13:48:52 RRSAgent has joined #wpwg 13:48:56 logging to https://www.w3.org/2023/06/22-wpwg-irc 13:49:58 Meeting: Web Payments Working Group 13:50:07 Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20230622 13:50:13 Scribe: Ian 13:51:27 agenda+ TPAC Planning 13:51:34 agenda+ Status of SPC CR 13:51:41 agenda+ Status of Charter review 13:51:47 agenda+ Payment Request pull requests 13:51:52 agenda+ Mozilla Developer Network 13:52:00 agenda+ Next meeting 13:57:38 present+ 13:59:41 present+ Joel_di_Manno 13:59:41 present+ Arman_Aygen 14:00:09 present+ Amine_Khalfaoui 14:00:53 present+ Nick_Telford-Reed 14:00:57 SuzieAS has joined #wpwg 14:00:58 present+ Franck_Delache 14:01:10 present+ Rouslan_Solomakhin 14:01:19 present+ Stephen_McGruer 14:01:40 fdelache has joined #wpwg 14:01:45 present+ Arnaud_Crouzet 14:02:01 Anne has joined #wpwg 14:02:05 present+ Praveena_Subrahmanyam 14:02:08 present+ David_Benoit 14:02:11 present+ Anne_Pouillard 14:02:23 present+ Suzie-Annezo_Sebire 14:02:32 Chair: Nick 14:02:37 present+ Bastien_Latge 14:02:44 present+ Doug_Fisher 14:02:51 clinton has joined #WPWG 14:03:17 Bastien has joined #WPWG 14:04:07 Rolf has joined #wpwg 14:05:18 present+ Michael_Horne 14:05:18 present+ Jean-Luc_di_Manno 14:05:18 present+ Jeff_Owenson 14:05:50 zakim, who's here? 14:05:50 Present: Ian, Joel_di_Manno, Arman_Aygen, Amine_Khalfaoui, Nick_Telford-Reed, Franck_Delache, Rouslan_Solomakhin, Stephen_McGruer, Arnaud_Crouzet, Praveena_Subrahmanyam, 14:05:50 ... David_Benoit, Anne_Pouillard, Suzie-Annezo_Sebire, Bastien_Latge, Doug_Fisher, Michael_Horne, Jean-Luc_di_Manno, Jeff_Owenson 14:05:50 On IRC I see Rolf, Bastien, clinton, Anne, fdelache, SuzieAS, RRSAgent, Zakim, pea1358, canton_, benoit_, dlehn, TimCappalli, Github, sexymummy69, imlostlmao, npd, hober, 14:05:50 ... wanderview, smcgruer_[EST], ljharb, hadleybeeman, tobie, rbyers, Dongwoo, nicktr, slightlyoff, weiler, Ian 14:06:01 zakim, take up item 1 14:06:02 agendum 1 -- TPAC Planning -- taken up [from Ian] 14:06:09 present+ Rolf_Lindemann 14:06:22 -> https://www.w3.org/2023/09/TPAC/registration.html Registration 14:06:45 present+ Clinton_Allen 14:06:58 q? 14:07:04 present+ 14:09:09 present+ Gerhard_Oosthuizen 14:09:13 zakim, close item 1 14:09:13 agendum 1, TPAC Planning, closed 14:09:14 I see 5 items remaining on the agenda; the next one is 14:09:14 2. Status of SPC CR [from Ian] 14:09:16 zakim, take up item 2 14:09:16 agendum 2 -- Status of SPC CR -- taken up [from Ian] 14:09:27 * CR Published 14:09:39 https://www.w3.org/press-releases/2023/spc-cr/#testimonials 14:09:53 JeanLuc has joined #WPWG 14:10:29 scribenick: nicktr 14:10:33 present+ Jorge_Vargas 14:10:38 ian: SPC is now a CR 14:10:56 ian: it is a "snapshot" - a version in a moment of time 14:11:07 ...we have started adding new PR 14:11:16 https://www.w3.org/TR/secure-payment-confirmation/ 14:11:16 ...including "isSPCAvailable?" 14:11:32 ... so it now says "DRAFT" as a status 14:11:52 ...indicating that horizontal review and CfC is required 14:12:21 ian: at some point, we will go back through CR to achieve horizontal review and CFC 14:12:41 ...and then when we have a second implementation, we will advance to REC 14:12:53 Ian: We merged https://github.com/w3c/secure-payment-confirmation/pull/233 14:13:02 Stephen: We expect to ship in Chrome 117 14:13:08 ...stable in early September 14:13:23 ian: any questions on the status ? 14:13:35 s/ship/ship isSecurePaymentAvailable/ 14:13:59 ian: as an aside, the W3C adopted its new process last week 14:14:01 https://www.w3.org/2023/Process-20230612/ 14:14:16 ian: this is first version of process with the Director 14:14:25 ...this is process-- timbl 14:15:04 ian: we have been through the formal objection process handled by a council (which was a "beta") and it is now the norm 14:15:07 zakim, close item 2 14:15:07 agendum 2, Status of SPC CR, closed 14:15:08 I see 4 items remaining on the agenda; the next one is 14:15:08 3. Status of Charter review [from Ian] 14:15:11 zakim, take up item 3 14:15:11 agendum 3 -- Status of Charter review -- taken up [from Ian] 14:15:31 ian: two hours before the end of the review period, we got a formal objection 14:15:58 ...we can continue to work (our charter is good through Dec 24) 14:16:17 ...staff must now initiate the process to review the formal objection 14:16:29 present+ Sameer_Tare 14:16:32 ...it was not made public so only members can see the objection 14:18:15 ian: we will create a team report, which the council will review (ian shares an example of a previous report) 14:18:19 q+ 14:19:20 ian: councils are now efficient, and this is the third objection from the same organisation 14:19:25 ack clinton 14:20:10 SameerT has joined #wpwg 14:20:32 clinton: could you say more about the objections? 14:20:44 ian: we had some editorial suggestions 14:21:08 ian: FIME suggested it would be helpful for the group to work on UI requirements 14:21:41 ian: Jean-Luc and I chatted. I have prepared a response. 14:22:13 q? 14:22:21 present+ John_Bradley 14:22:54 ian: I will write up the history of the objections for the council 14:23:23 ian: if anyone wants more detail - please contact Ian 14:23:45 zakim, close item 3 14:23:45 agendum 3, Status of Charter review, closed 14:23:45 ian: the big q: how long will this take to resolve? a: we hope well before TPAC 14:23:46 I see 3 items remaining on the agenda; the next one is 14:23:46 4. Payment Request pull requests [from Ian] 14:23:51 zakim, take up item 4 14:23:51 agendum 4 -- Payment Request pull requests -- taken up [from Ian] 14:23:59 scribenick: ian 14:24:15 -> https://github.com/w3c/payment-request/pull/1009 User activation 14:24:31 smcgruer_[EST]: Recall that Payment request requires a "user activation". 14:24:46 ...the user needs to have interacted with the page recently 14:25:03 ...we've heard that this restriction can be problematic, notably in redirect flows 14:25:14 ...imagine a site that aggregates merchants 14:25:34 ...the aggregator might redirect the user to a specific merchant, and the merchant doesn't want to force the user to interact with the site again 14:25:58 ...we spoke a lot with our security/privacy team internally and our conclusion in Chrome is that the use cases are worth the (small) risk 14:26:26 ...pull request 1009 changes PR API to not require user activation (though user agent MAY require a user activation) 14:27:22 Ian: How will SPC change? 14:27:35 smcgruer_[EST]: We eventually will change the spec, but no behavioral change 14:28:09 +1 14:28:09 nicktr: Can you speak a bit to the risks? 14:28:48 smcgruer_[EST]: We have, in general, been looking at what user activation protects against. My understanding is that it doesn't protect against much, in part because it's trivial to get a user to interact with your page in some capacity. 14:29:09 ...but user activation protects against two things (1) spam 14:29:31 ...for example, we saw good results from making popups subject to user activation 14:30:06 ...we have mitigations around Payment Request to not allow repeated calls to the API. You get "one for free" and afterwards require user activations 14:30:17 ...(2) the second big risk is phishing 14:30:44 ...we have a standard anti-clickjacking mechanism to prevent against this 14:31:14 nickTR: From a user activation perspective...the user activaltion in PR API is in the modal. Is user activation within the modal, or anywhere on the site? 14:31:20 smcgruer_[EST]: The user activation is pre-modal 14:31:25 q+ 14:31:27 ack me 14:31:50 Ian: Can you do user activation through Web Driver? 14:33:06 smcgruer_[EST]: Web driver not active for users. And it cannot be activated within a page; it is triggered externally. 14:33:33 q? 14:34:19 Proposal: Update Payment Request API to allow but not require user activation prior to show(). 14:34:26 +1 14:34:29 +1 14:34:47 praveenas has joined #wpwg 14:34:51 [Versioning and other pull requests] 14:36:10 Arman has joined #WPWG 14:37:47 https://www.w3.org/TR/payment-request-1.1/ 14:38:03 https://w3c.github.io/payment-request/ 14:38:03 scribe: ian, nicktr 14:38:41 ian: options: mark as non-normative, put in V1.1, 14:39:02 ian: we know Marcos would prefer the former 14:39:24 ian: I am scheduling a meeting with the spec editors and then we will revert to the group 14:40:06 ian: questions? 14:40:21 rouslan: In Chrome, we also prefer unversioned specs 14:40:49 smcgruer_[EST]: We generally care about the Editor's draft most 14:42:20 ian: we will have to address both the privacy and 118n implications if we reintroduce addresses 14:42:31 zakim, close this item 14:42:31 agendum 4 closed 14:42:32 I see 2 items remaining on the agenda; the next one is 14:42:32 5. Mozilla Developer Network [from Ian] 14:42:39 zakim, take up item 5 14:42:39 agendum 5 -- Mozilla Developer Network -- taken up [from Ian] 14:44:28 https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md 14:45:09 ACTION: Nick to work with Ian and editors on MDN data 14:45:37 zakim, take up next item 14:45:37 agendum 6 -- Next meeting -- taken up [from Ian] 14:45:55 20 July 14:46:22 RRSAGENT, make minutes 14:46:23 I have made the request to generate https://www.w3.org/2023/06/22-wpwg-minutes.html Ian 14:46:25 RRSAGENT, set logs public 14:46:44 rrsagent, bye 14:46:44 I see 1 open action item saved in https://www.w3.org/2023/06/22-wpwg-actions.rdf : 14:46:44 ACTION: Nick to work with Ian and editors on MDN data [1] 14:46:44 recorded in https://www.w3.org/2023/06/22-wpwg-irc#T14-45-09 14:46:44 zakim, bye 14:46:44 leaving. As of this point the attendees have been Ian, Joel_di_Manno, Arman_Aygen, Amine_Khalfaoui, Nick_Telford-Reed, Franck_Delache, Rouslan_Solomakhin, Stephen_McGruer, 14:46:44 Zakim has left #wpwg