Meeting minutes
Analysis of SPC use case prioritization survey
====
4.78 / 9: Auth different merchant
2.11 / 6: In-transaction enrollment, later authentication same merchant
2.00 / 6: Enrollment of multiple instruments with one authentication
1.78 / 5: Enrollment for both payment authentication and account login
1.56 / 4: Authentication with out-of-band authenticator
0.78 / 3: Express Checkout (no user presence check)
0.78 / 2: Frictionless Checkout (no user presence check or payment confirmation dialog)
0.56 / 3: Web Authentication enrollment
0.56 / 4: Authenticator unenrollment
0.33 / 1: Authentication by bank after redirect
PROPOSAL: Remove out-of-band auth from the list of use cases under consideration
clinton: I think the results make sense
… regarding new use cases, I can see two paths
… some use cases lead to general solutions
… glad to see SRC in there
Ian: Any difference between 3DS and SRC flows?
Jonathan: The RP is different
Ian: What about CIBA in open banking use case?
chris: Client-initiated backchannel authentication. ... with CIBA it's a relatively straightforward and common approach in common banking....could definitely be used to exchange credential ids.
… doesn't look much different from the other use cases we've been looking at
Ian: Could we review the enrollment in a cross-origin iframe?
Stephen: The origin trial allows a bank iframe (3p wrt top-level merchant) with UX
… whether the browser UX is required remains to be seen.
Other feeback
Ian: We also heard a desire for the caller to call SPC without a round-trip to the RP. And to allow the merchant to validate the assertion
Next call
5 July