Intent to Extend Origin Trial: Secure payment confirmation

[Nick Burris]

Contact emails

rou...@chromium.org, nbu...@chromium.org, dan...@chromium.org

Explainer

https://github.com/rsolomakhin/secure-payment-confirmation

Specification

The proposed APIs are in the explainer: https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md#proposed-apis

The spec will be developed in the Web Payments WG: https://github.com/w3c/webpayments

Design docs

https://bit.ly/secure-payment-confirmation

Summary

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

Blink component

Blink>Payments

TAG review

https://github.com/w3ctag/design-reviews/issues/544

TAG review status

in progress

Risks

Interoperability and Compatibility

This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

Gecko: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to implement.

WebKit: No signal

Web developers: Positive 

Positive signals from Stripe, which is experimenting with the feature.

Goals for experimentation

The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.

Experimental timeline

M86-M89 (Requesting extension to include M89)

Reason this experiment is being extended

We don't yet have enough data due to partner experiment delay so we'd like to continue the trial to gather more data.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No

We are currently experimenting on Mac to first prove the user benefit, and then intend to extend the feature to all platforms, except WebView where PaymentRequest is not supported.

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1124927

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5702310124584960

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion

Intent to experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/1P5bcoBw-II/m/r91187GOAwAJ

This intent message was generated by Chrome Platform Status.

[Mike West]

Is one additional milestone going to be enough to secure meaningful feedback from partners? That is, do you have someone lined up right now that's going to be using the mechanism, and they just need more time? Or is this something that's more likely to start up in earnest after the holidays?

-mike

[Rouslan Solomakhin]

On Tue, Dec 1, 2020 at 2:11 AM Mike West <mk...@chromium.org> wrote:

do you have someone lined up right now that's going to be using the mechanism, and they just need more time?

This one. A partner has been using the mechanism for a couple of weeks and more time is needed to make accurate assessments.

[Mike West]

In that case, LGTM for a 1 milestone extension to M89.

-mike