Thanks for working on this! This seems like an important problem to solve. (and one which impacted <https://twitter.com/yoavweiss/status/1382050433632456711> me as a user)
On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <[email protected]> wrote: > Contact [email protected], [email protected], > [email protected], [email protected] > > Explainerhttps://github.com/w3c/secure-payment-confirmation > > Specificationhttps://w3c.github.io/secure-payment-confirmation/ > > Summary > > Secure payment confirmation augments the payment authentication experience > on the web with the help of WebAuthn. The feature adds a new 'payment' > extension to WebAuthn, which allows a relying party such as a bank to > create a PublicKeyCredential that can be queried by any merchant origin as > part of an online checkout via the Payment Request API using the > 'secure-payment-confirmation payment' method. > > Blink componentBlink>Payments > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> > > TAG reviewhttps://github.com/w3ctag/design-reviews/issues/544 > > TAG review statusPending > > *Supported on all platforms?* > No. > > SPC is launching on MacOS and Windows only initially, as they are > platforms that have built-in authenticators and which payment partners have > noted as important targets. > > Android has browser-level support for SPC, but is excluded from the launch > due to the lack of Discoverable Credentials currently. We will add Android > once the platform supports that. > > Risks > Interoperability and Compatibility > > This feature adds a WebAuthn extension and PaymentRequest payment method > type, so the interop risk is that other browsers do not implement these > types. The feature is detectable (though it could be easier[0]), so it > should be possible for Web Developers to determine if SPC is enabled for a > given user agent visiting their site. There is a risk that the feature will > evolve away from the PaymentRequest API[1], which would then require a > deprecation of the current API entry-point. It is worth noting that > deprecations for payment are often easier than for the general web, as > there are far, far fewer payment developers and websites that accept > payments are almost always kept up to date (or their payment integrations > might break!). [0]: > https://github.com/w3c/secure-payment-confirmation/issues/81#issuecomment-885046226 > [1]: https://github.com/w3c/secure-payment-confirmation/issues/65 > > Gecko: No signal ( > https://github.com/mozilla/standards-positions/issues/570 > <https://chromestatus.com/admin/features/launch/5702310124584960/5?intent=1>) > Historically (>1 year old) positive signal from informal conversation in > W3C Payment Handler meetings. However Firefox have since not been involved > in the API development. > > WebKit: No signal ( > https://lists.webkit.org/pipermail/webkit-dev/2021-August/031956.html) > > Web developers: Positive ( > https://lists.w3.org/Archives/Public/public-payments-wg/2021Aug/0005.html) > Support and involvement in API development from multiple web developers and > payment industry partners. Both Stripe and AirBnB have publicly stated that > they have either completed or are in the process of > prototyping/experimenting with SPC > > Debuggability > > Existing devtools debugging features should cover SPC (e.g. breakpoints, > console, etc) > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ?Partially > > > https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned > > The WPT test suite is only partially complete and needs to be extended, > but this first requires building out test automation machinery and > content_shell support. The team is committed to this post initial launch. > What would be the timelines for that commitment? > > Requires code in //chrome?True > > Tracking bughttps://crbug.com/1124927 > > Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1236570# > > Estimated milestones > Ship: M95. Note that this is directly after the end of the Origin Trial, > so we are still trying to determine whether we should do the 'week off' > approach or apply for a no-skip transition. For the latter option, I think > we may meet the bar. We've significantly changed the API in both M93 and > M94 during the origin trial, and so M95 for example is not compatible with > someone using code from M93. > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5702310124584960 > > Links to previous Intent discussionsIntent to prototype: > https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion > Intent to Experiment: > https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8 > Any feedback from the Origin Trial? > > > This intent message was generated by Chrome Platform Status > <https://www.chromestatus.com/>, and then hand-edited. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVOtKTdJ-pbw_TS_6KQb%3DAqGo81E4n6gxiF2UT_%3D5MQ8w%40mail.gmail.com.
