Contact [email protected], [email protected], [email protected], [email protected]
Explainerhttps://github.com/w3c/secure-payment-confirmation Specificationhttps://w3c.github.io/secure-payment-confirmation/ Summary Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new 'payment' extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the 'secure-payment-confirmation payment' method. Blink componentBlink>Payments <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/544 TAG review statusPending *Supported on all platforms?* No. SPC is launching on MacOS and Windows only initially, as they are platforms that have built-in authenticators and which payment partners have noted as important targets. Android has browser-level support for SPC, but is excluded from the launch due to the lack of Discoverable Credentials currently. We will add Android once the platform supports that. Risks Interoperability and Compatibility This feature adds a WebAuthn extension and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The feature is detectable (though it could be easier[0]), so it should be possible for Web Developers to determine if SPC is enabled for a given user agent visiting their site. There is a risk that the feature will evolve away from the PaymentRequest API[1], which would then require a deprecation of the current API entry-point. It is worth noting that deprecations for payment are often easier than for the general web, as there are far, far fewer payment developers and websites that accept payments are almost always kept up to date (or their payment integrations might break!). [0]: https://github.com/w3c/secure-payment-confirmation/issues/81#issuecomment-885046226 [1]: https://github.com/w3c/secure-payment-confirmation/issues/65 Gecko: No signal (https://github.com/mozilla/standards-positions/issues/570 <https://chromestatus.com/admin/features/launch/5702310124584960/5?intent=1>) Historically (>1 year old) positive signal from informal conversation in W3C Payment Handler meetings. However Firefox have since not been involved in the API development. WebKit: No signal ( https://lists.webkit.org/pipermail/webkit-dev/2021-August/031956.html) Web developers: Positive ( https://lists.w3.org/Archives/Public/public-payments-wg/2021Aug/0005.html) Support and involvement in API development from multiple web developers and payment industry partners. Both Stripe and AirBnB have publicly stated that they have either completed or are in the process of prototyping/experimenting with SPC Debuggability Existing devtools debugging features should cover SPC (e.g. breakpoints, console, etc) Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ?Partially https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned The WPT test suite is only partially complete and needs to be extended, but this first requires building out test automation machinery and content_shell support. The team is committed to this post initial launch. Requires code in //chrome?True Tracking bughttps://crbug.com/1124927 Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1236570# Estimated milestones Ship: M95. Note that this is directly after the end of the Origin Trial, so we are still trying to determine whether we should do the 'week off' approach or apply for a no-skip transition. For the latter option, I think we may meet the bar. We've significantly changed the API in both M93 and M94 during the origin trial, and so M95 for example is not compatible with someone using code from M93. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5702310124584960 Links to previous Intent discussionsIntent to prototype: https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8 This intent message was generated by Chrome Platform Status <https://www.chromestatus.com/>, and then hand-edited. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com.
