
- 06:02:01 [Ian]
- ack marcosc
- 06:02:19 [Ian]
- q-
- 06:03:01 [Ian]
- Action: AdrianHB to look into a modal dialog spec, organize testing of assumptions about dropping the sheet.
- 06:03:01 [trackbot]
- Created ACTION-130 - Look into a modal dialog spec, organize testing of assumptions about dropping the sheet. [on Adrian Hope-Bailie - due 2019-09-24].
- 06:03:12 [Ian]
- AdrianHB: Some other ideas: drop instruments, drop modifiers, drop OpenWindow
- 06:03:16 [marcosc]
- Today, in order to do certain forms of authentication on the web we require either pop-ups, opening a new tab, a redirect, and so on... Payments introduced another UI component that affords OS-level payment integration (particularly for Apple Pay in Safari). When compared to native applications, most of these UI affordances lead to sub-optimal user experiences.
- 06:03:16 [marcosc]
- To improve the situation, a common requirement appears to be:
- 06:03:16 [marcosc]
- - a top-level browsing context that displays third party content.
- 06:03:17 [jezza]
- jezza has joined #wpwg
- 06:03:17 [marcosc]
- - it's modal.
- 06:03:19 [marcosc]
- - it should be possible to position this browsing context at least relative to the top or bottom of the container window, and perhaps have the ability to visually expand the context (or let the user expand it) - and the ability to go fullscreen. The browsing context (not the opener) controls the dimensions.
- 06:03:21 [marcosc]
- - the opener context needs to set the feature policy (e.g., allow web authn, camera access, credential management).
- 06:03:23 [marcosc]
- - the opener context must a means to have by bi-directional communication channel (i.e., message ports or just post message).
- 06:03:25 [marcosc]
- - the opener context must have the ability to close the browsing context.
- 06:03:27 [marcosc]
- - an ability to indicate the kind of service that's needed (e.g., "payment", "authentication", "share", "mixed?")
- 06:03:29 [marcosc]
- - An ability to open a pop-up (normal pop-up rules apply) - but associated with the browsing context... basically a less crappy tab experience on mobile.
- 06:03:34 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 06:03:45 [Ian]
- [Break]
- 06:04:22 [mweksler]
- mweksler has joined #wpwg
- 06:07:56 [jv]
- jv has joined #wpwg
- 06:08:38 [bryanluo]
- bryanluo has joined #wpwg
- 06:10:21 [jv_]
- jv_ has joined #wpwg
- 06:11:38 [jezza]
- jezza has joined #wpwg
- 06:12:02 [Ian]
- [We note for the minutes that Tomasz is also interested in the Joint task force with WebAuthn]
- 06:12:10 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 06:14:54 [jezza]
- jezza has joined #wpwg
- 06:21:09 [jv]
- jv has joined #wpwg
- 06:23:58 [AdrianHB]
- AdrianHB has joined #wpwg
- 06:27:50 [jessie]
- jessie has joined #wpwg
- 06:28:12 [bryanluo]
- bryanluo has joined #wpwg
- 06:29:58 [dave2037]
- dave2037 has joined #wpwg
- 06:31:14 [jezza]
- jezza has joined #wpwg
- 06:32:03 [dave2037]
- dave2037 has joined #wpwg
- 06:34:05 [alex_liu]
- alex_liu has joined #wpwg
- 06:36:28 [pranjal]
- pranjal has joined #wpwg
- 06:38:04 [Ian]
- Topic: Housekeeping
- 06:38:22 [jezza]
- jezza has joined #wpwg
- 06:38:35 [pranjal_]
- pranjal_ has joined #wpwg
- 06:38:43 [norie]
- norie has joined #wpwg
- 06:39:11 [benoit]
- benoit has joined #wpwg
- 06:40:30 [Ian]
- Ian: With chairs we need to review the dense minutes
- 06:40:42 [takashi]
- takashi has joined #wpwg
- 06:40:45 [Ian]
- ...I assume we will recharter so next meeting discussion assumes that
- 06:40:58 [Ian]
- NickTR: Remember when we recharter - your AC reps need to step up to say Please Recharter!
- 06:41:09 [bryanluo]
- bryanluo has joined #wpwg
- 06:41:24 [jezza]
- jezza has joined #wpwg
- 06:41:44 [Ian]
- Alex: Airbnb could host the next meeting, e.g., in Dublin or Paris
- 06:41:56 [Ian]
- NickTR: +1 to Dublin
- 06:42:44 [Gerhard]
- Gerhard has joined #wpwg
- 06:42:50 [Ian]
- Action: NIckTR to investigate next FTF meeting options with Ian and Adrian
- 06:42:51 [trackbot]
- Created ACTION-131 - Investigate next ftf meeting options with ian and adrian [on Nick Telford-Reed - due 2019-09-24].
- 06:42:57 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 06:43:13 [jezza]
- jezza has joined #wpwg
- 06:43:22 [Ian]
- Ian: Minutes available next week
- 06:43:26 [Ian]
- NickTR: Do people read minutes?
- 06:43:32 [Ian]
- [Several people say yes]
- 06:44:47 [rouslan]
- q+
- 06:45:00 [Ian]
- NickTR: As Chair it's good to understand what improvements you think we could make in running the group. E.g., who needs to be part of the discussion? We heard yesterday: PayPal, Alipay, WeChatPay
- 06:45:04 [Ian]
- ...so we'll work on that.
- 06:45:08 [Ian]
- ack rouslan
- 06:45:56 [Ian]
- Rouslan: I think once useful thing at each TPAC is to give a clearer picture of where we are with deployment. So I think some framing would be useful.
- 06:46:32 [Ian]
- NickTR: Maybe we need to start main meeting at 10:00am on day one, and have a crash course before that.
- 06:46:49 [Ian]
- Gerhard: Or do a video
- 06:47:10 [Ian]
- https://github.com/w3c/payment-request/wiki
- 06:48:47 [nicktr]
- q?
- 06:48:47 [Masa]
- Masa has joined #wpwg
- 06:48:49 [Ian]
- https://github.com/w3c/payment-request-info/wiki/FAQ
- 06:49:05 [Ian]
- https://github.com/w3c/payment-request-info/wiki/Introductions
- 06:49:17 [jv]
- Invite UPI from india, and OpenBanking UK we need to get more wallets, perhaps from Nordics where they are quite big too. Then south america, berletto?
- 06:49:18 [pranjal]
- pranjal has joined #wpwg
- 06:49:52 [jv]
- (boleto)
- 06:50:30 [Ian]
- q?
- 06:50:45 [justin_toupin]
- justin_toupin has joined #wpwg
- 06:51:03 [alex_liu]
- alex_liu has joined #wpwg
- 06:51:03 [benoit]
- q+ for consumer involvement?
- 06:52:32 [justin_toupin]
- q+ Some of the authentication conversations would have had more impact if we had drawn out the key use-cases for authentication that we are trying to address / improve
- 06:52:45 [Ian]
- IJ: Another idea is a merchant business group.
- 06:52:48 [Ian]
- +1 from Frank
- 06:53:03 [Ian]
- NickTR: Jeff Jaffe also mentioned a series of meetups (with merchants)
- 06:53:28 [Ian]
- ...could do them around other events like MRC
- 06:54:24 [urata]
- urata has joined #wpwg
- 06:54:26 [Ian]
- Vishal: Another conf is Payments Ed
- 06:54:46 [Ian]
- David: Have we done anything about consumer involvement (e.g., for the UX)?
- 06:56:03 [rouslan]
- q+
- 06:56:04 [pranjal_]
- pranjal_ has joined #wpwg
- 06:56:44 [Ian]
- Ian: Implementers do user testing. But we could have a big show-off-a-thon with lots of users and multiple browser vendors to get feedabck
- 06:57:05 [Ian]
- ack Rous
- 06:57:50 [Ian]
- rouslan: Perhaps what we are looking for is a user experience expert. Some people in the room have user experience experience. But we could bring UX experts (e.g., from Google) into a meeting to speak about how they think about those things
- 06:58:05 [Ian]
- Justin: I generally agree with Ian that browser vendors and other implementers are on the front line of UX
- 06:58:21 [vishal]
- vishal has joined #wpwg
- 06:58:24 [Ian]
- ...I think it could be useful to have them before the group here to point out how difficult it is.
- 06:58:43 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 06:59:08 [vishal]
- +q do you use applause for anonymous user testing? that could be a good idea to continuously test user experiences without the UX experts in the group
- 06:59:15 [norie]
- norie has joined #wpwg
- 06:59:17 [Ian]
- NickTR: We are facing a problem standards efforts share: companies need things to work together but also want to maintain some advantage
- 06:59:22 [Ian]
- ack Vishal
- 06:59:33 [Ian]
- ack ben
- 06:59:33 [Zakim]
- benoit, you wanted to discuss consumer involvement?
- 06:59:47 [Ian]
- Vishal: We user Applause for anonymous user testing.
- 07:00:30 [Ian]
- Alex: We use applause as well
- 07:01:51 [Ian]
- Action: Jeremy to see whether Stripe could provide any data about PR API
- 07:01:51 [trackbot]
- Error finding 'Jeremy'. You can review and register nicknames at <https://www.w3.org/Payments/WG/track/users>.
- 07:01:58 [Fawad_N]
- Fawad_N has joined #wpwg
- 07:02:05 [jezza]
- jezza has joined #wpwg
- 07:02:17 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:02:23 [Ian]
- [Adjourned]
- 07:02:26 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:03:55 [Ian]
- https://w3c.github.io/tpac-breakouts/sessions.html
- 07:06:30 [marcosc]
- marcosc has joined #wpwg
- 07:07:32 [alex_liu]
- alex_liu has joined #wpwg
- 07:07:55 [Ian]
- rrsagent, make minutes
- 07:07:55 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/15-wpwg-minutes.html Ian
- 07:07:59 [Ian]
- rrsagent, bye
- 07:07:59 [RRSAgent]
- I see 6 open action items saved in https://www.w3.org/2019/09/16-wpwg-actions.rdf :
- 07:07:59 [RRSAgent]
- ACTION: Justin to check internally at Google about what can be shared [1]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-22-00
- 07:07:59 [RRSAgent]
- ACTION: Ian to work with Justin and Google on writing up payment handler benefits [2]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-37-24
- 07:07:59 [RRSAgent]
- ACTION: Tony to convene a joint task force on payment use cases that involve Web Authentication [3]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T05-39-15
- 07:07:59 [RRSAgent]
- ACTION: AdrianHB to look into a modal dialog spec, organize testing of assumptions about dropping the sheet. [4]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T06-03-01
- 07:07:59 [RRSAgent]
- ACTION: NIckTR to investigate next FTF meeting options with Ian and Adrian [5]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T06-42-50
- 07:07:59 [RRSAgent]
- ACTION: Jeremy to see whether Stripe could provide any data about PR API [6]
- 07:07:59 [RRSAgent]
- recorded in https://www.w3.org/2019/09/15-wpwg-irc#T07-01-51
- 07:08:04 [alex_liu]
- alex_liu has joined #wpwg
- 07:08:07 [Ian]
- zakim, bye
- 07:08:07 [Zakim]
- Zakim has left #wpwg
- 07:08:09 [Zakim]
- leaving. As of this point the attendees have been vkuntz, jfontana, Ciciley, Fawad, nicktr, Ian, krystosterone, gildas, alex_liu, benoit, mweksler, jezza, Sophie, frank, heejin,
- 07:08:09 [Zakim]
- ... dave, Roy, jungkees, Vishal-Expedia, agektmr, Cheryl_M, cwarnier, jonathan, justin_toupin, rouslan, Giulio, tomasz, florent, wanli, dezell, bryanluo, sakiko, estes, JV,
- 07:08:09 [Zakim]
- ... AdrianHB, dongwoo, Wonsuk_Lee, html5cat, Gerhard, tobie