IRC log of wpwg-spc on 2022-01-31

Timestamps are in UTC.

16:59:33 [RRSAgent]
RRSAgent has joined #wpwg-spc
16:59:33 [RRSAgent]
logging to https://www.w3.org/2022/01/31-wpwg-spc-irc
17:00:15 [Ian]
Meeting: SPC Task Force
17:00:17 [Ian]
Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2022Jan/0049.html
17:00:18 [Ian]
Chair: Ian
17:00:20 [Ian]
present+
17:00:23 [Ian]
present+ John_Bradley
17:00:33 [Ian]
regrets+ Praveena_Subrahmanyam
17:00:43 [Ian]
agenda+ Proposal to address issue 125 (failed icon download)
17:00:52 [Ian]
agenda+ New issue 172: Opt-out link enhancement
17:01:28 [Ian]
present+ Nick_Burris
17:01:33 [DougF]
DougF has joined #wpwg-spc
17:02:30 [Ian]
present+ Doug_Fisher
17:03:50 [Ian]
present+ Clinton_Allen
17:03:55 [Ian]
present+ Stephen_McGruer
17:04:00 [Ian]
present+ Sameer_Tare
17:04:18 [Ian]
zakim, take up item 1
17:04:18 [Zakim]
agendum 1 -- Proposal to address issue 125 (failed icon download) -- taken up [from Ian]
17:04:41 [Ian]
-> https://github.com/w3c/secure-payment-confirmation/issues/125#issuecomment-1021196522 Proposal
17:05:04 [Ian]
smcgruer_[EST]: Proposal is optional input to say "ok if it doesn't download"
17:05:59 [Rolf]
Rolf has joined #wpwg-spc
17:06:04 [Ian]
..question of whether it's possible to remove a WebIDL field.
17:06:37 [Ian]
John_Bradley: Some concerns about "removal"; zeroing may be more reliable behavior
17:06:48 [Ian]
regrets+ Jean-Carlo
17:07:20 [Ian]
Doug: What is the status of "placeholder" versus "removal"?
17:07:27 [Ian]
...I would prefer placeholder rather than no icon
17:07:36 [Ian]
present+ Werner_Bruinings
17:07:42 [Ian]
present+ Rolf_Lindemann
17:07:51 [SameerT]
SameerT has joined #wpwg-spc
17:08:21 [Ian]
Ian: What type of icon do you mean?
17:08:26 [Ian]
Doug: Browser-based
17:08:33 [Ian]
q?
17:09:08 [Ian]
smcgruer_[EST]: I hear 2 things:
17:09:23 [Ian]
a) Did the browser show something or literally nothing?
17:09:42 [Ian]
b) If the browser shows something, it would be a PNG that shipped with the browser.
17:10:02 [Ian]
Doug: From a validator POV, you'd always be able to verify that either the proper card art was shown, or a default logo for the browser was shown.
17:10:15 [Ian]
John: The browser could also use a URL or URN here.
17:12:09 [Ian]
IJ: Is there a difference from the perspective of the validator?
17:14:16 [Ian]
q?
17:14:28 [Ian]
JohN: The merchant can always tamper with the card art URL.
17:14:37 [Ian]
...you need to validate the assertion in all cases
17:15:42 [Ian]
....might make server side processing easier if there's always the same data type (e.g., a URL)
17:17:13 [Ian]
Doug: I think the boolean would be useful for the validator.
17:17:15 [SameerT]
q+
17:17:39 [Ian]
Doug: Possibly from a UI perspective I would like to "not see something wrong" (e.g., missing card art)
17:17:51 [Ian]
...I would not want it to look different each time; would like to see a persistent backup.
17:17:53 [Ian]
ack SameerT
17:19:40 [Ian]
q+
17:20:36 [Rolf]
q+
17:21:07 [Ian]
John_Bradley: The question of "typing" might be why Stripe wanted the member removed rather than being empty; we should get their input.
17:21:16 [Ian]
ack Rolf
17:21:19 [smcgruer_[EST]]
q?
17:21:37 [Ian]
Rolf: What is the clear statement of the problem?
17:21:53 [Ian]
...is the attack a dynamic URL? Bad icon?
17:22:24 [Ian]
smcgruer_[EST]: The background to the original request for this functionality is that there are users of SPC who do not mind if the card art doesn't show.
17:22:46 [Ian]
...or e.g., CSP policy or other issues got in the way, and callers were ok with failure.
17:25:22 [Ian]
Ian: I suggest decoupling data from UX. And saying UX could / should include generic card art
17:25:38 [Ian]
John_Bradley: Yes, saying "show generic card art" or similar
17:25:47 [Ian]
Ian: It's not necessarily cards.
17:25:56 [Ian]
John_Bradley: Right, generic instrument icon
17:27:10 [smcgruer_[EST]]
https://www.irccloud.com/pastebin/0Ov42m1s/
17:27:13 [Ian]
John_Bradley: I think it's fair to say a generic instrument icon should be displayed when this error happens.
17:28:25 [Ian]
smcgruer_[EST]: I think the PR is ready to go; please leave a comment on the PR.
17:28:52 [Ian]
zakim, close item 1
17:28:52 [Zakim]
I see a speaker queue remaining and respectfully decline to close this agendum, Ian
17:28:56 [Ian]
zakim, take up item 2
17:28:56 [Zakim]
agendum 2 -- New issue 172: Opt-out link enhancement -- taken up [from Ian]
17:29:03 [smcgruer_[EST]]
q?
17:29:06 [smcgruer_[EST]]
q- Ian
17:29:10 [Ian]
-> https://github.com/w3c/secure-payment-confirmation/issues/172
17:29:31 [Ian]
[Stephen summarizes 172]
17:29:59 [Ian]
....Stripe feels that some feature like this is necessary for them to use SPC
17:30:28 [Ian]
John: What is diff between opt-out and cancel?
17:34:08 [SameerT]
q+
17:35:54 [Ian]
ack Sam
17:36:03 [Ian]
Next meeting: 7 February
17:36:16 [Ian]
RRSAGENT, make minutes
17:36:16 [RRSAgent]
I have made the request to generate https://www.w3.org/2022/01/31-wpwg-spc-minutes.html Ian
17:36:22 [Ian]
RRSAGENT, set logs public