rou...@chromium.org, nbu...@chromium.org, dan...@chromium.org
https://github.com/rsolomakhin/secure-payment-confirmation
The proposed APIs are in the explainer: https://github.com/rsolomakhin/secure-payment-confirmation/blob/master/README.md#proposed-apis
The spec will be developed in the Web Payments WG: https://github.com/w3c/webpayments
https://bit.ly/secure-payment-confirmation
Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.
https://github.com/w3ctag/design-reviews/issues/544
in progress
This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.
The experiment will allow us to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.
M86-M89 (Requesting extension to include M89)
No
We are currently experimenting on Mac to first prove the user benefit, and then intend to extend the feature to all platforms, except WebView where PaymentRequest is not supported.
Yes https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned
https://bugs.chromium.org/p/chromium/issues/detail?id=1124927
https://chromestatus.com/feature/5702310124584960
Intent to prototype: https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion
Intent to experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/1P5bcoBw-II/m/r91187GOAwAJ
do you have someone lined up right now that's going to be using the mechanism, and they just need more time?