Intent to Experiment: Secure payment confirmation

113 views
Skip to first unread message

Nick Burris

unread,
Aug 11, 2020, 4:40:02 PM8/11/20
to blink-dev, Rouslan Solomakhin, Danyao Wang

Contact emails

rou...@chromium.orgnbu...@chromium.orgdan...@chromium.org

Explainer

https://github.com/rsolomakhin/secure-payment-confirmation

Design docs

https://bit.ly/secure-payment-confirmation

TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Web developers: Positive
Positive signals from Stripe, which is interested in experimenting with the feature.


Goals for experimentation

The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.

Experimental timeline

M86-M89

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No
We intend to experiment with Stripe on Mac to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/payment-request/secure-payment-confirmation.https.html?label=master&label=experimental&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5702310124584960

This intent message was generated by Chrome Platform Status.

Yoav Weiss

unread,
Aug 13, 2020, 11:15:17 AM8/13/20
to Nick Burris, blink-dev, Rouslan Solomakhin, Danyao Wang
Thanks for working on this!

No spec?
 


TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Have you filed for official signals?  

Web developers: Positive
Positive signals from Stripe, which is interested in experimenting with the feature.


Goals for experimentation

The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.

Experimental timeline

M86-M89

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No
We intend to experiment with Stripe on Mac to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/payment-request/secure-payment-confirmation.https.html?label=master&label=experimental&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5702310124584960

This intent message was generated by Chrome Platform Status.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHOHn79K2oazPBMhMYeaZvnYgi9re8i3DKrrFDpGk8JRvQ%40mail.gmail.com.

Nick Burris

unread,
Aug 13, 2020, 12:23:14 PM8/13/20
to blink-dev, yo...@yoav.ws, blink-dev, Rouslan Solomakhin, Danyao Wang, Nick Burris
On Thursday, August 13, 2020 at 11:15:17 AM UTC-4 yo...@yoav.ws wrote:
Thanks for working on this!

No spec?

The spec proposals currently live in the secure-payment-confirmation repo https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md

We're in the process of determining where to move this officially, e.g. the WPWG Github repo https://github.com/w3c/webpayments
 
 


TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Have you filed for official signals?  

Danyao has contacted the WebKit PM and developer who work on the Payment Request API directly, but no response yet. 

Yoav Weiss

unread,
Aug 17, 2020, 2:27:29 PM8/17/20
to Nick Burris, blink-dev, Rouslan Solomakhin, Danyao Wang
LGTM to experiment

On Thu, Aug 13, 2020 at 6:23 PM Nick Burris <nbu...@chromium.org> wrote:


On Thursday, August 13, 2020 at 11:15:17 AM UTC-4 yo...@yoav.ws wrote:
Thanks for working on this!

No spec?

The spec proposals currently live in the secure-payment-confirmation repo https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md

That's more of an explainer...
 

We're in the process of determining where to move this officially, e.g. the WPWG Github repo https://github.com/w3c/webpayments

Sounds good!
Reply all
Reply to author
Forward
0 new messages