Re: Intent to Experiment: Secure Payment Confirmation V2
Nick Burris
LGTMThe experiment's goal seems worthwhile, and I like the fact you incorporated learnings from the first trial and are trying an improved approach, and that you're working closely with partners on this.The 1 release gap between the trials also reduces the risk for burn-in from my perspective.On Thursday, March 4, 2021 at 3:28:45 AM UTC+1 Yuriy Ackermann wrote:Great. Thx!On Wednesday, March 3, 2021 at 3:53:38 PM UTC+4 Rouslan Solomakhin wrote:The plan for the origin trial is to run on the stable channel.On Wed, Mar 3, 2021 at 4:59 AM Yuriy Ackermann <yu...@webauthn.works> wrote:This is great news!
Question: M91, is that stable or canary build?On Wednesday, March 3, 2021 at 1:31:35 AM UTC+2 nbu...@chromium.org wrote:Contact emails
rou...@chromium.org, nbu...@chromium.org, dan...@chromium.org
Explainer
https://github.com/rsolomakhin/secure-payment-confirmation
Design docs
https://bit.ly/secure-payment-confirmation
TAG review
https://github.com/w3ctag/design-reviews/issues/544
Summary
This is the second origin trial for Secure Payment Confirmation, with the primary goal of increasing enrollment rate from the first origin trial by enhancing the user experience. We’ve added a browser UI prompt to improve trust and understanding, and enabled the feature for iframes for a more seamless user flow and better developer ergonomics.
Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.
Link to “Intent to Prototype” blink-dev discussion
Intent to Prototype: https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion
Intent to Experiment (v1):
https://groups.google.com/a/chromium.org/g/blink-dev/c/1P5bcoBw-II
Risks
Interoperability and Compatibility
This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types.
Gecko: No signal
WebKit: No signal
Web developers: Positive
Positive signals from Stripe, which is interested in experimenting with the feature.
Goals for experimentation
This second experiment will allow us to validate the hypothesis that an improved enrollment experience will increase enrollment rates. The original experiment’s goal still stands, to prove the user benefit of the feature, and gather feedback on the API changes, consisting of the PaymentCredential type added to the credentials API, and the secure-payment-confirmation payment method added to the PaymentRequest API.
Experimental timeline
M91-M94
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
No
We intend to experiment with Stripe on Mac and Windows to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.
Is this feature fully tested by web-platform-tests?
Yes
https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5702310124584960
This intent message was generated by Chrome Platform Status.
Nick Burris
Hey Nick. M91 Canary?
--Yuriy AckermannManaging Director @ WebAuthn Works LimitedFIDO, identity, security, bringing the end to the passwords
Nick Burris
Ok. Another noob question. What do I use the access code for?
