- From: Sarangdhar, Nitin V <nitin.v.sarangdhar@intel.com>
- Date: Wed, 6 Feb 2019 22:26:44 +0000
- To: Ian Jacobs <ij@w3.org>, "kepeng.lkp@alibaba-inc.com" <kepeng.lkp@alibaba-inc.com>, "Fenwick, Valerie" <valerie.fenwick@intel.com>
- CC: Nick Telford-Reed <nicktr@gmail.com>, Adrian Hope-Bailie <adrian@coil.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Ian I am currently as a member of FIDO/WebAuthn Security group and an observer of the security interest WG, while the group is getting reconstituted. One of the roles that security interest WG can play is to harmonize the security activities going on in other WGs that yur WG may not be aware of. I had following questions/comments on the Payment Request API proposal. From FIDO perspective we have identified following two significant security events from the Payment Request API. - User Authentication: A valid user is making the request. - Transaction Confirmation: The user is confirming the final transactions. From Verifiable Claims WG perspective I see following significant security events from the Payment Request API - User verifiable claim: The user is authorized to perform the proposed payment. From your WG have you done any classification of any specific security events? Or do you treat all actions to have equivalent security properties. I would be interested in understanding that perspective. If it would help for me to clarify my questions by attending one of your meetings please let me know. Nitin Sarangdhar Sr. Principal Engineer (503)-264-6140 -----Original Message----- From: Ian Jacobs [mailto:ij@w3.org] Sent: Tuesday, February 05, 2019 1:13 PM To: kepeng.lkp@alibaba-inc.com; Fenwick, Valerie <valerie.fenwick@intel.com> Cc: Nick Telford-Reed <nicktr@gmail.com>; Adrian Hope-Bailie <adrian@coil.com>; public-web-security@w3.org Subject: Request for review of substantive changes to Payment Request API -- by 19 February 2019 Valerie, Kepeng, On behalf of the Web Payments Working Group, I would like to request Security Interest Group review of substantive changes to Payment Request API since it was last published as a Candidate Recommendation in July 2018 [1]. I am asking for this review as we prepare to return to Candidate Recommendation (and then Proposed Recommendation). I would like to request review of these changes by 19 February 2019. If that is not feasible, please let us know a date by which you could provide a response. Here are the substantive changes (in descriptive format): https://lists.w3.org/Archives/Public/public-payments-wg/2019Feb/0003 That email includes additional information such as links to the full edit history. For the updated specification, see the Editors' Draft: https://w3c.github.io/payment-request/ Thank you for your consideration of this request. Let me know if you have any questions. For the co-Chairs of the Web Payments Working Group, Ian Jacobs [1] https://www.w3.org/TR/2018/CR-payment-request-20180709/ -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Wednesday, 6 February 2019 22:28:13 UTC