16:59:20 RRSAgent has joined #wpwg-spc 16:59:20 logging to https://www.w3.org/2022/02/28-wpwg-spc-irc 16:59:24 Meeting: SPC Task Force 16:59:42 Agenda: https://lists.w3.org/Archives/Public/public-payments-wg/2022Feb/0009.html 16:59:47 Chair: Ian 16:59:49 Scribe: Ian 16:59:50 present+ 16:59:54 present+ Steve_Cole 17:00:39 agenda+ SPC task force scheduling 17:00:46 agenda+ Issue triage and prioritization 17:01:47 present+ Nick_Burris 17:01:50 present+ Stephen_McGruer 17:02:05 present+ John_Bradley 17:02:11 present+ Sameer_Tare 17:02:47 regrets+ Carey 17:02:57 SameerT has joined #wpwg-spc 17:03:08 zakim, take up item 1 17:03:08 agendum 1 -- SPC task force scheduling -- taken up [from Ian] 17:03:32 present+ Doug_Fisher 17:03:42 Proposed: Move SPC task force discussions to the Thursday WPWG cal 17:03:51 +1 17:03:56 +1 17:04:21 John: +1 17:04:27 SteveC: +1 17:04:34 (No objections) 17:04:48 ACTION: Ian to announce to WG that SPC discussions will move to main meeting. 17:04:56 ...and to end the Monday meeting series. 17:05:09 [Anne said +1 to this] 17:05:11 SteveC has joined #wpwg-spc 17:05:17 zakim, close item 1 17:05:17 agendum 1, SPC task force scheduling, closed 17:05:18 I see 1 item remaining on the agenda: 17:05:18 2. Issue triage and prioritization [from Ian] 17:05:20 zakim, take up item 2 17:05:20 agendum 2 -- Issue triage and prioritization -- taken up [from Ian] 17:06:17 * Experiment feedback 17:06:31 * Issue management 17:06:33 * Horizontal review 17:07:09 * Test suite (later) 17:07:30 * Implementation stability 17:08:37 present+ Clinton_Allen 17:09:36 Stephen: We've already done v1 from our perspective. 17:09:56 ...we think it's stable, but we are planning to make a breaking change (RPID) 17:10:19 Ian: Any other breaking changes envisioned? 17:10:24 Stephen: Not that I'm aware of. 17:10:31 Stephen: Here's what we are thinking about: 17:11:07 1) Experimental feedback. We hope to have something from Adyen/Airbnb. We've heard from Stripe that they are depending on the opt-out. 17:11:45 2) For issue management, I think that our biggest concerns from Chrome perspective are (1) opt-out and (2) web authentication integration 17:11:58 ...until we have those, I don't think we can consider SPC a v1 API ready to advance 17:12:36 3) Regarding test suite; WPT has pretty good coverage for that which we consider testable. 17:12:43 ...we could imagine a manual test suite as well 17:13:34 Ian: what does "web auth integration" mean here? 17:14:21 Stephen: Want to get rid of in-browser cache and get to something that has cross browser and synched support. 17:16:07 ...we have two dependencies today on the platform. 17:16:51 https://w3c.github.io/secure-payment-confirmation/#steps-to-determine-if-a-credential-is-spc-enabled 17:16:56 https://w3c.github.io/secure-payment-confirmation/#steps-to-silently-determine-if-a-credential-is-available-for-the-current-device 17:17:40 s/dependencies/unmet dependencies 17:17:41 Ian: Any other pieces that are critical to resolve? 17:17:59 John_Bradley: I agree that the most critical thing to resolve is what we are asking WebAuthn/CTAP to store 17:18:23 Ian: Is there an active thread in CTAP? 17:18:43 q+ 17:18:45 John: No. The threads in the WebAuthn WG are mostly going to come down to "we need a clear request from the Web Payments WG." 17:18:49 ack sm 17:19:12 smcgruer_[EST]: My takeaway was that WebAuthn folks said "not our problem; figure out CTAP and then come back to us." 17:19:39 ...we have not yet figured out how to get progress in CTAP 17:19:56 John: Google and CABLE will need CTAP support in addition to others 17:21:00 q+ 17:21:15 ack me 17:21:16 https://github.com/w3c/secure-payment-confirmation/issues/157#issuecomment-993877775 17:23:56 John: This looks like it's come down to a single bit for "cross-origin" and all WebAuthn credentials can be used for payments. 17:24:05 ...in a 1p context 17:25:09 Stephen: An RP can use subdomains to control usage 17:25:42 (Ian notes that is captured in the write-up; whew.) 17:26:06 John: We are working on multi-device passkey stuff, and flags to indicate whether a credential is multi-device. 17:26:18 ...this could potentially fit into that work 17:26:28 ...the flags are defined in WebAuthn and implemented in CTAP. 17:27:55 q? 17:27:58 q+ 17:28:14 Ian: Should we add to issue WebAuthn 1695? 17:28:28 John: We have one extra bit 17:28:38 ack sm 17:29:06 smcgruer_[EST]: Are you asking for us to post our summary (157) into 1667? 17:29:08 John: +1 17:30:34 ACTION: Stephen to point out our "proposal" on WebAuthn issue 1667 17:31:02 Topic: Next meeting 17:31:07 3 March WPWG call 17:31:16 ...no further monday meetings until further notice 17:31:45 ACTION: Ian to work with Stephen on triaging issues list for WPWG consideration 17:31:52 I have made the request to generate https://www.w3.org/2022/02/28-wpwg-spc-minutes.html Ian 17:34:25 RRSAGENT, bye 17:34:25 I see 3 open action items saved in https://www.w3.org/2022/02/28-wpwg-spc-actions.rdf : 17:34:25 ACTION: Ian to announce to WG that SPC discussions will move to main meeting. [1] 17:34:25 recorded in https://www.w3.org/2022/02/28-wpwg-spc-irc#T17-04-48 17:34:25 ACTION: Stephen to point out our "proposal" on WebAuthn issue 1667 [2] 17:34:25 recorded in https://www.w3.org/2022/02/28-wpwg-spc-irc#T17-30-34 17:34:25 ACTION: Ian to work with Stephen on triaging issues list for WPWG consideration [3] 17:34:25 recorded in https://www.w3.org/2022/02/28-wpwg-spc-irc#T17-31-45 17:34:27 zakim, bye 17:34:27 leaving. As of this point the attendees have been Ian, Steve_Cole, Nick_Burris, Stephen_McGruer, John_Bradley, Sameer_Tare, Doug_Fisher, Clinton_Allen 17:34:27 Zakim has left #wpwg-spc