IRC log of wpwg-spc on 2022-01-31
Timestamps are in UTC.
- 16:59:33 [RRSAgent]
- RRSAgent has joined #wpwg-spc
- 16:59:33 [RRSAgent]
- logging to https://www.w3.org/2022/01/31-wpwg-spc-irc
- 17:00:15 [Ian]
- Meeting: SPC Task Force
- 17:00:17 [Ian]
- Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2022Jan/0049.html
- 17:00:18 [Ian]
- Chair: Ian
- 17:00:20 [Ian]
- present+
- 17:00:23 [Ian]
- present+ John_Bradley
- 17:00:33 [Ian]
- regrets+ Praveena_Subrahmanyam
- 17:00:43 [Ian]
- agenda+ Proposal to address issue 125 (failed icon download)
- 17:00:52 [Ian]
- agenda+ New issue 172: Opt-out link enhancement
- 17:01:28 [Ian]
- present+ Nick_Burris
- 17:01:33 [DougF]
- DougF has joined #wpwg-spc
- 17:02:30 [Ian]
- present+ Doug_Fisher
- 17:03:50 [Ian]
- present+ Clinton_Allen
- 17:03:55 [Ian]
- present+ Stephen_McGruer
- 17:04:00 [Ian]
- present+ Sameer_Tare
- 17:04:18 [Ian]
- zakim, take up item 1
- 17:04:18 [Zakim]
- agendum 1 -- Proposal to address issue 125 (failed icon download) -- taken up [from Ian]
- 17:04:41 [Ian]
- -> https://github.com/w3c/secure-payment-confirmation/issues/125#issuecomment-1021196522 Proposal
- 17:05:04 [Ian]
- smcgruer_[EST]: Proposal is optional input to say "ok if it doesn't download"
- 17:05:59 [Rolf]
- Rolf has joined #wpwg-spc
- 17:06:04 [Ian]
- ..question of whether it's possible to remove a WebIDL field.
- 17:06:37 [Ian]
- John_Bradley: Some concerns about "removal"; zeroing may be more reliable behavior
- 17:06:48 [Ian]
- regrets+ Jean-Carlo
- 17:07:20 [Ian]
- Doug: What is the status of "placeholder" versus "removal"?
- 17:07:27 [Ian]
- ...I would prefer placeholder rather than no icon
- 17:07:36 [Ian]
- present+ Werner_Bruinings
- 17:07:42 [Ian]
- present+ Rolf_Lindemann
- 17:07:51 [SameerT]
- SameerT has joined #wpwg-spc
- 17:08:21 [Ian]
- Ian: What type of icon do you mean?
- 17:08:26 [Ian]
- Doug: Browser-based
- 17:08:33 [Ian]
- q?
- 17:09:08 [Ian]
- smcgruer_[EST]: I hear 2 things:
- 17:09:23 [Ian]
- a) Did the browser show something or literally nothing?
- 17:09:42 [Ian]
- b) If the browser shows something, it would be a PNG that shipped with the browser.
- 17:10:02 [Ian]
- Doug: From a validator POV, you'd always be able to verify that either the proper card art was shown, or a default logo for the browser was shown.
- 17:10:15 [Ian]
- John: The browser could also use a URL or URN here.
- 17:12:09 [Ian]
- IJ: Is there a difference from the perspective of the validator?
- 17:14:16 [Ian]
- q?
- 17:14:28 [Ian]
- JohN: The merchant can always tamper with the card art URL.
- 17:14:37 [Ian]
- ...you need to validate the assertion in all cases
- 17:15:42 [Ian]
- ....might make server side processing easier if there's always the same data type (e.g., a URL)
- 17:17:13 [Ian]
- Doug: I think the boolean would be useful for the validator.
- 17:17:15 [SameerT]
- q+
- 17:17:39 [Ian]
- Doug: Possibly from a UI perspective I would like to "not see something wrong" (e.g., missing card art)
- 17:17:51 [Ian]
- ...I would not want it to look different each time; would like to see a persistent backup.
- 17:17:53 [Ian]
- ack SameerT
- 17:19:40 [Ian]
- q+
- 17:20:36 [Rolf]
- q+
- 17:21:07 [Ian]
- John_Bradley: The question of "typing" might be why Stripe wanted the member removed rather than being empty; we should get their input.
- 17:21:16 [Ian]
- ack Rolf
- 17:21:19 [smcgruer_[EST]]
- q?
- 17:21:37 [Ian]
- Rolf: What is the clear statement of the problem?
- 17:21:53 [Ian]
- ...is the attack a dynamic URL? Bad icon?
- 17:22:24 [Ian]
- smcgruer_[EST]: The background to the original request for this functionality is that there are users of SPC who do not mind if the card art doesn't show.
- 17:22:46 [Ian]
- ...or e.g., CSP policy or other issues got in the way, and callers were ok with failure.
- 17:25:22 [Ian]
- Ian: I suggest decoupling data from UX. And saying UX could / should include generic card art
- 17:25:38 [Ian]
- John_Bradley: Yes, saying "show generic card art" or similar
- 17:25:47 [Ian]
- Ian: It's not necessarily cards.
- 17:25:56 [Ian]
- John_Bradley: Right, generic instrument icon
- 17:27:10 [smcgruer_[EST]]
- https://www.irccloud.com/pastebin/0Ov42m1s/
- 17:27:13 [Ian]
- John_Bradley: I think it's fair to say a generic instrument icon should be displayed when this error happens.
- 17:28:25 [Ian]
- smcgruer_[EST]: I think the PR is ready to go; please leave a comment on the PR.
- 17:28:52 [Ian]
- zakim, close item 1
- 17:28:52 [Zakim]
- I see a speaker queue remaining and respectfully decline to close this agendum, Ian
- 17:28:56 [Ian]
- zakim, take up item 2
- 17:28:56 [Zakim]
- agendum 2 -- New issue 172: Opt-out link enhancement -- taken up [from Ian]
- 17:29:03 [smcgruer_[EST]]
- q?
- 17:29:06 [smcgruer_[EST]]
- q- Ian
- 17:29:10 [Ian]
- -> https://github.com/w3c/secure-payment-confirmation/issues/172
- 17:29:31 [Ian]
- [Stephen summarizes 172]
- 17:29:59 [Ian]
- ....Stripe feels that some feature like this is necessary for them to use SPC
- 17:30:28 [Ian]
- John: What is diff between opt-out and cancel?
- 17:34:08 [SameerT]
- q+
- 17:35:54 [Ian]
- ack Sam
- 17:36:03 [Ian]
- Next meeting: 7 February
- 17:36:16 [Ian]
- RRSAGENT, make minutes
- 17:36:16 [RRSAgent]
- I have made the request to generate https://www.w3.org/2022/01/31-wpwg-spc-minutes.html Ian
- 17:36:22 [Ian]
- RRSAGENT, set logs public