Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new 'payment' extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the 'secure-payment-confirmation payment' method.
This feature adds a WebAuthn extension and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The feature is detectable (though it could be easier[0]), so it should be possible for Web Developers to determine if SPC is enabled for a given user agent visiting their site. There is a risk that the feature will evolve away from the PaymentRequest API[1], which would then require a deprecation of the current API entry-point. It is worth noting that deprecations for payment are often easier than for the general web, as there are far, far fewer payment developers and websites that accept payments are almost always kept up to date (or their payment integrations might break!). [0]: https://github.com/w3c/secure-payment-confirmation/issues/81#issuecomment-885046226 [1]: https://github.com/w3c/secure-payment-confirmation/issues/65
Existing devtools debugging features should cover SPC (e.g. breakpoints, console, etc)
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG-f6EUpbixf1f1T1TkJGiYh0xn6u0FpTRqxDkhtgz6mGA%40mail.gmail.com.
Requires code in //chrome?
TrueTracking bug
https://crbug.com/1124927Launch bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1236570#Estimated milestones
Ship: M95. Note that this is directly after the end of the Origin Trial, so we are still trying to determine whether we should do the 'week off' approach or apply for a no-skip transition. For the latter option, I think we may meet the bar. We've significantly changed the API in both M93 and M94 during the origin trial, and so M95 for example is not compatible with someone using code from M93.Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5702310124584960Links to previous Intent discussions
Intent to prototype: https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8
--
> and one which impacted me as a userOof! Yes, we'd like to help figure out a way to make that not happen...> What would be the timelines for [the commitment to see through the WPT test suite]?My team will be working on test automation for SPC in Q4 2021. As the ex-lead of WPT in Chromium, I am quite insistent that we get it done :D.> Any feedback from the Origin Trial?During the Origin Trial we did iterate on the API shape significantly, but that more came from discussions in the working group than Origin Trial participant feedback (who are themselves also in the working group, so some overlap).From our Origin Trial partners, we mostly heard that the overall experience is working for them and that they're really excited to be able to build lower-friction authentication solutions in the payments space!
On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <yoav...@chromium.org> wrote:
Thanks for working on this! This seems like an important problem to solve. (and one which impacted me as a user)
On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <smcg...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
LGTM1
On Wednesday, September 1, 2021 at 5:49:12 PM UTC+1 Stephen McGruer wrote:
> and one which impacted me as a userOof! Yes, we'd like to help figure out a way to make that not happen...> What would be the timelines for [the commitment to see through the WPT test suite]?My team will be working on test automation for SPC in Q4 2021. As the ex-lead of WPT in Chromium, I am quite insistent that we get it done :D.> Any feedback from the Origin Trial?During the Origin Trial we did iterate on the API shape significantly, but that more came from discussions in the working group than Origin Trial participant feedback (who are themselves also in the working group, so some overlap).From our Origin Trial partners, we mostly heard that the overall experience is working for them and that they're really excited to be able to build lower-friction authentication solutions in the payments space!
On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <yoav...@chromium.org> wrote:
Thanks for working on this! This seems like an important problem to solve. (and one which impacted me as a user)
On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <smcg...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d69add5b-7cf8-4722-a088-252951ae095cn%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DfYTyLpiY%3D2KqAXG4FL-f9YRqhMVMAsDHRKugRHZud-Zg%40mail.gmail.com.
LGTM2. This has been approved via internal security and privacy review, has gotten substantial developer feedback during OT, and serves a useful purpose.I would ask y'all to pay attention to the TAG in case they provide substantive feedback in the near future. But given that the review was initially filed a year ago, and the conversation stalled in January, I don't think we need to block on their input.-mikeOn Thu, Sep 2, 2021 at 9:19 PM Alex Russell <sligh...@chromium.org> wrote:
LGTM1
On Wednesday, September 1, 2021 at 5:49:12 PM UTC+1 Stephen McGruer wrote:
> and one which impacted me as a userOof! Yes, we'd like to help figure out a way to make that not happen...> What would be the timelines for [the commitment to see through the WPT test suite]?My team will be working on test automation for SPC in Q4 2021. As the ex-lead of WPT in Chromium, I am quite insistent that we get it done :D.> Any feedback from the Origin Trial?During the Origin Trial we did iterate on the API shape significantly, but that more came from discussions in the working group than Origin Trial participant feedback (who are themselves also in the working group, so some overlap).From our Origin Trial partners, we mostly heard that the overall experience is working for them and that they're really excited to be able to build lower-friction authentication solutions in the payments space!
On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <yoav...@chromium.org> wrote:
Thanks for working on this! This seems like an important problem to solve. (and one which impacted me as a user)
On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <smcg...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
LGTM3
On Thursday, September 2, 2021 at 9:25:14 PM UTC+2 Mike West wrote:
LGTM2. This has been approved via internal security and privacy review, has gotten substantial developer feedback during OT, and serves a useful purpose.I would ask y'all to pay attention to the TAG in case they provide substantive feedback in the near future. But given that the review was initially filed a year ago, and the conversation stalled in January, I don't think we need to block on their input.-mikeOn Thu, Sep 2, 2021 at 9:19 PM Alex Russell <sligh...@chromium.org> wrote:
LGTM1
On Wednesday, September 1, 2021 at 5:49:12 PM UTC+1 Stephen McGruer wrote:
> and one which impacted me as a userOof! Yes, we'd like to help figure out a way to make that not happen...> What would be the timelines for [the commitment to see through the WPT test suite]?My team will be working on test automation for SPC in Q4 2021. As the ex-lead of WPT in Chromium, I am quite insistent that we get it done :D.> Any feedback from the Origin Trial?During the Origin Trial we did iterate on the API shape significantly, but that more came from discussions in the working group than Origin Trial participant feedback (who are themselves also in the working group, so some overlap).From our Origin Trial partners, we mostly heard that the overall experience is working for them and that they're really excited to be able to build lower-friction authentication solutions in the payments space!
On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <yoav...@chromium.org> wrote:
Thanks for working on this! This seems like an important problem to solve. (and one which impacted me as a user)
On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <smcg...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3MacRwSiW8Myniddk3QBnhQvv7LS7HebgfJziWVz_tsN_Og%40mail.gmail.com.