> and one which impacted <https://twitter.com/yoavweiss/status/1382050433632456711> me as a user
Oof! Yes, we'd like to help figure out a way to make *that* not happen... > What would be the timelines for [the commitment to see through the WPT test suite]? My team will be working on test automation for SPC in Q4 2021. As the ex-lead of WPT in Chromium, I am quite insistent that we get it done :D. > Any feedback from the Origin Trial? During the Origin Trial we did iterate on the API shape significantly, but that more came from discussions in the working group than Origin Trial participant feedback (who are themselves also in the working group, so some overlap). >From our Origin Trial partners, we mostly heard that the overall experience is working for them and that they're really excited to be able to build lower-friction authentication solutions in the payments space! On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <[email protected]> wrote: > Thanks for working on this! This seems like an important problem to solve. > (and one which impacted > <https://twitter.com/yoavweiss/status/1382050433632456711> me as a user) > > On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <[email protected]> > wrote: > >> Contact [email protected], [email protected], >> [email protected], [email protected] >> >> Explainerhttps://github.com/w3c/secure-payment-confirmation >> >> Specificationhttps://w3c.github.io/secure-payment-confirmation/ >> >> Summary >> >> Secure payment confirmation augments the payment authentication >> experience on the web with the help of WebAuthn. The feature adds a new >> 'payment' extension to WebAuthn, which allows a relying party such as a >> bank to create a PublicKeyCredential that can be queried by any merchant >> origin as part of an online checkout via the Payment Request API using the >> 'secure-payment-confirmation payment' method. >> >> Blink componentBlink>Payments >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> >> >> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/544 >> >> TAG review statusPending >> >> *Supported on all platforms?* >> No. >> >> SPC is launching on MacOS and Windows only initially, as they are >> platforms that have built-in authenticators and which payment partners have >> noted as important targets. >> >> Android has browser-level support for SPC, but is excluded from the >> launch due to the lack of Discoverable Credentials currently. We will add >> Android once the platform supports that. >> >> Risks >> Interoperability and Compatibility >> >> This feature adds a WebAuthn extension and PaymentRequest payment method >> type, so the interop risk is that other browsers do not implement these >> types. The feature is detectable (though it could be easier[0]), so it >> should be possible for Web Developers to determine if SPC is enabled for a >> given user agent visiting their site. There is a risk that the feature will >> evolve away from the PaymentRequest API[1], which would then require a >> deprecation of the current API entry-point. It is worth noting that >> deprecations for payment are often easier than for the general web, as >> there are far, far fewer payment developers and websites that accept >> payments are almost always kept up to date (or their payment integrations >> might break!). [0]: >> https://github.com/w3c/secure-payment-confirmation/issues/81#issuecomment-885046226 >> [1]: https://github.com/w3c/secure-payment-confirmation/issues/65 >> >> Gecko: No signal ( >> https://github.com/mozilla/standards-positions/issues/570 >> <https://chromestatus.com/admin/features/launch/5702310124584960/5?intent=1>) >> Historically (>1 year old) positive signal from informal conversation in >> W3C Payment Handler meetings. However Firefox have since not been involved >> in the API development. >> >> WebKit: No signal ( >> https://lists.webkit.org/pipermail/webkit-dev/2021-August/031956.html) >> >> Web developers: Positive ( >> https://lists.w3.org/Archives/Public/public-payments-wg/2021Aug/0005.html) >> Support and involvement in API development from multiple web developers and >> payment industry partners. Both Stripe and AirBnB have publicly stated that >> they have either completed or are in the process of >> prototyping/experimenting with SPC >> >> Debuggability >> >> Existing devtools debugging features should cover SPC (e.g. breakpoints, >> console, etc) >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >> ?Partially >> >> >> https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned >> >> The WPT test suite is only partially complete and needs to be extended, >> but this first requires building out test automation machinery and >> content_shell support. The team is committed to this post initial launch. >> > > What would be the timelines for that commitment? > > >> >> Requires code in //chrome?True >> >> Tracking bughttps://crbug.com/1124927 >> >> Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1236570# >> >> Estimated milestones >> Ship: M95. Note that this is directly after the end of the Origin Trial, >> so we are still trying to determine whether we should do the 'week off' >> approach or apply for a no-skip transition. For the latter option, I think >> we may meet the bar. We've significantly changed the API in both M93 and >> M94 during the origin trial, and so M95 for example is not compatible with >> someone using code from M93. >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5702310124584960 >> >> Links to previous Intent discussionsIntent to prototype: >> https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion >> Intent to Experiment: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8 >> > > Any feedback from the Origin Trial? > > >> >> >> This intent message was generated by Chrome Platform Status >> <https://www.chromestatus.com/>, and then hand-edited. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3MaedWx7JHt5J%3D7hfkjMJ%3DBJfPz9i4F51DCSHdCm3v5HLTw%40mail.gmail.com.
