Re: [Minutes] 23 August 2021 SPC Task Force; next call is 30 August

Thanks Adrian; if you don't mind I'll follow up in the issue
<https://github.com/w3c/secure-payment-confirmation/issues/101> for
discussion.

On Tue, 24 Aug 2021 at 05:30, Adrian Hope-Bailie <adrian@fynbos.dev> wrote:

> Hi all,
>
> The existing spec I was trying to remember on the call was Subresource
> Integrity <https://www.w3.org/TR/SRI/> (Not CSP)
> I suggest we leverage this spec (make it a normative dependency and simply
> re-use the algorithms here) to avoid reinventing the wheel.
>
> @Stephen McGruer <smcgruer@google.com> and @Rouslan Solomakhin
> <rouslan@google.com>
> My suggestion would be that we update the PaymentCredentialInstrument
> <https://w3c.github.io/secure-payment-confirmation/#dictdef-paymentcredentialinstrument> to
> have an optional "iconIntegrity" member that gets it's definition from SRI.
> In the algorithm to check if a payment can be made
> <https://w3c.github.io/secure-payment-confirmation/#sctn-steps-to-check-if-a-payment-can-be-made>
> we check if there is an integrity value provided and if so we follow the
> algorithm s defined in SRI to parse it and validate it against the content
> fetched for the image.
> Would that work?
>
> This doesn't answer the question about whether we should show an RP icon
> but I think that is a separate issue.
>
> Adrian
>
> On Mon, Aug 23, 2021 at 6:41 PM Ian Jacobs <ij@w3.org> wrote:
>
>> Dear WPWG,
>>
>> Minutes from today's SPC task force call:
>>  https://www.w3.org/2021/08/23-wpwg-spc-minutes
>>
>> Next task force call: 30 August.
>>
>> There will be no call on 6 September.
>>
>> Thanks!
>>
>> Ian
>>
>> --
>> Ian Jacobs <ij@w3.org>
>> https://www.w3.org/People/Jacobs/
>> Tel: +1 718 260 9447 <+1%20718-260-9447>
>>
>>
>>
>>
>>
>>

-- 
smcgruer • he / him

Received on Thursday, 26 August 2021 13:38:11 UTC