Status: For discussion within the WPWG. Questions? Contact Ian Jacobs. ================================================================ PROPOSED TO MAKE PROGRESS BEFORE CANDIDATE RECOMMENDATION of V1 ------------------------------------ * Proposal: Enhancement - Opt-out link https://github.com/w3c/secure-payment-confirmation/issues/172 * Privacy consideration: GDPR. https://github.com/w3c/secure-payment-confirmation/issues/109 Status: Ian proposes that 172 subsumes this one. * Proposal: Add payeeName as alternative to payeeOrigin https://github.com/w3c/secure-payment-confirmation/issues/163 Status: Awaiting pull request from Chrome with new proposal. * Rich merchant details displayed in the payment confirmation dialog https://github.com/w3c/secure-payment-confirmation/issues/48 * Is the "payment" extension a part of Relying Party - Client Platform API signature? https://github.com/w3c/secure-payment-confirmation/issues/97 Status: Stephen to look into this with person who raised the issue. ------------------------------------ DISCUSS NEXT STEPS WITH PRIVACY CG / PING * Encrypt SPC Credential Identifiers in authentication flows to increase privacy https://github.com/w3c/secure-payment-confirmation/issues/77 * 10.2 define the mitigation https://github.com/w3c/secure-payment-confirmation/issues/142 Note: Now 11.2. Update: See pull request to remove example: https://github.com/w3c/secure-payment-confirmation/pull/176 * 10.3 & 10.4 define the mitigation https://github.com/w3c/secure-payment-confirmation/issues/143 Status: Stephen to create a pull request to remove "one possible way" from 11.3. Also, will add a sentence on users creating different accounts as a strategy for reducing the chances of instrument relation leaks. ------------------------------------ DISCUSS NEXT STEPS WITH WEBAUTHN WG * How do RPs determine when to enroll the user? https://github.com/w3c/secure-payment-confirmation/issues/124 See related WebAuthn issue (speaks about cookies, conditional UI): https://github.com/w3c/webauthn/issues/1639 * Impact of synced credentials on SPC https://github.com/w3c/secure-payment-confirmation/issues/174 * Consider separating the SPC powers of Third Party invocation and Payment display https://github.com/w3c/secure-payment-confirmation/issues/157 Track this one as well: https://github.com/w3c/webauthn/issues/1667 Status: Would like to understand how to work with Web Authn WG and CTAP on this one. * Clarification on requiring user activation for credential creation in cross-origin iframes to mitigation cross-site tracking https://github.com/w3c/secure-payment-confirmation/issues/128 See related issue for WebAuthn: https://github.com/w3c/webauthn/issues/1293 Status: Stephen to update proposal to implement user activation, with the option of removing that requirement pending further WebAuthn discussions. * Support for roaming authenticators https://github.com/w3c/secure-payment-confirmation/issues/12 * Is it possible for a user to downgrade a credential creation request? https://github.com/w3c/secure-payment-confirmation/issues/154 ------------------------------------ DISCUSS NEXT STEPS WITH I18N WG * Localization topics to address https://github.com/w3c/secure-payment-confirmation/issues/93 Status: I18N Working Group working with TAG https://github.com/w3c/i18n-discuss/blob/gh-pages/explainers/string-meta-explainer.md ------------------------------------ DISCUSS NEXT STEPS WITH WAI * Accessible icon information https://github.com/w3c/secure-payment-confirmation/issues/127 Status: See https://github.com/w3c/secure-payment-confirmation/pull/162#issuecomment-1056804794 ================================================================ PROPOSED FOR POST V1 ------------------------------------ MERCHANT SITE INTEGRATION * Dark Mode https://github.com/w3c/secure-payment-confirmation/issues/1 ------------------------------------ RETOOL THE API * Using CredentialsContainer.get() instead of Payment Request API https://github.com/w3c/secure-payment-confirmation/issues/56 * Should SPC be invokable outside of a PaymentRequest flow? https://github.com/w3c/secure-payment-confirmation/issues/65 * Make it easy to determine whether a user agent supports SPC https://github.com/w3c/secure-payment-confirmation/issues/81 ------------------------------------ LOW FRICTION FLOWS * How can SPC be used in conjunction with a frictionless 3DS flow? https://github.com/w3c/secure-payment-confirmation/issues/29 * Suggestion to enable Frictionless Flows https://github.com/w3c/secure-payment-confirmation/issues/34