13:58:20 <RRSAgent> RRSAgent has joined #wpwg
13:58:20 <RRSAgent> logging to https://www.w3.org/2022/05/26-wpwg-irc
13:58:22 <Ian> Meeting: Web Payments WG
13:58:32 <Ian> Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20220526
13:58:36 <Ian> Scribe: Ian
13:59:19 <RRSAgent> I have made the request to generate https://www.w3.org/2022/05/26-wpwg-minutes.html Ian
13:59:22 <Ian> present+
14:00:10 <Ian> agenda+ TPAC
14:00:16 <Ian> agenda+ Path to SPC/FIDO Integration in Chrome
14:00:20 <Ian> agenda+ Upcoming meetings
14:00:29 <benoit> present+
14:00:48 <Ian> present+ Stephen_McGruer
14:00:57 <Ian> present+ Matt_Crothers
14:01:23 <Ian> present+ Tomoya_Horiguchi
14:04:38 <Ian> present+ Nick_Telford-Reed
14:04:46 <Ian> present+ Ryan_Watkins
14:05:18 <Ian> zakim, take up item 1
14:05:18 <Zakim> agendum 1 -- TPAC -- taken up [from Ian]
14:06:56 <Ian> present+ Adrian
14:07:22 <adrianhb> adrianhb has joined #wpwg
14:07:49 <Ian> -> https://github.com/w3c/webpayments/wiki/Agenda-20220526
14:08:18 <Ian> Chair: Ian
14:08:26 <Ian> NickTR: Digital identity an interesting topic
14:08:40 <Ian> ...PSD3 starting up
14:09:01 <Ian> present+ Sue_Koomen
14:09:09 <Ian> NickTR: We could revisit DIDs and VCs
14:09:27 <Ian> ...I don't have a specific hypothesis yet but I'd like to explore further with likeminded folks at TPAC
14:09:51 <Ian> Ian: Any canada-specific initiatives?
14:10:33 <Ian> ACTION: David to look into interesting digital identity initiatives in Canada
14:11:24 <Ian> Ian: I was chatting with PCI; may invite them
14:11:39 <nicktr> this is one interesting whitepaper from Interac (wrt to Canada, Digital ID and payments) -> https://developer.interac.ca/wp-content/uploads/2020/07/How-Do-We-Get-People-to-Use-Digital-ID.pdf
14:12:01 <Ian> Ian: Anyone interested in Web3?
14:12:27 <Ian> Adrian: I am interested in hearing a definition first
14:14:44 <adrianhb> Suggest reaching out to Uchi from Coil for update on Web Monetization (he is based in Canada) or Alex from the Interledger Foundation
14:14:48 <clinton> clinton has joined #wpwg
14:15:20 <nicktr> q?
14:15:34 <Ian> Ian: Any other ideas?
14:15:53 <adrianhb> Payment Request beyond cards sounds interesting. Lots of A2A payments springing up in places where Open Banking is getting traction
14:16:04 <Ian> NickTR: On behalf of the co-Chairs; it's been a while since we got together. I have valued the hallway conversations at our FTF meetings
14:16:15 <Ian> ...we are keen to create as much opportunity as we can for those conversations.
14:16:39 <Ian> ...we the co-chairs can work to drum up guests and participants
14:16:43 <Ian> present+ Clinton_Allen
14:17:11 <Ian> ...we hope to be able to create some larger conversations among the four groups that will be there
14:17:33 <Ian> ...is there appetite to hold an in-person meeting?
14:17:51 <clinton> q+
14:18:05 <rwatkinsma> rwatkinsma has joined #wpwg
14:18:15 <Ian> ack clin
14:18:25 <smcgruer_[EST]> +1 to in person meeting (biased because my favourite gelato place in the world is in Vancouver)
14:18:34 <Ian> clinton: In terms of travel, EMVCo met in Berlin and it was well-attended and a really good meeting
14:19:24 <Ian> QUESTION: Should we hold an in-person meeting in Vancouver (likely 12, 13, maybe 14 Sep)
14:19:30 <smcgruer_[EST]> +21
14:19:32 <nicktr> +1
14:19:32 <benoit> +1
14:19:34 <Ian> +1
14:19:38 <MattCrothers> MattCrothers has joined #wpwg
14:19:42 <adrianhb> +1
14:19:47 <clinton> +1
14:19:51 <MattCrothers> +1
14:19:52 <rwatkinsma> +1 but will likely be unable to attend myself, not sure about other MA participants
14:20:57 <Ian> [We note strong support!]
14:21:01 <Ian> zakim, close item 1
14:21:01 <Zakim> agendum 1, TPAC, closed
14:21:02 <Zakim> I see 2 items remaining on the agenda; the next one is
14:21:02 <Zakim> 2. Path to SPC/FIDO Integration in Chrome [from Ian]
14:21:13 <Ian> ACTION: Ian to confirm we will hold an in-person meeting at TPAC
14:21:31 <Ian> SPC: From browser cache to FIDO/WebAuthn integration
14:21:38 <Ian> -> https://docs.google.com/document/d/1h6xgrp0Rwe9b3xs3RYgJ-3SJEwqjLP7jRtAc6DmBFbk/edit?pli=1#heading=h.ra69qdn2y337 document
14:22:14 <Ian> smcgruer_[EST]: I put this together to capture the various complexities in the relationship between SPC and WebAuthen/FIDO. I've charted a path from "current hack" to "good integration"
14:22:32 <Ian> ...I think a lot of this will involve joint discussions with WebAuthn/FIDO
14:22:47 <Ian> ...disclosure: this is not a formal plan; these are my thoughts
14:22:55 <Ian> NickTR: Are you attending FIDO meetings?
14:23:05 <Ian> smcgruer_[EST]: No; Christiaan Brand representing us
14:23:30 <Ian> ...there is a pull request out there to add the 3p bit to CTAP; awaiting an outcome there
14:23:56 <Ian> Ian: What would be the next SPC/WebAuthn steps if that goes well?
14:24:06 <Ian> smcgruer_[EST]: We'd start to ask the platform authenticators to implement that ability.
14:24:42 <Ian> ...second track is that there is other behavior currently in SPC that we should move to FIDO:
14:25:07 <Ian> a) Creation of a credential in a cross-origin iframe; we should ask them to reconsider that capability. Likely contentious but we should start having that conversation.
14:25:52 <Ian> b) Then we can decide in the WPWG whether we want to start transitioning to allow people to separate the concept of "payment" and "3p payment".
14:26:22 <clinton> q+
14:26:26 <Ian> ack clinton
14:26:40 <Ian> clinton: I'm trying to understand that distinction.
14:28:31 <Ian> smcgruer_[EST]: The question is whether a credential can be used (1) only by a relying party in 1p or 3p context versus (2) a non-RP in a 3p context.
14:28:52 <Ian> ...we need a new term for this
14:32:26 <Ian> smcgruer_[EST]: Today in a browser-caching world as soon as you create an SPC credential it is usable by a 3p. What my proposal document contains as part of milestone 1....we could separate the capabilities. We could simply create a new extension that allows SPC but only by RP.
14:32:58 <Ian> ...the real question today is "I would be using SPC but for the 3p usage!"
14:33:05 <Ian> ...if there's not loud interest today it will be further out
14:34:05 <Ian> zakim, take up item 3
14:34:05 <Zakim> agendum 3 -- Upcoming meetings -- taken up [from Ian]
14:34:21 <Ian> Next meeting: 23 June
14:34:24 <Ian> Please note no meeting on 9 June
14:34:56 <Ian> Topic: Opt-out (issue 172)
14:34:57 <Ian> https://github.com/w3c/secure-payment-confirmation/issues/172
14:35:12 <Ian> smcgruer_[EST]: We've got some ideas behind a flag and experimentation now possible.
14:35:57 <Ian> ...flag is passed to SPC
14:36:01 <Ian> ..optional opt-out
14:36:13 <Ian> ...if the user clicks "opt-out" there's a distinct error value
14:36:30 <Ian> ..to stop people from doing silent credential matching, there is a notification to the user
14:37:42 <Ian> clarification: the opt-out button is also available in the "no matching credentials" notification
14:38:11 <Ian> ....that is, the API caller does not know which UX the user got (1) matching credential (2) no matching credential
14:40:23 <Ian> Topic: Getting SPC to CR
14:41:00 <Ian> IJ: What would we need to be able to close 172?
14:41:12 <Ian> smcgruer_[EST]: Satisfaction with the proposal or saying we don't need anything at all.
14:41:25 <Ian> ...we also don't have official sign-off yet internally on the proposed approach.
14:41:56 <Ian> ACTION: smcgruer_[EST] to add to issue 172 that there's an experimental feature and to invite feedback.
14:42:12 <Ian> https://github.com/w3c/secure-payment-confirmation/issues?q=is%3Aissue+is%3Aopen+-label%3Aafter-v1
14:42:44 <smcgruer_[EST]> q+
14:42:52 <Ian> Ian: issue 12. Post v1?
14:43:46 <Ian> smcgruer_[EST]: I would like to see this post v1 from SPC POV. I think that FIDO folks are thinking that where browser knows about an authenticator we have all the bits in place. But it's non trivial complexity from an SPC spec perspective
14:44:22 <Ian> ACTION: Ian to work with Stephen on a pull request to characterize an expectation about roaming authenticator support after v1
14:46:19 <Ian> Ian: What about 154? Is that mostly for WebAuthn folks?
14:47:04 <Ian> Ian: Can we close 157 if the CTAP bit lands?
14:47:40 <Ian> smcgruer_[EST]: the bit landing won't make it work; there's more to do on the CTAP side (years)...in other words...there's a long path
14:48:49 <smcgruer_[EST]> q+
14:49:01 <Ian> ack smcgruer_[EST]
14:49:27 <Ian> smcgruer_[EST]: Do the chairs have a concept of what the CR version of SPC will look like?
14:50:00 <Ian> ...e.g., no browser caching before CR?
14:50:30 <Ian> ACTION: Ian to work with Chairs to describe the desired state of the specification at CR
14:50:52 <Ian> smcgruer_[EST]: My personal aspiration is to have a specification that we can get to Rec with 2 implementations
14:51:07 <smcgruer_[EST]> ^ --- wasnt me
14:51:25 <Ian> s/smcgruer_[EST]: My personal aspiration/NickTR: My personal aspiration
14:51:38 <Ian> nicktr: I don't know what that implies for browser cacheing.
14:51:58 <Ian> ..I also have some queasiness regarding SPC-as-payment-method
14:52:08 <smcgruer_[EST]> q+
14:52:24 <Ian> NickTR: ...but broadly, if we feel we can get it over the line, that would be a helpful signal to people, I'd be satisfied
14:52:27 <Ian> ack smcgruer_[EST]
14:52:43 <Ian> smcgruer_[EST]: Very good answer. I think then there are two questions
14:53:03 <Ian> 1) First there is the experience of a Web developer trying to use the API. The question there is "if I use this thing will it change on me in 1 year?"
14:53:24 <Ian> ...that's a great question that includes both the PR API question, but also the powers of 3p v 1p usage.
14:53:48 <Ian> 2) The implementer base (browsers)
14:54:25 <Ian> ...there, aside from their interest, I wonder what the concrete steps needed are. For example, platform-level support may or may not be required.
14:55:41 <Ian> q?
14:57:31 <Ian> RRSAGENT, make minutes
14:57:31 <RRSAgent> I have made the request to generate https://www.w3.org/2022/05/26-wpwg-minutes.html Ian
14:57:41 <Ian> RRSAGENT, set logs public