Intent to Experiment: Secure payment confirmation

218 views
Skip to first unread message

Nick Burris

unread,
Aug 11, 2020, 4:40:02 PM8/11/20
to blink-dev, Rouslan Solomakhin, Danyao Wang

Contact emails

rou...@chromium.orgnbu...@chromium.orgdan...@chromium.org

Explainer

https://github.com/rsolomakhin/secure-payment-confirmation

Design docs

https://bit.ly/secure-payment-confirmation

TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Web developers: Positive
Positive signals from Stripe, which is interested in experimenting with the feature.


Goals for experimentation

The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.

Experimental timeline

M86-M89

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No
We intend to experiment with Stripe on Mac to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/payment-request/secure-payment-confirmation.https.html?label=master&label=experimental&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5702310124584960

This intent message was generated by Chrome Platform Status.

Yoav Weiss

unread,
Aug 13, 2020, 11:15:17 AM8/13/20
to Nick Burris, blink-dev, Rouslan Solomakhin, Danyao Wang
Thanks for working on this!

No spec?
 


TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Have you filed for official signals?  

Web developers: Positive
Positive signals from Stripe, which is interested in experimenting with the feature.


Goals for experimentation

The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.

Experimental timeline

M86-M89

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No
We intend to experiment with Stripe on Mac to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/payment-request/secure-payment-confirmation.https.html?label=master&label=experimental&aligned

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5702310124584960

This intent message was generated by Chrome Platform Status.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHOHn79K2oazPBMhMYeaZvnYgi9re8i3DKrrFDpGk8JRvQ%40mail.gmail.com.

Nick Burris

unread,
Aug 13, 2020, 12:23:14 PM8/13/20
to blink-dev, yo...@yoav.ws, blink-dev, Rouslan Solomakhin, Danyao Wang, Nick Burris
On Thursday, August 13, 2020 at 11:15:17 AM UTC-4 yo...@yoav.ws wrote:
Thanks for working on this!

No spec?

The spec proposals currently live in the secure-payment-confirmation repo https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md

We're in the process of determining where to move this officially, e.g. the WPWG Github repo https://github.com/w3c/webpayments
 
 


TAG review

https://github.com/w3ctag/design-reviews/issues/544

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Risks



Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to prototype.

WebKit: No signal

Have you filed for official signals?  

Danyao has contacted the WebKit PM and developer who work on the Payment Request API directly, but no response yet. 

Yoav Weiss

unread,
Aug 17, 2020, 2:27:29 PM8/17/20
to Nick Burris, blink-dev, Rouslan Solomakhin, Danyao Wang
LGTM to experiment

On Thu, Aug 13, 2020 at 6:23 PM Nick Burris <nbu...@chromium.org> wrote:


On Thursday, August 13, 2020 at 11:15:17 AM UTC-4 yo...@yoav.ws wrote:
Thanks for working on this!

No spec?

The spec proposals currently live in the secure-payment-confirmation repo https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md

That's more of an explainer...
 

We're in the process of determining where to move this officially, e.g. the WPWG Github repo https://github.com/w3c/webpayments

Sounds good!

Nick Burris

unread,
Feb 25, 2021, 4:54:18 PMFeb 25
to blink-dev, yo...@yoav.ws, blink-dev, Rouslan Solomakhin, Danyao Wang, Nick Burris
This experiment has ended early due to a bug that was discovered and fixed, and is no longer available as of M88. We decided to end the trial early as our external partner has finished their experiment with the feature and we have gathered lots of valuable feedback. We plan to offer a second origin trial in M91 after implementing changes, most notably adding a browser UI prompt to the payment credential enrollment step, which we hypothesize will increase the enrollment rate. I will send a separate Intent to Experiment for the next origin trial.

Raj Shah

unread,
Feb 26, 2021, 1:40:03 PMFeb 26
to blink-dev, nbu...@chromium.org, yo...@yoav.ws, blink-dev, Rouslan Solomakhin, Danyao Wang
please keep up posted. Thank you!

Raj Shah

unread,
Apr 1, 2021, 12:23:20 PMApr 1
to blink-dev, Raj Shah, nbu...@chromium.org, yo...@yoav.ws, blink-dev, Rouslan Solomakhin, Danyao Wang
any update? 

Rouslan Solomakhin

unread,
Apr 12, 2021, 9:02:53 AMApr 12
to Raj Shah, blink-dev, nbu...@chromium.org, yo...@yoav.ws, Danyao Wang
The 2nd origin trial is scheduled for Chrome 91. Here is its intent to experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8/m/veWekfUBAAAJ
Reply all
Reply to author
Forward
0 new messages