<div dir="auto">Follow up on George s email. Here are how that will impact the browser, probably excluding Apple.<br><br><div data-smartmail="gmail_signature">thx ..Tom (mobile)</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Nick Burris</strong> <span dir="auto"><<a href="mailto:nburris@chromium.org">nburris@chromium.org</a>></span><br>Date: Thu, Jul 30, 2020, 8:51 AM<br>Subject: [blink-dev] Intent to Prototype: Secure payment confirmation<br>To: blink-dev <<a href="mailto:blink-dev@chromium.org">blink-dev@chromium.org</a>><br>Cc: Rouslan Solomakhin <<a href="mailto:rouslan@chromium.org">rouslan@chromium.org</a>>, Danyao Wang <<a href="mailto:danyao@chromium.org">danyao@chromium.org</a>><br></div><br><br><div dir="ltr"><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Contact emails</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><a href="mailto:rouslan@chromium.org" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">rouslan@chromium.org</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">, </span><a href="mailto:nburris@chromium.org" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">nburris@chromium.org</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">, </span><a href="mailto:danyao@chromium.org" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">danyao@chromium.org</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">

</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Explainer</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><a href="https://github.com/rsolomakhin/secure-payment-confirmation" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">https://github.com/rsolomakhin/secure-payment-confirmation</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">


</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Design docs/spec</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><a href="https://bit.ly/secure-payment-confirmation" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">https://bit.ly/secure-payment-confirmation</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">

</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">TAG review</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">


</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Summary</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new PaymentCredential credential type to the Credential Management spec, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the proposed secure-payment-confirmation payment method.

</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Motivation</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
This feature enables a consistent, low friction, strong authentication experience using platform authenticators.  Strong authentication with the user's bank is becoming a requirement for online payments in many regions, including the European Union. The proposed feature provides better user experience and stronger security than existing solutions.

</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Risks</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><div style="box-sizing:border-box;margin:0px 0px 0px 4em;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;color:rgb(102,102,102);white-space:pre-wrap"><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-style:inherit;font-family:inherit;vertical-align:baseline;display:inline-block">Interoperability and Compatibility</label>
This feature adds a WebAuthn credential type and PaymentRequest payment method type, so the interop risk is that other browsers do not implement these types. The PaymentRequest API allows developers to specify multiple supported payment methods in case some are not supported.

<i style="box-sizing:border-box">Gecko</i>: Positive signal from informal conversation in W3C Payment Handler meetings. This feature is part of the Payment Handler API for which Mozilla recently filed an intent to implement.

<i style="box-sizing:border-box">WebKit</i>: No signal</div><div style="box-sizing:border-box;margin:0px 0px 0px 4em;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;color:rgb(102,102,102);white-space:pre-wrap"><br></div><div style="box-sizing:border-box;margin:0px 0px 0px 4em;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;color:rgb(102,102,102);white-space:pre-wrap"><i style="box-sizing:border-box">Web developers</i>: Positive signals from Stripe, which is interested in experimenting with the feature.
</div><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Will this feature be supported on all six Blink platforms (Windows, Mac, Linux,
Chrome OS, Android, and Android WebView)?</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
No
We intend to experiment with Stripe on Mac to first prove the user benefit, and then extend the feature to all platforms, except WebView where PaymentRequest is not supported.</span><div><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Is this feature fully tested by <a href="https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192)" target="_blank" rel="noreferrer">web-platform-tests</a>?</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
No
To be added to the <a href="https://wpt.fyi/results/payment-request?label=experimental&label=master&aligned" target="_blank" rel="noreferrer">payment-request</a> suite.

</span><label style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:600;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;display:inline-block;color:rgb(102,102,102);white-space:pre-wrap">Link to entry on the Chrome Platform Status</label><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">
</span><a href="https://chromestatus.com/feature/5702310124584960" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192);white-space:pre-wrap" target="_blank" rel="noreferrer">https://chromestatus.com/feature/5702310124584960</a><span style="color:rgb(102,102,102);font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgba(255,255,255,0.8)">

</span><div style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-size:14px;font-family:Roboto,sans-serif;vertical-align:baseline;color:rgb(102,102,102);white-space:pre-wrap"><small style="box-sizing:border-box">This intent message was generated by <a href="https://www.chromestatus.com/" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-weight:inherit;font-style:inherit;font-size:11.6667px;font-family:inherit;vertical-align:baseline;text-decoration-line:none;color:rgb(69,128,192)" target="_blank" rel="noreferrer">Chrome Platform Status</a>.</small></div></div></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups "blink-dev" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:blink-dev+unsubscribe@chromium.org" target="_blank" rel="noreferrer">blink-dev+unsubscribe@chromium.org</a>.<br>
To view this discussion on the web visit <a href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHPdSHHtH1XhmNLy1DCL2uO-DHVDOUUUutjs_KLJSzShYw%40mail.gmail.com?utm_medium=email&utm_source=footer" target="_blank" rel="noreferrer">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHPdSHHtH1XhmNLy1DCL2uO-DHVDOUUUutjs_KLJSzShYw%40mail.gmail.com</a>.<br>
</div>