SPC Origin Trial
4 views
Skip to first unread message
Anders Rundgren
May 12, 2021, 2:47:41 AM5/12/21
to paymen...@chromium.org
Hi Chromium,
I have two comments regarding the SPC Origin Trial:
1. Apparently you have to have a Web site in order to test SPC. This excludes 99% of the people who could be interested in evaluating this technology (including the other browser vendors). As a comparison the WebAuthn/FIDO folks provide ample of public sites requiring no registrations or programming at all. See: https://webauthn.io/
2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
Due to that I'm tinkering with a 10 times simpler scheme which I would be interested in integrating in Chromium (behind a flag): https://fido-web-pay.github.io/
Is that possible?
Thanx,
Anders Rundgren
I have two comments regarding the SPC Origin Trial:
1. Apparently you have to have a Web site in order to test SPC. This excludes 99% of the people who could be interested in evaluating this technology (including the other browser vendors). As a comparison the WebAuthn/FIDO folks provide ample of public sites requiring no registrations or programming at all. See: https://webauthn.io/
2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
Due to that I'm tinkering with a 10 times simpler scheme which I would be interested in integrating in Chromium (behind a flag): https://fido-web-pay.github.io/
Is that possible?
Thanx,
Anders Rundgren
Rouslan Solomakhin
May 12, 2021, 8:43:25 AM5/12/21
to Anders Rundgren, paymen...@chromium.org
Hi Anders :-D
On Wed, May 12, 2021 at 2:47 AM Anders Rundgren <anders.ru...@gmail.com> wrote:
Hi Chromium,
I have two comments regarding the SPC Origin Trial:
1. Apparently you have to have a Web site in order to test SPC. This excludes 99% of the people who could be interested in evaluating this technology (including the other browser vendors). As a comparison the WebAuthn/FIDO folks provide ample of public sites requiring no registrations or programming at all. See: https://webauthn.io/
Please see some demo pages on https://rsolomakhin.github.io/ (for example https://rsolomakhin.github.io/pr/spc/). We also have https://romantic-seed-cup.glitch.me/checkout.html.
2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
Do you think the information at https://github.com/w3c/secure-payment-confirmation is sufficient?
Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
Due to that I'm tinkering with a 10 times simpler scheme which I would be interested in integrating in Chromium (behind a flag): https://fido-web-pay.github.io/
Is that possible?
I have not seen a strong appetite for integrating that solution, but other people on the list can correct me if I'm wrong.
Have a great day!
Sincerely,
Rouslan
Anders Rundgren
May 12, 2021, 10:41:00 AM5/12/21
to Rouslan Solomakhin, paymen...@chromium.org
On 2021-05-12 14:43, Rouslan Solomakhin wrote:
> Hi Anders :-D
Hi Rouslan : -D
>
>
> Please see some demo pages on https://rsolomakhin.github.io/ <https://rsolomakhin.github.io/> (for example https://rsolomakhin.github.io/pr/spc/ <https://rsolomakhin.github.io/pr/spc/>). We also have https://romantic-seed-cup.glitch.me/checkout.html <https://romantic-seed-cup.glitch.me/checkout.html>.
Thanx! I wasn't aware of this. I does currently not work on W10, right? :(
>
> 2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
>
>
> Do you think the information at https://github.com/w3c/secure-payment-confirmation <https://github.com/w3c/secure-payment-confirmation> is sufficient?
Since the spec is of the type "blue sky" it is impossible (for me at least) to know where it lands. An FPWD at the end of the year seems pretty unlikely.
>
> Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
>
> Due to that I'm tinkering with a 10 times simpler scheme which I would be interested in integrating in Chromium (behind a flag): https://fido-web-pay.github.io/ <https://fido-web-pay.github.io/>
The real issue is actually quite simple: How does SPC compare to Apple Pay? :)
>
> Have a great day!
U2!
Anders
>
> Sincerely,
> Rouslan
> Hi Anders :-D
Hi Rouslan : -D
>
> On Wed, May 12, 2021 at 2:47 AM Anders Rundgren <anders.ru...@gmail.com <mailto:anders.ru...@gmail.com>> wrote:
>
> Hi Chromium,
>
> I have two comments regarding the SPC Origin Trial:
>
> 1. Apparently you have to have a Web site in order to test SPC. This excludes 99% of the people who could be interested in evaluating this technology (including the other browser vendors). As a comparison the WebAuthn/FIDO folks provide ample of public sites requiring no registrations or programming at all. See: https://webauthn.io/ <https://webauthn.io/>
> On Wed, May 12, 2021 at 2:47 AM Anders Rundgren <anders.ru...@gmail.com <mailto:anders.ru...@gmail.com>> wrote:
>
> Hi Chromium,
>
> I have two comments regarding the SPC Origin Trial:
>
>
>
> Please see some demo pages on https://rsolomakhin.github.io/ <https://rsolomakhin.github.io/> (for example https://rsolomakhin.github.io/pr/spc/ <https://rsolomakhin.github.io/pr/spc/>). We also have https://romantic-seed-cup.glitch.me/checkout.html <https://romantic-seed-cup.glitch.me/checkout.html>.
Thanx! I wasn't aware of this. I does currently not work on W10, right? :(
>
> 2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
>
>
Since the spec is of the type "blue sky" it is impossible (for me at least) to know where it lands. An FPWD at the end of the year seems pretty unlikely.
>
> Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
>
> Is that possible?
>
>
> I have not seen a strong appetite for integrating that solution, but other people on the list can correct me if I'm wrong.
Well, there is a very simple explanation to that, SPC is designed to suit vendors, not the market in terms of merchants and users who are facing an ever-increasing number of "innovative" payment options.
>
>
> I have not seen a strong appetite for integrating that solution, but other people on the list can correct me if I'm wrong.
The real issue is actually quite simple: How does SPC compare to Apple Pay? :)
>
> Have a great day!
U2!
Anders
>
> Sincerely,
> Rouslan
Rouslan Solomakhin
May 12, 2021, 10:54:46 AM5/12/21
to Anders Rundgren, paymen...@chromium.org
On Wed, May 12, 2021 at 10:41 AM Anders Rundgren <anders.ru...@gmail.com> wrote:
On 2021-05-12 14:43, Rouslan Solomakhin wrote:
> Hi Anders :-D
Hi Rouslan : -D
>
> On Wed, May 12, 2021 at 2:47 AM Anders Rundgren <anders.ru...@gmail.com <mailto:anders.ru...@gmail.com>> wrote:
>
> Hi Chromium,
>
> I have two comments regarding the SPC Origin Trial:
>
> 1. Apparently you have to have a Web site in order to test SPC. This excludes 99% of the people who could be interested in evaluating this technology (including the other browser vendors). As a comparison the WebAuthn/FIDO folks provide ample of public sites requiring no registrations or programming at all. See: https://webauthn.io/ <https://webauthn.io/>
>
>
> Please see some demo pages on https://rsolomakhin.github.io/ <https://rsolomakhin.github.io/> (for example https://rsolomakhin.github.io/pr/spc/ <https://rsolomakhin.github.io/pr/spc/>). We also have https://romantic-seed-cup.glitch.me/checkout.html <https://romantic-seed-cup.glitch.me/checkout.html>.
Thanx! I wasn't aware of this. I does currently not work on W10, right? :(
Windows 10 is supported starting with version 1607 or later in Chrome 91, which is currently on the Beta channel. See schedule for it's estimated date of release to stable. The websites are enabling SPC through origin trial, which is a temporary experiment for a small portion of the web.
>
> 2. Since SPC is designed to be a "flexible framework", it seems that you do not only need a specification but several application notes and sample code in order to show how you are supposed to use SPC.
>
>
> Do you think the information at https://github.com/w3c/secure-payment-confirmation <https://github.com/w3c/secure-payment-confirmation> is sufficient?
Since the spec is of the type "blue sky" it is impossible (for me at least) to know where it lands. An FPWD at the end of the year seems pretty unlikely.
>
> Personally, I wonder if you have the resources needed to build and establish a framework specification. In addition, the market is already crowded by vendors offering secure payment solutions.
>
> Due to that I'm tinkering with a 10 times simpler scheme which I would be interested in integrating in Chromium (behind a flag): https://fido-web-pay.github.io/ <https://fido-web-pay.github.io/>
> Is that possible?
>
>
> I have not seen a strong appetite for integrating that solution, but other people on the list can correct me if I'm wrong.
Well, there is a very simple explanation to that, SPC is designed to suit vendors, not the market in terms of merchants and users who are facing an ever-increasing number of "innovative" payment options.
The real issue is actually quite simple: How does SPC compare to Apple Pay? :)
That's difficult to say, because SPC is not a fully fledged payment app. It's one feature that can be used for some payment flows. We hope that it will be useful for the web e-commerce ecosystem :-D
Anders Rundgren
Jun 29, 2021, 9:20:08 AM6/29/21
to Rouslan Solomakhin, paymen...@chromium.org
Hi Rouslan,
Now I have tested: https://romantic-seed-cup.glitch.me/
Maybe you should take https://mobilepki.org/fwp/buy for a spin?
After publishing this link, Ian Jacobs removed me from the WPWG mailing list so FIDO Web Pay must be really b@d@ss stuff :)
Anders
https://fido-web-pay.github.io/
Now I have tested: https://romantic-seed-cup.glitch.me/
Maybe you should take https://mobilepki.org/fwp/buy for a spin?
After publishing this link, Ian Jacobs removed me from the WPWG mailing list so FIDO Web Pay must be really b@d@ss stuff :)
Anders
https://fido-web-pay.github.io/
Reply all
Reply to author
Forward
0 new messages