IRC log of wpwg on 2023-06-22
Timestamps are in UTC.
- 13:48:52 [RRSAgent]
- RRSAgent has joined #wpwg
- 13:48:56 [RRSAgent]
- logging to https://www.w3.org/2023/06/22-wpwg-irc
- 13:49:58 [Ian]
- Meeting: Web Payments Working Group
- 13:50:07 [Ian]
- Agenda: https://github.com/w3c/webpayments/wiki/Agenda-20230622
- 13:50:13 [Ian]
- Scribe: Ian
- 13:51:27 [Ian]
- agenda+ TPAC Planning
- 13:51:34 [Ian]
- agenda+ Status of SPC CR
- 13:51:41 [Ian]
- agenda+ Status of Charter review
- 13:51:47 [Ian]
- agenda+ Payment Request pull requests
- 13:51:52 [Ian]
- agenda+ Mozilla Developer Network
- 13:52:00 [Ian]
- agenda+ Next meeting
- 13:57:38 [Ian]
- present+
- 13:59:41 [Ian]
- present+ Joel_di_Manno
- 13:59:41 [Ian]
- present+ Arman_Aygen
- 14:00:09 [Ian]
- present+ Amine_Khalfaoui
- 14:00:53 [Ian]
- present+ Nick_Telford-Reed
- 14:00:57 [SuzieAS]
- SuzieAS has joined #wpwg
- 14:00:58 [Ian]
- present+ Franck_Delache
- 14:01:10 [Ian]
- present+ Rouslan_Solomakhin
- 14:01:19 [Ian]
- present+ Stephen_McGruer
- 14:01:40 [fdelache]
- fdelache has joined #wpwg
- 14:01:45 [Ian]
- present+ Arnaud_Crouzet
- 14:02:01 [Anne]
- Anne has joined #wpwg
- 14:02:05 [Ian]
- present+ Praveena_Subrahmanyam
- 14:02:08 [Ian]
- present+ David_Benoit
- 14:02:11 [Ian]
- present+ Anne_Pouillard
- 14:02:23 [Ian]
- present+ Suzie-Annezo_Sebire
- 14:02:32 [Ian]
- Chair: Nick
- 14:02:37 [Ian]
- present+ Bastien_Latge
- 14:02:44 [Ian]
- present+ Doug_Fisher
- 14:02:51 [clinton]
- clinton has joined #WPWG
- 14:03:17 [Bastien]
- Bastien has joined #WPWG
- 14:04:07 [Rolf]
- Rolf has joined #wpwg
- 14:05:18 [Ian]
- present+ Michael_Horne
- 14:05:18 [Ian]
- present+ Jean-Luc_di_Manno
- 14:05:18 [Ian]
- present+ Jeff_Owenson
- 14:05:50 [Ian]
- zakim, who's here?
- 14:05:50 [Zakim]
- Present: Ian, Joel_di_Manno, Arman_Aygen, Amine_Khalfaoui, Nick_Telford-Reed, Franck_Delache, Rouslan_Solomakhin, Stephen_McGruer, Arnaud_Crouzet, Praveena_Subrahmanyam,
- 14:05:50 [Zakim]
- ... David_Benoit, Anne_Pouillard, Suzie-Annezo_Sebire, Bastien_Latge, Doug_Fisher, Michael_Horne, Jean-Luc_di_Manno, Jeff_Owenson
- 14:05:50 [Zakim]
- On IRC I see Rolf, Bastien, clinton, Anne, fdelache, SuzieAS, RRSAgent, Zakim, pea1358, canton_, benoit_, dlehn, TimCappalli, Github, sexymummy69, imlostlmao, npd, hober,
- 14:05:50 [Zakim]
- ... wanderview, smcgruer_[EST], ljharb, hadleybeeman, tobie, rbyers, Dongwoo, nicktr, slightlyoff, weiler, Ian
- 14:06:01 [Ian]
- zakim, take up item 1
- 14:06:02 [Zakim]
- agendum 1 -- TPAC Planning -- taken up [from Ian]
- 14:06:09 [Ian]
- present+ Rolf_Lindemann
- 14:06:22 [Ian]
- -> https://www.w3.org/2023/09/TPAC/registration.html Registration
- 14:06:45 [Ian]
- present+ Clinton_Allen
- 14:06:58 [nicktr]
- q?
- 14:07:04 [Bastien]
- present+
- 14:09:09 [Ian]
- present+ Gerhard_Oosthuizen
- 14:09:13 [Ian]
- zakim, close item 1
- 14:09:13 [Zakim]
- agendum 1, TPAC Planning, closed
- 14:09:14 [Zakim]
- I see 5 items remaining on the agenda; the next one is
- 14:09:14 [Zakim]
- 2. Status of SPC CR [from Ian]
- 14:09:16 [Ian]
- zakim, take up item 2
- 14:09:16 [Zakim]
- agendum 2 -- Status of SPC CR -- taken up [from Ian]
- 14:09:27 [Ian]
- * CR Published
- 14:09:39 [Ian]
- https://www.w3.org/press-releases/2023/spc-cr/#testimonials
- 14:09:53 [JeanLuc]
- JeanLuc has joined #WPWG
- 14:10:29 [nicktr]
- scribenick: nicktr
- 14:10:33 [Ian]
- present+ Jorge_Vargas
- 14:10:38 [nicktr]
- ian: SPC is now a CR
- 14:10:56 [nicktr]
- ian: it is a "snapshot" - a version in a moment of time
- 14:11:07 [nicktr]
- ...we have started adding new PR
- 14:11:16 [Ian]
- https://www.w3.org/TR/secure-payment-confirmation/
- 14:11:16 [nicktr]
- ...including "isSPCAvailable?"
- 14:11:32 [nicktr]
- ... so it now says "DRAFT" as a status
- 14:11:52 [nicktr]
- ...indicating that horizontal review and CfC is required
- 14:12:21 [nicktr]
- ian: at some point, we will go back through CR to achieve horizontal review and CFC
- 14:12:41 [nicktr]
- ...and then when we have a second implementation, we will advance to REC
- 14:12:53 [Ian]
- Ian: We merged https://github.com/w3c/secure-payment-confirmation/pull/233
- 14:13:02 [Ian]
- Stephen: We expect to ship in Chrome 117
- 14:13:08 [Ian]
- ...stable in early September
- 14:13:23 [nicktr]
- ian: any questions on the status ?
- 14:13:35 [smcgruer_[EST]]
- s/ship/ship isSecurePaymentAvailable/
- 14:13:59 [nicktr]
- ian: as an aside, the W3C adopted its new process last week
- 14:14:01 [Ian]
- https://www.w3.org/2023/Process-20230612/
- 14:14:16 [nicktr]
- ian: this is first version of process with the Director
- 14:14:25 [nicktr]
- ...this is process-- timbl
- 14:15:04 [nicktr]
- ian: we have been through the formal objection process handled by a council (which was a "beta") and it is now the norm
- 14:15:07 [Ian]
- zakim, close item 2
- 14:15:07 [Zakim]
- agendum 2, Status of SPC CR, closed
- 14:15:08 [Zakim]
- I see 4 items remaining on the agenda; the next one is
- 14:15:08 [Zakim]
- 3. Status of Charter review [from Ian]
- 14:15:11 [Ian]
- zakim, take up item 3
- 14:15:11 [Zakim]
- agendum 3 -- Status of Charter review -- taken up [from Ian]
- 14:15:31 [nicktr]
- ian: two hours before the end of the review period, we got a formal objection
- 14:15:58 [nicktr]
- ...we can continue to work (our charter is good through Dec 24)
- 14:16:17 [nicktr]
- ...staff must now initiate the process to review the formal objection
- 14:16:29 [Ian]
- present+ Sameer_Tare
- 14:16:32 [nicktr]
- ...it was not made public so only members can see the objection
- 14:18:15 [nicktr]
- ian: we will create a team report, which the council will review (ian shares an example of a previous report)
- 14:18:19 [clinton]
- q+
- 14:19:20 [nicktr]
- ian: councils are now efficient, and this is the third objection from the same organisation
- 14:19:25 [Ian]
- ack clinton
- 14:20:10 [SameerT]
- SameerT has joined #wpwg
- 14:20:32 [nicktr]
- clinton: could you say more about the objections?
- 14:20:44 [nicktr]
- ian: we had some editorial suggestions
- 14:21:08 [nicktr]
- ian: FIME suggested it would be helpful for the group to work on UI requirements
- 14:21:41 [nicktr]
- ian: Jean-Luc and I chatted. I have prepared a response.
- 14:22:13 [nicktr]
- q?
- 14:22:21 [Ian]
- present+ John_Bradley
- 14:22:54 [nicktr]
- ian: I will write up the history of the objections for the council
- 14:23:23 [nicktr]
- ian: if anyone wants more detail - please contact Ian
- 14:23:45 [Ian]
- zakim, close item 3
- 14:23:45 [Zakim]
- agendum 3, Status of Charter review, closed
- 14:23:45 [nicktr]
- ian: the big q: how long will this take to resolve? a: we hope well before TPAC
- 14:23:46 [Zakim]
- I see 3 items remaining on the agenda; the next one is
- 14:23:46 [Zakim]
- 4. Payment Request pull requests [from Ian]
- 14:23:51 [Ian]
- zakim, take up item 4
- 14:23:51 [Zakim]
- agendum 4 -- Payment Request pull requests -- taken up [from Ian]
- 14:23:59 [nicktr]
- scribenick: ian
- 14:24:15 [Ian]
- -> https://github.com/w3c/payment-request/pull/1009 User activation
- 14:24:31 [Ian]
- smcgruer_[EST]: Recall that Payment request requires a "user activation".
- 14:24:46 [Ian]
- ...the user needs to have interacted with the page recently
- 14:25:03 [Ian]
- ...we've heard that this restriction can be problematic, notably in redirect flows
- 14:25:14 [Ian]
- ...imagine a site that aggregates merchants
- 14:25:34 [Ian]
- ...the aggregator might redirect the user to a specific merchant, and the merchant doesn't want to force the user to interact with the site again
- 14:25:58 [Ian]
- ...we spoke a lot with our security/privacy team internally and our conclusion in Chrome is that the use cases are worth the (small) risk
- 14:26:26 [Ian]
- ...pull request 1009 changes PR API to not require user activation (though user agent MAY require a user activation)
- 14:27:22 [Ian]
- Ian: How will SPC change?
- 14:27:35 [Ian]
- smcgruer_[EST]: We eventually will change the spec, but no behavioral change
- 14:28:09 [SameerT]
- +1
- 14:28:09 [Ian]
- nicktr: Can you speak a bit to the risks?
- 14:28:48 [Ian]
- smcgruer_[EST]: We have, in general, been looking at what user activation protects against. My understanding is that it doesn't protect against much, in part because it's trivial to get a user to interact with your page in some capacity.
- 14:29:09 [Ian]
- ...but user activation protects against two things (1) spam
- 14:29:31 [Ian]
- ...for example, we saw good results from making popups subject to user activation
- 14:30:06 [Ian]
- ...we have mitigations around Payment Request to not allow repeated calls to the API. You get "one for free" and afterwards require user activations
- 14:30:17 [Ian]
- ...(2) the second big risk is phishing
- 14:30:44 [Ian]
- ...we have a standard anti-clickjacking mechanism to prevent against this
- 14:31:14 [Ian]
- nickTR: From a user activation perspective...the user activaltion in PR API is in the modal. Is user activation within the modal, or anywhere on the site?
- 14:31:20 [Ian]
- smcgruer_[EST]: The user activation is pre-modal
- 14:31:25 [Ian]
- q+
- 14:31:27 [Ian]
- ack me
- 14:31:50 [Ian]
- Ian: Can you do user activation through Web Driver?
- 14:33:06 [Ian]
- smcgruer_[EST]: Web driver not active for users. And it cannot be activated within a page; it is triggered externally.
- 14:33:33 [Ian]
- q?
- 14:34:19 [Ian]
- Proposal: Update Payment Request API to allow but not require user activation prior to show().
- 14:34:26 [nicktr]
- +1
- 14:34:29 [Anne]
- +1
- 14:34:47 [praveenas]
- praveenas has joined #wpwg
- 14:34:51 [Ian]
- [Versioning and other pull requests]
- 14:36:10 [Arman]
- Arman has joined #WPWG
- 14:37:47 [Ian]
- https://www.w3.org/TR/payment-request-1.1/
- 14:38:03 [Ian]
- https://w3c.github.io/payment-request/
- 14:38:03 [nicktr]
- scribe: ian, nicktr
- 14:38:41 [nicktr]
- ian: options: mark as non-normative, put in V1.1, <did I miss one>
- 14:39:02 [nicktr]
- ian: we know Marcos would prefer the former
- 14:39:24 [nicktr]
- ian: I am scheduling a meeting with the spec editors and then we will revert to the group
- 14:40:06 [nicktr]
- ian: questions?
- 14:40:21 [Ian]
- rouslan: In Chrome, we also prefer unversioned specs
- 14:40:49 [Ian]
- smcgruer_[EST]: We generally care about the Editor's draft most
- 14:42:20 [nicktr]
- ian: we will have to address both the privacy and 118n implications if we reintroduce addresses
- 14:42:31 [Ian]
- zakim, close this item
- 14:42:31 [Zakim]
- agendum 4 closed
- 14:42:32 [Zakim]
- I see 2 items remaining on the agenda; the next one is
- 14:42:32 [Zakim]
- 5. Mozilla Developer Network [from Ian]
- 14:42:39 [Ian]
- zakim, take up item 5
- 14:42:39 [Zakim]
- agendum 5 -- Mozilla Developer Network -- taken up [from Ian]
- 14:44:28 [Ian]
- https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md
- 14:45:09 [Ian]
- ACTION: Nick to work with Ian and editors on MDN data
- 14:45:37 [Ian]
- zakim, take up next item
- 14:45:37 [Zakim]
- agendum 6 -- Next meeting -- taken up [from Ian]
- 14:45:55 [Ian]
- 20 July
- 14:46:22 [Ian]
- RRSAGENT, make minutes
- 14:46:23 [RRSAgent]
- I have made the request to generate https://www.w3.org/2023/06/22-wpwg-minutes.html Ian
- 14:46:25 [Ian]
- RRSAGENT, set logs public
- 14:46:44 [Ian]
- rrsagent, bye
- 14:46:44 [RRSAgent]
- I see 1 open action item saved in https://www.w3.org/2023/06/22-wpwg-actions.rdf :
- 14:46:44 [RRSAgent]
- ACTION: Nick to work with Ian and editors on MDN data [1]
- 14:46:44 [RRSAgent]
- recorded in https://www.w3.org/2023/06/22-wpwg-irc#T14-45-09
- 14:46:44 [Ian]
- zakim, bye
- 14:46:44 [Zakim]
- leaving. As of this point the attendees have been Ian, Joel_di_Manno, Arman_Aygen, Amine_Khalfaoui, Nick_Telford-Reed, Franck_Delache, Rouslan_Solomakhin, Stephen_McGruer,
- 14:46:44 [Zakim]
- Zakim has left #wpwg