-
Notifications
You must be signed in to change notification settings - Fork 63
FTF Mar2020
NOTE: Due to widespread travel restrictions, the Working Group at their 5 March teleconference resolved to transform this face-to-face agenda into a remote-first meeting. Details forthcoming.
- 30 March on payment handlers
- 31 March on SRC
- 1 April on authentication, payment handlers, and open banking
- 2 April on merchant feedback, open banking
- Payment Handler Privacy Threat Model
- Payment Handler Proposals, derived in part from the privacy threat model
- Payment Handler issues list (for reference during discussion).
- For background on SRC: EMV® SRC Understanding the Basics
- Proposed architecture for SRC through PR API
- SRC issues list (for reference during discussion).
- 3-5pm UTC. See calendar information for WebEx details
- The meeting will not be recorded.
- irc.w3.org in #wpwg (minutes, attendance)
- See also W3C's Continuity of Operations under Travel Restrictions
Objective: Reach consensus on a series of proposals related to payment handler behavior based on a privacy analysis.
Topics:
- 10m: Welcome, Attendance, Video, Timekeeping (NickTR)
- 95m: Privacy assessment and proposals in sections 1 and 2 of Payment Handler Proposals. (Led by Chrome Team; slides on payment handlers)
- 15m: Combining Web Authentication and Payment Handler Gestures(Adrian Hope-Bailie, slides from Adrian).
If useful: Slides with all proposals and discussion points of proposals
Objective: Reach consensus on an architecture for doing SRC through Payment Request API.
Topic:
- SRC (proposed architecture, draft flows) (Jonathan Grossar and Tomasz Blachowicz)
Objectives:
- Informational updates around Web Authentication
- Synthesis of joint task force discussion to engage full WG on key topics, notably on possible capability requirements.
Topics:
- 20m: Skip-the sheet proposal and JIT Install Proposal (Sahel Sharifymoghaddam sahel@google.com; see slides or PDF version)
- 60m: Web Authentication WG update (Tony Nadalin)
- Cross-origin iframe
- WG update (direction)
- 30m: Update from the joint WebAuthn / WPWG task force (Ian Jacobs). See also Adrian's proposal related to combining gestures
- 15m: STET update (precursor to 2 April call). (Hervé Robache; see Hervé's slides)
Objectives:
- Hear merchant feedback on Payment Request API and what else may be needed.
- Rekindle engagement around open banking APIs with PR API.
Topics:
- A short survey for meeting feedback is available for attendees
- Quick FYI: Check out the security analysis of Web payments; Master's thesis from @crowgames.
- 45m: Sumantro Das (Sr. Director, Product, 1-800-FLOWERS.com, Inc.) (slides and Q&A)
- 75m: Open Banking
- 20m: Open Banking UK Update and FAPI (Chris Michael, notes from Chris)
- 20m: Berlin Group update and SCA deployments (Berlin Group slides)
- 15m: SWIFT / ISO 20022 updates on open banking and identity, etc. (Kris Ketels, Kris' slides)
- A few minutes at the end
- Wrap-up
- Next call: 16 April
This information is left here for archival purposes, but this meeting will not take place as originally scheduled.
- Reading list
- Please Review Antitrust and Competition Guidance
- 8:30-9:00 Get settled, laptop set up, coffee fuelling etc
- 9:00-9:15 Chair welcome, round the table introductions, administrivia
- 9:15-9:30 Review of agenda, goals, breakout session ideas. Note two day code-a-thon to follow
- 9:30-10:00 Payment request and payment handler deployment update
- 10:00-10:30 Payment handler privacy analysis.
- 10:30-11:00 Coffee break
- 11:00-13:00 Payment handler feature proposals based on privacy and usability analyses. Goal is to understand whether there is consensus on proposed mitigation strategies, especially among payment handler distributors, browser implementers, and security and privacy experts.
- 13:00-14:00 Lunch
- 14:00-15:00 Card security payment task force
- Update on SRC payment method
- 15:00-15:30 Coffee break
- 15:30-17:00 Breakout session 1
- 17:00-17:20 Recap on breakouts
- 17:20-17:30 Closing day 1
- 8:45-9:00: Agenda updates. Group photo.
- 9:00-10:30: Authentication
- Update from the WebAuthn WG (Tony Nadalin)
- Update from the joint task force on payments use cases for Web Authentication (Likely Ian)
- 10:30-11:00: Coffee
- 11:00-12:00: Open banking insights (Chris Michael)
- 12:30-13:00: Code-a-thon prep
- 13:00-14:00: Lunch
- 14:00-14:30 Getting implementation traction
- How do we get more merchant implementations?
- What are we missing?
- 14:30-15:00: Action planning - moving our recommendation track documents along
- 15:00-16:00 Wrapup
- Next meeting (TPAC)
- Stay tuned for Merchant BG
- Review of priorities and actions
This meeting is intended for WPWG participants who code to work together (with meeting guests) on user experiences for different payment method and authentication flows. See the November 2019 call for use cases.
There is no cost for guests to attend this meeting.
Note: In parallel, the Web Payment Security IG will hold a 1-day meeting on 1 April.
- Airbnb: integrate card on file into PR API UX
- Airbnb: use PR API for account creation
- Chrome: payment app selector user interface in the browser. In other words, the sheet is reduced to a selector.
- Chrome: Preferred payment handler.
- Chrome: Minimal UX payment handler
- Chrome: Payment handler that installs another payment handler or hands execution to another payment handler.
- Chrome: How to store authentication results for future reference from a payment handler (and/or embedded iframe). For example, some identity information stored in indexDB.
- Ian: ShowCheckoutButtons. Addresses privacy issues; let's user select a payment handler first, before merchant calls PR API. Merchants could control color palette of the selector (or other customizations such as the name of the primary action button).
- Chrome: Show UX when the merchant calls PR API (like microphone icon used to show that mic is active). Click on the icon to set the default payment handler for the site.
- Chrome: New consent / awareness behaviors based on privacy analysis.
- Chrome: Clarify for user status when payment handler window is open (e.g., things a web page cannot do such as blur the browser top nav bar).
- STET: Open banking API flow (cf diagrams)
- Payment handler updates instrument information in the background.
- Payment handler unregisters itself once payment instrument is no longer available.
- Mobile money use cases
- Participants are encouraged to review the W3C Code of Ethics and Professional Conduct.
- Consent to pay fulfilled through Web Authentication gesture
- Review value proposition of PR API and PH API
- Minimal UI demo (AHB)
- Demos by guests
- Status of modal dialog proposal / any update on UX research?
- Open Banking API updates
- Merchant perspectives on implementing SCA
- Merchant in Irish market
- Merchant BG update
- Machine learning in the browser and payments (e.g., edge computing, high performance risk analysis on the client)
Mailing list archives
Issues
- Secure Payment Confirmation
- Payment Request API
- Payment Method Identifiers
- Payment Handler API
- Payment Method Manifest
- General
- Tokenized Card
- 3DS
- SRC
Tests
Adoption
Previous Topics