IRC log of wpwg-spc on 2021-05-03
Timestamps are in UTC.
- 15:53:07 [RRSAgent]
- RRSAgent has joined #wpwg-spc
- 15:53:07 [RRSAgent]
- logging to https://www.w3.org/2021/05/03-wpwg-spc-irc
- 15:53:18 [Ian]
- Meeting: SPC Task Force
- 15:53:20 [Ian]
- Chair: Ian
- 15:53:34 [Ian]
- Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2021Apr/0012.html
- 15:53:36 [Ian]
- Scribe: Ian
- 15:53:57 [Ian]
- agenda+ Origin trial end date
- 15:54:04 [Ian]
- agenda+ User stores
- 15:54:07 [Ian]
- agenda- User stores
- 15:54:09 [Ian]
- agenda+ User stories
- 15:54:14 [Ian]
- agenda+ Issue 56
- 15:54:15 [Ian]
- agenda+ Issue 57
- 15:54:19 [Ian]
- agenda+ Regular meeting time
- 15:54:24 [Ian]
- regrets+ Tomasz
- 15:54:39 [Ian]
- regrets+Anne_Pouillard
- 15:54:46 [Ian]
- regrets?
- 15:54:54 [Ian]
- regrets+ Anne_Pouillard
- 15:55:24 [mweksler]
- mweksler has joined #wpwg-spc
- 15:58:21 [Clinton]
- Clinton has joined #wpwg-spc
- 15:59:27 [Ian]
- present+
- 15:59:31 [Ian]
- present+ Clinton_Allen
- 15:59:37 [Ian]
- present+ Michel_Weksler
- 16:00:40 [Ian]
- present+ Jean-Carlo_Emer
- 16:00:50 [Ian]
- present+ Stephen_McGruer
- 16:01:14 [Ian]
- present+ Gustavo_Kok
- 16:01:53 [Ian]
- present+ Gerhard_OOsthuizen
- 16:02:06 [Ian]
- present+ Jeff_Hodges
- 16:02:30 [Ian]
- present+ Amy_Slack
- 16:02:33 [Ian]
- present+ Doug_Fisher
- 16:02:39 [Ian]
- present+ Christian_Aabye
- 16:02:55 [Ian]
- present+ Werner_Bruinings
- 16:03:20 [Ian]
- -> https://lists.w3.org/Archives/Public/public-payments-wg/2021Apr/0012.html Agenda
- 16:03:22 [Ian]
- agenda?
- 16:03:40 [Ian]
- zakim, take up item 1
- 16:03:40 [Zakim]
- agendum 1 -- Origin trial end date -- taken up [from Ian]
- 16:04:16 [jeffh]
- jeffh has joined #wpwg-spc
- 16:04:17 [Ian]
- Mweksler: Airbnb and Adyen are going to do a pilot with SPC. Want to do this as part of the origin trial, and to see if we have any flexibility on the end date.
- 16:04:54 [Ian]
- Stephen: The origin trial is from 91-93. I think this is through mid-September
- 16:05:03 [Ian]
- ...we extend origin trials for 2 reasons
- 16:05:11 [Ian]
- ...if there's a browser bug (invalidating the origin trial)
- 16:05:20 [Ian]
- ...more commonly, when partners need more time!
- 16:05:29 [Ian]
- present+ Sameer_Tare
- 16:05:40 [Ian]
- ...sometimes we can extend 1 or more release cycles
- 16:05:48 [SameerT]
- SameerT has joined #wpwg-spc
- 16:06:02 [Ian]
- mweksler: It would be great to chat with you more about the pilot idea
- 16:06:09 [Ian]
- present+ Praveena_Subrahmany
- 16:06:28 [Ian]
- mweksler: When would we need to request the extension and to whom?
- 16:06:33 [Ian]
- Stephen: File the request with me
- 16:06:41 [Ian]
- ...how about by July?
- 16:06:46 [wernerb_]
- wernerb_ has joined #wpwg-spc
- 16:06:48 [Ian]
- present+ Adrian_Hope-Bailie
- 16:07:11 [Ian]
- michel: Noted!
- 16:07:17 [Ian]
- zakim, close item 1
- 16:07:17 [Zakim]
- agendum 1, Origin trial end date, closed
- 16:07:18 [Zakim]
- I see 5 items remaining on the agenda; the next one is
- 16:07:18 [Zakim]
- 2. User stores [from Ian]
- 16:07:25 [Ian]
- zakim, close item 2
- 16:07:25 [Zakim]
- agendum 2, User stores, closed
- 16:07:26 [Zakim]
- I see 4 items remaining on the agenda; the next one is
- 16:07:26 [Zakim]
- 3. User stories [from Ian]
- 16:07:28 [Ian]
- zakim, take up item 3
- 16:07:28 [Zakim]
- agendum 3 -- User stories -- taken up [from Ian]
- 16:07:36 [Ian]
- https://github.com/w3c/secure-payment-confirmation/blob/gh-pages/scope.md
- 16:07:45 [praveena]
- praveena has joined #wpwg-spc
- 16:07:47 [jeffh_]
- jeffh_ has joined #wpwg-spc
- 16:07:54 [AdrianHB]
- agenda?
- 16:08:00 [Ian]
- https://github.com/w3c/secure-payment-confirmation/pull/60
- 16:08:18 [Ian]
- https://github.com/w3c/secure-payment-confirmation/pull/60/files
- 16:09:18 [Ian]
- 1) Out of band enrollment
- 16:09:35 [Ian]
- Stephen: +1 to this use case. Captures the important of "enrolling all your payment instruments"
- 16:10:01 [Jean_Emer_]
- Jean_Emer_ has joined #wpwg-spc
- 16:10:50 [Gerhard_]
- Gerhard_ has joined #wpwg-spc
- 16:10:51 [Ian]
- 2) In-transaction enrollment, authentication same merchant
- 16:10:54 [gkok]
- gkok has joined #wpwg-spc
- 16:11:19 [Ian]
- 3) Authentication different merchant
- 16:11:58 [Ian]
- 4) Enrollment for both payment authentication and account login
- 16:12:36 [Ian]
- mweksler: The details are for discussion but the general idea is to do one-step login plus payment authentication
- 16:13:08 [Ian]
- ...it would be great if, during a guest checkout, the user pays and the merchant can use the authentication step both for payment and to create an account
- 16:13:17 [Gerhard_]
- q+
- 16:13:27 [Ian]
- ack Gerhard_
- 16:13:49 [smcgruer_[EST]]
- q+
- 16:14:01 [Ian]
- Gerhard_: When I look at this use case from a banking perspective, we definitely see the use case.
- 16:14:38 [Ian]
- ...are you thinking about this from banking or merchant perspective?
- 16:14:53 [Ian]
- mweksler: Merchant perspective. Want to use credentials for future login
- 16:15:53 [Ian]
- ...user perspective is "just authenticate once; allow multiple usage"
- 16:16:42 [Ian]
- stephen: In the use case it talks about using this credential on a "different" merchant.
- 16:16:42 [Gerhard_]
- Just note Michel: This sounds more like Delegated Auth use-cases.
- 16:17:11 [Ian]
- michel: I was not thinking about cross-merchant login
- 16:18:28 [Ian]
- Ian: My understanding was that the issuer is the RP, and gives the merchant the info required to re-use the credential for login
- 16:18:34 [smcgruer_[EST]]
- q+
- 16:18:55 [Ian]
- Ian: But that login use case breaks web auth same origin policy, so would need to handle specially
- 16:19:06 [SameerT]
- +1 to what Gerhard mentioned, owner (RP) of the credentials will drive use-cases differently
- 16:19:07 [Ian]
- ack sm
- 16:19:45 [Ian]
- smcgruer_[EST]: Sharing creds is a FIDO problem, not an SPC problem
- 16:20:17 [Ian]
- 5) Lower Friction
- 16:20:50 [Ian]
- (Brought to us by Entersekt)
- 16:20:54 [Ian]
- https://github.com/w3c/secure-payment-confirmation/pull/60/files
- 16:22:08 [Ian]
- Gerhard: Low friction to me is "transaction display but just "verify" button"
- 16:22:16 [Ian]
- ..you still get cryptographic signature
- 16:22:32 [Ian]
- ...this is not a frictionless flow (e.g., based on previous consent by the user)
- 16:23:14 [Ian]
- ...if there is a frictionless flow, then the signed data would need to say so
- 16:24:38 [Christian]
- Christian has joined #wpwg-spc
- 16:25:18 [Ian]
- Ian: I think we've been talking about 3 levels:
- 16:25:26 [Ian]
- 1) display and user verification
- 16:25:36 [Ian]
- ..there is a multi-factor event
- 16:25:41 [Ian]
- 2) display and user presence
- 16:25:49 [Ian]
- 3) display and possession, but no user presence check
- 16:26:06 [Ian]
- 4) no display and no user presence check
- 16:26:10 [Ian]
- (but previous consent)
- 16:26:14 [Ian]
- q?
- 16:27:17 [Ian]
- JeffH: Silent authentication is not supported in WebAuthn but technically can be done at CTAP layer
- 16:28:34 [Ian]
- ..authenticators might have displays
- 16:28:54 [mweksler]
- q+
- 16:29:09 [Ian]
- ...authenticators that are discrete components that have display in the authenticator boundary are rare.
- 16:29:14 [Ian]
- ack mw
- 16:29:45 [Ian]
- mweksler: I suggest that if we feel like the use case is useful, we can still add it
- 16:30:14 [Ian]
- ...as a merchant, this is very useful (with user consent) to do something with silent authentication
- 16:30:22 [Ian]
- ...but we don't want to create a security hole
- 16:31:15 [Ian]
- ACTION: To split these use cases into the 4 experiences we described here.
- 16:32:07 [Ian]
- zakim, take up item 6
- 16:32:07 [Zakim]
- agendum 6 -- Regular meeting time -- taken up [from Ian]
- 16:32:11 [Gerhard_]
- +1 for moving to WPWG group
- 16:32:19 [mweksler]
- +1 to move to an hour, -1 to 7 am pacific
- 16:32:21 [Ian]
- PROPOSED: Move this 30 mins to 1 hour every other week on thursday call
- 16:32:44 [Ian]
- Christian: We (EMVCo) have a conflict then
- 16:33:29 [Ian]
- Next meeting: 10 May
- 16:33:30 [Doug]
- Doug has joined #wpwg-spc
- 16:33:50 [Ian]
- RRSAGENT, make minutes
- 16:33:50 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/05/03-wpwg-spc-minutes.html Ian
- 16:33:55 [Ian]
- rrsagent, set logs public
- 16:34:15 [Ian]
- rrsagent, bye
- 16:34:15 [RRSAgent]
- I see 1 open action item saved in https://www.w3.org/2021/05/03-wpwg-spc-actions.rdf :
- 16:34:15 [RRSAgent]
- ACTION: To split these use cases into the 4 experiences we described here. [1]
- 16:34:15 [RRSAgent]
- recorded in https://www.w3.org/2021/05/03-wpwg-spc-irc#T16-31-15
- 16:34:17 [Ian]
- zakim, bye
- 16:34:17 [Zakim]
- leaving. As of this point the attendees have been Ian, Clinton_Allen, Michel_Weksler, Jean-Carlo_Emer, Stephen_McGruer, Gustavo_Kok, Gerhard_OOsthuizen, Jeff_Hodges, Amy_Slack,
- 16:34:17 [Zakim]
- Zakim has left #wpwg-spc