-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Spec] Rename rp --> rpId in CollectedClientAdditionalPaymentData #198
Conversation
To align with WebAuthn, we should use the term rpId here. This is a breaking change, but implementations can mitigate the breakage by continuing to include the old 'rp' name going forwards. See #191
This probably warrants discussion in the WPWG, or at least some communication to anyone who may be validating an SPC credential today. On the Chrome side, we would likely have to keep the |
Worth noting that it will be actually impossible for us to know if anyone is still relying on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change itself LGTM and I agree that it should be discussed in WPWG first.
I will add to the 18 August WPWG agenda. |
cc @stare893 |
See resolution at the 18 August meeting to make this change: |
@stephenmcgruer There is some confusion on the proposed change. From EMV 3DSWG consideration, we already see rpId in use per the SPC API webpage and we have included the same in all 3DS spec references to the SPC API use. Can you please elaborate/point me in the right direction to understand the change. @ianbjacobs you might get a similar query through the 3dswg official email |
@stare893 You are correct that SPC input refers to the Web Authentication rpid; see the request dictionary: This proposal is to change the field name in the output; see the additional payment dictionary: The proposal is that assertions will include the field name "rpid" to align with the Web Authentication name. The Chrome implementation would support both "rp" and "rpid" field names for some period of time, eventually deprecating "rp". It was not clear to us on the call today whether the 3DS specification itself would need to change (e.g., because it refers to the "rp" field in the resulting assertion), or if instead it would just be implementations (e.g., ACS) that would need to adapt code to look for "rpid" rather than "rp" in the assertion. |
@stephenmcgruer, EMVCo folks have confirmed that this change does not impact their 3DS integration (the spec itself). Given the WG's support, let's merge this. |
SHA: c4962df Reason: push, by @stephenmcgruer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
The spec has renamed rp to rpId in the CollectedClientAdditionalPaymentData, to align with how WebAuthn refers to the ID specifically. (w3c/secure-payment-confirmation#198) Simply doing a rename in Chromium would break existing users, so instead we are introducing the new name first (rpId), and then will have a switchover period for developers to adapt, and then finally will remove the old rp parameter. Bug: 1356224 Change-Id: Ifd51f131402b133f50c4d54bb9da20691a44ce33 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3854551 Reviewed-by: Ken Buchanan <kenrb@chromium.org> Commit-Queue: Stephen McGruer <smcgruer@chromium.org> Cr-Commit-Position: refs/heads/main@{#1039319}
…entAdditionalPaymentData, a=testonly Automatic update from web-platform-tests [SPC] Rename rp --> rpId in CollectedClientAdditionalPaymentData (#35602) See w3c/secure-payment-confirmation#198 -- wpt-commits: 642097fa4e9495f1240c098ce1cefc661ab5c444 wpt-pr: 35602
To align with WebAuthn, we should use the term rpId here. This is a breaking
change, but implementations can mitigate the breakage by continuing to include
the old 'rp' name going forwards.
See #191
Test changes: web-platform-tests/wpt#35602
Implementation bugs:
Preview | Diff