LGTM1 On Wednesday, September 1, 2021 at 5:49:12 PM UTC+1 Stephen McGruer wrote:
> > and one which impacted > <https://twitter.com/yoavweiss/status/1382050433632456711> me as a user > > Oof! Yes, we'd like to help figure out a way to make *that* not happen... > > > What would be the timelines for [the commitment to see through the WPT > test suite]? > > My team will be working on test automation for SPC in Q4 2021. As the > ex-lead of WPT in Chromium, I am quite insistent that we get it done :D. > > > Any feedback from the Origin Trial? > > During the Origin Trial we did iterate on the API shape significantly, but > that more came from discussions in the working group than Origin Trial > participant feedback (who are themselves also in the working group, so some > overlap). > > From our Origin Trial partners, we mostly heard that the overall > experience is working for them and that they're really excited to be able > to build lower-friction authentication solutions in the payments space! > > > On Wed, 1 Sept 2021 at 10:26, Yoav Weiss <[email protected]> wrote: > >> Thanks for working on this! This seems like an important problem to >> solve. (and one which impacted >> <https://twitter.com/yoavweiss/status/1382050433632456711> me as a user) >> >> On Fri, Aug 27, 2021 at 4:04 PM Stephen Mcgruer <[email protected]> >> wrote: >> >>> Contact [email protected], [email protected], >>> [email protected], [email protected] >>> >>> Explainerhttps://github.com/w3c/secure-payment-confirmation >>> >>> Specificationhttps://w3c.github.io/secure-payment-confirmation/ >>> >>> Summary >>> >>> Secure payment confirmation augments the payment authentication >>> experience on the web with the help of WebAuthn. The feature adds a new >>> 'payment' extension to WebAuthn, which allows a relying party such as a >>> bank to create a PublicKeyCredential that can be queried by any merchant >>> origin as part of an online checkout via the Payment Request API using the >>> 'secure-payment-confirmation payment' method. >>> >>> Blink componentBlink>Payments >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> >>> >>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/544 >>> >>> TAG review statusPending >>> >>> *Supported on all platforms?* >>> No. >>> >>> SPC is launching on MacOS and Windows only initially, as they are >>> platforms that have built-in authenticators and which payment partners have >>> noted as important targets. >>> >>> Android has browser-level support for SPC, but is excluded from the >>> launch due to the lack of Discoverable Credentials currently. We will add >>> Android once the platform supports that. >>> >>> Risks >>> Interoperability and Compatibility >>> >>> This feature adds a WebAuthn extension and PaymentRequest payment method >>> type, so the interop risk is that other browsers do not implement these >>> types. The feature is detectable (though it could be easier[0]), so it >>> should be possible for Web Developers to determine if SPC is enabled for a >>> given user agent visiting their site. There is a risk that the feature will >>> evolve away from the PaymentRequest API[1], which would then require a >>> deprecation of the current API entry-point. It is worth noting that >>> deprecations for payment are often easier than for the general web, as >>> there are far, far fewer payment developers and websites that accept >>> payments are almost always kept up to date (or their payment integrations >>> might break!). [0]: >>> https://github.com/w3c/secure-payment-confirmation/issues/81#issuecomment-885046226 >>> >>> [1]: https://github.com/w3c/secure-payment-confirmation/issues/65 >>> >>> Gecko: No signal ( >>> https://github.com/mozilla/standards-positions/issues/570 >>> <https://chromestatus.com/admin/features/launch/5702310124584960/5?intent=1>) >>> >>> Historically (>1 year old) positive signal from informal conversation in >>> W3C Payment Handler meetings. However Firefox have since not been involved >>> in the API development. >>> >>> WebKit: No signal ( >>> https://lists.webkit.org/pipermail/webkit-dev/2021-August/031956.html) >>> >>> Web developers: Positive ( >>> https://lists.w3.org/Archives/Public/public-payments-wg/2021Aug/0005.html) >>> Support and involvement in API development from multiple web developers and >>> payment industry partners. Both Stripe and AirBnB have publicly stated that >>> they have either completed or are in the process of >>> prototyping/experimenting with SPC >>> >>> Debuggability >>> >>> Existing devtools debugging features should cover SPC (e.g. breakpoints, >>> console, etc) >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>> ?Partially >>> >>> >>> https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned >>> >>> The WPT test suite is only partially complete and needs to be extended, >>> but this first requires building out test automation machinery and >>> content_shell support. The team is committed to this post initial launch. >>> >> >> What would be the timelines for that commitment? >> >> >>> >>> Requires code in //chrome?True >>> >>> Tracking bughttps://crbug.com/1124927 >>> >>> Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1236570# >>> >>> Estimated milestones >>> Ship: M95. Note that this is directly after the end of the Origin Trial, >>> so we are still trying to determine whether we should do the 'week off' >>> approach or apply for a no-skip transition. For the latter option, I think >>> we may meet the bar. We've significantly changed the API in both M93 and >>> M94 during the origin trial, and so M95 for example is not compatible with >>> someone using code from M93. >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5702310124584960 >>> >>> Links to previous Intent discussionsIntent to prototype: >>> https://groups.google.com/a/chromium.org/d/topic/blink-dev/myUR5gyd5Js/discussion >>> Intent to Experiment: >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/6Dd00NJ-td8 >>> >> >> Any feedback from the Origin Trial? >> >> >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://www.chromestatus.com/>, and then hand-edited. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maf_i31Fw0VLVbaLfmvNDS1kqWb-RqbOei_in7O0jXC89Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d69add5b-7cf8-4722-a088-252951ae095cn%40chromium.org.
