Meeting minutes
Scope Document
[Michel walks through the Draft scope document]
Tomasz: regarding "Scalable" could also add "Ubiquitous". Regarding "Transaction confirmation" suggest s/3DS/SCA
… see also pull request for more suggestions
… it's not only to fulfill regulatory requirements
<smcgruer_[EST]> +1 to Ubiquitous, if that helps us get away from 'across all PSP's merchants' to 'across all merchants'. (I think the latter is a long path to get there and we should start smaller such as PSP-bound, but we should keep it as a path in mind)
<Zakim> Ian, you wanted to make a comment after the list
IJ: I propose to add "scalable and ubiquitous" to the definition
<Tomasz> +1
<mweksler> +1
<Rolf> +1
<smcgruer_[EST]> +1
<praveena> +1
<Zakim> SameerT, you wanted to say comment for the front-end dev - Make it generic since in 3DS world, the merchants simply allow the issuer iframe to present content to the user
SameerT: Regarding front-end development built, I think that we should either generalize to apply to both the merchant and RP, or remove it.
Ian: PH also would benefit
Sameer: Note that in 3DS use case, deployment is simple (just an iframe)
… the issuer presents the content through the iframe
Ian: Perhaps we could say: "Because the browser or secure hardware controls the display, whoever would ordinarily open UX for authentication should have a simpler deployment."
Sameer: Yes, something like that.
IJ: Please have a look
Tomasz: What is the difference between "Credential" and "Assertion" here?
Rolf: In WebAuthn, the assertion is different from the credential. In username/password, the assertion is the same as the credential.
… all these terms are overloaded and used heavily.
… I think it's ok to refer to the Credential and then you do get() and get back an Assertion
<smcgruer_[EST]> +1 to Rolf
Tomasz: What if we use the Credential Management API? (cf. WebOTP).
Ian: That is a possibility. Anything here preclude that?
Tomasz: Also based on the credential management API
<smcgruer_[EST]> Perhaps: "SPC Credential Identifier : An identifier generated during enrollment and stored by the Relying Party in association with a payment instrument."
<smcgruer_[EST]> (Does not preclude multiple being created)
Stephen: There aren't really use cases yet...
… maybe talk about "payment systems"
Next Meeting
3 May