IRC log of wpwg on 2021-09-02

Timestamps are in UTC.

13:41:39 [RRSAgent]
RRSAgent has joined #wpwg
13:41:39 [RRSAgent]
logging to https://www.w3.org/2021/09/02-wpwg-irc
13:41:43 [Ian]
Meeting: Web Payments Working Group
13:41:46 [Ian]
Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20210902
13:41:53 [Ian]
Scribe: Ian
13:42:03 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/09/02-wpwg-minutes.html Ian
13:58:32 [Ian]
present+ Ian_Jacobs
14:00:51 [Ian]
present+ Arman_Aygen
14:01:15 [Ian]
present+ Jean-Michel_Girard
14:01:59 [benoit]
present+
14:02:26 [Ian]
present+ Robert_Savage
14:02:35 [Ian]
present+ Stephen_McGruer
14:02:39 [Ian]
present+ Adrian_Hope-Bailie
14:03:18 [AdrianHB_]
AdrianHB_ has joined #wpwg
14:03:52 [Ian]
present+ Werner
14:03:55 [Ian]
present+ Susan_Pandy
14:03:56 [JMGirard]
JMGirard has joined #wpwg
14:04:02 [Ian]
Topic: SPC Status
14:04:22 [Ian]
1) SPC => FPWD
14:05:12 [Ian]
present+ Clinton_Allen
14:05:18 [werner]
werner has joined #wpwg
14:05:27 [Ian]
present+ Gerhard
14:06:09 [Ian]
Ian: Any initial test work?
14:06:19 [Ian]
Stephen: Yes, we have about 1/2 the coverage I'd like for a launch
14:06:21 [clinton]
clinton has joined #wpwg
14:06:31 [Ian]
...we are doing our work in "Web Platform Tests"
14:06:41 [Ian]
https://github.com/web-platform-tests/wpt
14:06:53 [Ian]
...we need automation to get the rest of the way
14:06:55 [Ian]
...web driver
14:07:14 [Ian]
-> https://github.com/web-platform-tests/wpt/tree/master/secure-payment-confirmation SPC test
14:07:34 [smcgruer_[EST]]
-> https://wpt.fyi/results/secure-payment-confirmation?label=experimental&label=master&aligned
14:08:08 [Ian]
-> https://github.com/w3c/wpsig/blob/gh-pages/spc-psd2.md Using SPC to fulfill PSD2 Requirements for SCA and Dynamic Linking
14:09:17 [Gerhard]
Gerhard has joined #wpwg
14:10:16 [Ian]
q?
14:10:43 [Ian]
IaN: One idea is to develop tests to help fulfill expectations of financial institutions, on top of web platform tests
14:11:41 [Gerhard]
q+
14:11:47 [Ian]
Ian: Need to have some compliance conversations.
14:11:49 [Ian]
ack Ger
14:12:15 [Ian]
present+ Nick
14:13:04 [nicktr]
q?
14:13:09 [Ian]
Ian: I think the answer is "there should be specificity"
14:13:29 [Ian]
Gerhard: You can get an eMVCo "sticker" but I don't think you can get a sticker for "SCA"
14:13:36 [nicktr]
q+ to respond about stickers
14:13:47 [Ian]
Gerhard:...you commission a reputable and independent security company to provide their opinion
14:14:23 [Ian]
Ian: Like who?
14:14:39 [Ian]
Gerhard: I will find the name of an EU security firm
14:15:36 [Ian]
Gerhard: FIDO Alliance has done a lot in this space. Keep checking with them.
14:15:57 [Ian]
...maybe a collaboration with FIDO would be helpful
14:16:51 [nicktr]
q-
14:17:36 [Ian]
NickTR: There is no standard regulatory path; each country has its own competent authorities. I'm not aware of a certification regime to get a "sticker" about SCA.
14:17:59 [Ian]
q?
14:18:24 [Ian]
Ian: Any implementation expectations to set?
14:18:49 [Ian]
Stephen: We are looking to ship in M95 (MacOS, Windows) ... not guaranteed.
14:19:02 [Ian]
...this is shippable for experimentation but not done.
14:19:04 [nicktr]
zakim, agenda?
14:19:04 [Zakim]
I see nothing on the agenda
14:19:36 [Ian]
Topic: Basic Card
14:19:44 [Ian]
Topic: Charter
14:19:52 [Ian]
-> https://lists.w3.org/Archives/Public/public-payments-wg/2021Aug/0044.html Draft charter
14:20:47 [Ian]
topic: Payment Request API
14:21:05 [nicktr]
scribenick: nicktr
14:21:27 [AdrianHB_]
AdrianHB_ has joined #wpwg
14:21:35 [nicktr]
ian: Marcos is working on cleaning up the tests and spec for final move to PR
14:21:54 [nicktr]
...we've not received any further public comments since removing features
14:22:07 [nicktr]
Topic: Basic Card
14:23:45 [nicktr]
ian: Klarna has a interesting use case. If there is a standardised format, then as an App provider, you can send transactions without the merchant having to make changes. Deprecating basic card removes that ability
14:24:21 [nicktr]
...we also had work going on tokenised card format, which was superseded by SRC, which was superseded by SPC
14:24:45 [Ian]
scribe: Ian
14:24:49 [Ian]
Ian: What are the use cases?
14:25:06 [Gerhard]
Gerhard has joined #wpwg
14:25:19 [Ian]
AdrianHB: What I'd love to solve for is instrument selection. Not necessarily storing anything sensitive, but storing a handle that makes it easy for users to choose a payment instrument.
14:25:32 [Ian]
...but in a generalized fashion so that it can be used for a variety of payment methods (e.g., SEPA)
14:26:09 [Ian]
...it would be useful if the browser could store that information and for browsers to provide a selection UX.
14:26:28 [Ian]
...instead of choosing a payment app, simpler: choose a payment instrument.
14:26:44 [nicktr]
q?
14:26:46 [Ian]
...and then, for example, SPC could be used for authentication, or the user could be redirected to a payment provider page.
14:26:55 [Ian]
...this would be an improvement beyond autofill.
14:27:06 [Ian]
...and browsers could sync across browser instances
14:27:58 [Gerhard]
q+
14:28:12 [Ian]
Jean-Michel: The big problem for us is regarding the merchant. How does the merchant know what the user has to pay with?
14:28:40 [Ian]
...best solution for us is to use a PSP to propose contracts to the browser, and for the browser to present what can be used to pay.
14:29:07 [Ian]
...another issue we have regards merchants that have more than one PSP. How do they know which PSP to use based on what the customer can pay with?
14:29:44 [Ian]
...we don't have any proposals at this time.
14:30:04 [Ian]
...we also have some tokenized services....
14:30:11 [Ian]
q?
14:30:15 [Ian]
ack Gerhard
14:30:18 [Ian]
Chair: NickTR
14:31:08 [Ian]
Gerhard: We've been doing a lot of thinking around open banking. One thing that it does well is move the user from the merchant domain to the banking domain for instrument selection.
14:31:12 [Ian]
...the merchant doesn't get to know
14:32:24 [Ian]
...I think that open banking and SRC are going to be dominant models, where the user interacts with a party that returns (opaque) data to the merchant.
14:32:30 [Ian]
...standardized fields might be:
14:32:32 [Ian]
* Token
14:32:35 [Ian]
* Expiry date
14:32:46 [Ian]
* Dynamic data
14:32:59 [Ian]
...and you may need notification of payment with an account push.
14:33:01 [smcgruer_[EST]]
q?
14:33:04 [Ian]
..summarizing use cases:
14:33:09 [Ian]
* Instrument selection
14:33:20 [Ian]
* Notification payment on the way
14:33:24 [Ian]
* Authentication (SPC)
14:34:39 [Ian]
...within instrument selection, there are push and pull variations.
14:35:44 [Gerhard]
4'th is SPC as defined today (payment consent)
14:36:06 [Ian]
NickTR: We have an architecture of Payment Request and Payment Handlers (with canMakePayment), with computation of the interaction of what is accepted and what is available. For push payments, the payment response data is a handle that something is underway
14:40:32 [nicktr]
q?
14:41:21 [Ian]
Gerhard: Use case I have in mind is "guest checkout" to get a tokenization process going.
14:41:51 [Ian]
...I think we might make progress with a less generic solution.
14:41:53 [nicktr]
q>
14:41:55 [nicktr]
q?
14:42:03 [nicktr]
s/q>//
14:44:41 [smcgruer_[EST]]
q+
14:44:55 [Ian]
Gerhard: Some users are happy to store card info in their browser.
14:45:27 [nicktr]
q?
14:45:29 [Ian]
...I think that browsers already provide some selection mechanism (to-fill)
14:45:32 [nicktr]
ack smcgruer_[EST]
14:45:34 [Ian]
s/to-fill/auto-fill/
14:46:04 [Ian]
smcgruer_[EST]: I think this is an interesting topic. As a user, I observe that digital wallets have not yet won!
14:46:24 [Ian]
...I assume it's a chicken and egg problem (adoption only if ubiquitously used by users)
14:46:52 [Ian]
...I heard Gerhard's proposal is a "marketplace" with multiple backends.
14:47:15 [Ian]
...I agree that merchants want to control the UX. Digital wallets control *everything* for the merchant, which is more than what Basic Card offered.
14:47:34 [AdrianHB_]
q+ to comment on background of basic card vs payment handler
14:47:45 [Ian]
ack AdrianHB
14:47:45 [Zakim]
AdrianHB_, you wanted to comment on background of basic card vs payment handler
14:48:53 [Ian]
AdrianHB: Recall that the two problems we set out to solve originally were for browser-stored data (especially on mobile due to data capture friction) and digital wallet connections.
14:48:56 [nicktr]
q?
14:50:18 [clinton]
q+
14:50:43 [Ian]
AdrianHB: Maybe we need a simpler PR API that still has payment apps. But I see challenge of getting more browser adoption.
14:51:04 [nicktr]
q?
14:51:05 [Ian]
ack clinton
14:51:29 [Ian]
Clinton: Where is adoption documented?
14:51:51 [Ian]
https://caniuse.com/payment-request
14:54:47 [Ian]
https://www.w3.org/Payments/WG/charter-2021.html
14:54:59 [Ian]
"Payment Handler API and Payment Method Manifest do not yet have sufficient cross-browser implementation experience to advance to Recommendation. However, the implementation in Chromium browsers enables experimentation and the Working Group intends to maintain them as Working Drafts. If the implementation landscape changes, the Working Group will revisit the question of advancement to Recommendation and re-charter as needed."
14:58:58 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/09/02-wpwg-minutes.html Ian
14:59:21 [Ian]
Topic: Next meeting
14:59:29 [Ian]
16 september
14:59:32 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/09/02-wpwg-minutes.html Ian
15:00:55 [Ian]
zakim, bye
15:00:55 [Zakim]
leaving. As of this point the attendees have been Ian_Jacobs, Arman_Aygen, Jean-Michel_Girard, benoit, Robert_Savage, Stephen_McGruer, Adrian_Hope-Bailie, Werner, Susan_Pandy,
15:00:55 [Zakim]
Zakim has left #wpwg
15:00:57 [Ian]
rrsagent, bye
15:00:57 [RRSAgent]
I see no action items