Re: Re-opening discussion with WebAuthn on credential creation in an iframe

Absolutely, please feel free to.

On Mon, 8 Aug 2022 at 13:06, Ian Jacobs <ij@w3.org> wrote:

> Stephen,
>
> Can I put the link to your draft document in the agenda of the 18th
> meeting?
>
> Ian
>
> > On Aug 2, 2022, at 9:15 AM, Praveena Subrahmanyam <
> praveena.subrahmanyam@airbnb.com> wrote:
> >
> > +1 on the proposal and the comments made in this thread.
> >
> > On Tue, Aug 2, 2022 at 9:12 AM Stephen McGruer <smcgruer@google.com>
> wrote:
> > Hi folks,
> >
> > Thanks Sameer and Gerhard for the input so far on this. Would love to
> hear other viewpoints (including just agreement).
> >
> > > I would also already venture that we make this an agenda point for the
> 18th, at least to discuss, but potentially also to make a decision on this.
> >
> > Ack, SGTM - let's put this on the agenda for the 18th, preferably to
> make a decision :).
> >
> > Thanks,
> > Stephen
> >
> > On Fri, 22 Jul 2022 at 15:22, Tare, Sameer <Sameer.Tare@mastercard..com>
> wrote:
> > Hi Gerhard,
> >
> >
> >
> > Sharing my thoughts on this over email based on an initial read. From a
> Payments/3DS perspective I can see this feature to be of very significant
> value in terms of
> >
> >
> >
> > 1) Scaling the use of FIDO based authentication methods in 3ds eco-system
> >
> >
> >
> > 2) Making the experience of implementing SPC/WebAuthn authentication
> methods for 3ds providers more cohesive where creation of credential does
> not have to offered separately (potentially more challenging when PSPs are
> involved)
> >
> >
> >
> > As this topic evolves, this may require consideration in the EMV 3DSWG.
> The specification as it stands today does not allow registration at the
> time of transaction so that will need to reviewed and we also need to
> consider that the merchants are not negatively impacted from various facets
> of credential creation (user education, latency, errors/cancellation etc)
> >
> >
> >
> > Sameer Tare
> >
> > Director
> >
> > Product Development
> >
> >
> >
> > Mastercard | mobile +1 6365158322 <+1%20636-515-8322>
> >
> > <image001.png>
> >
> >
> >
> > From: Gerhard Oosthuizen <goosthuizen@entersekt.com>
> > Sent: Friday, July 22, 2022 10:04 AM
> > To: Stephen McGruer <smcgruer@google.com>; Web Payments Working Group <
> public-payments-wg@w3.org>
> > Subject: {EXTERNAL} RE: Re-opening discussion with WebAuthn on
> credential creation in an iframe
> >
> >
> >
> > CAUTION: The message originated from an EXTERNAL SOURCE. Please use
> caution when opening attachments, clicking links or responding to this
> email.
> >
> >
> >
> > Hi Stephen,
> >
> >
> >
> > Thank you for the proposal (
> https://docs.google.com/document/d/1mMgktymuzspnhfKC9i6_yBfb_VqXcc-DiBBhe0TSv5I/edit
> )
> >
> >
> >
> > I will confer with the other chairs on the appropriate mechanism to
> indicate working group support for this/to submit it on behalf of the
> working group.
> >
> > I would also already venture that we make this an agenda point for the
> 18th, at least to discuss, but potentially also to make a decision on this.
> >
> >
> >
> > Request for input:
> >
> > It would be great however if we can already get some indications from
> group members on their views on this proposal; including even questions and
> further considerations that we may want to add to this proposal.
> >
> > So to all of us: please weigh in with some initial views on this matter
> via email.
> >
> >
> >
> > My thoughts:
> >
> > The proposal is well-structured and considered. The proposal makes sense
> to me and I can see the benefit to enable certain use-cases. In fact, at
> this stage I have no suggestions for changes or edits.
> >
> >
> >
> > Kind regards,
> >
> > Gerhard
> >
> >
> >
> >
> >
> > From: Stephen McGruer <smcgruer@google.com>
> > Sent: Tuesday, 19 July 2022 15:22
> > To: Web Payments Working Group <public-payments-wg@w3.org>
> > Subject: Re-opening discussion with WebAuthn on credential creation in
> an iframe
> >
> >
> >
> > Hi folks,
> >
> >
> >
> > (Sending email as the next WG meeting isn't until August 18th and so we
> cannot discuss live.)
> >
> >
> >
> > As you may recall, we have discussed a need in the Web Payments WG for
> WebAuthn credential creation to be available in a cross-origin iframe
> (e.g., to allow a https://bank.com iframe embedded inside of
> https://merchant.com to enroll a user during a payment flow). We've heard
> that this is useful both for SPC as well as users of 'pure' WebAuthn.
> >
> >
> >
> > To that end, I've drafted the comment below to re-open the discussion
> with our WebAuthn colleagues on issue 1656. I hope for the comment to be
> made with the backing of the WPWG, so please do take a look and feel free
> to give feedback.
> >
> >
> >
> > [Draft] WebAuthn issue to re-allow credential creation in a cross-origin
> iframe
> >
> >
> >
> > I leave it to the chairs how we might want to ratify support for this;
> I'm happy to wait until the August 18th sync, or perhaps we can just do it
> over email?
> >
> >
> >
> > Thanks,
> >
> > Stephen
> >
> >
> >
> > --
> >
> > smcgruer • he / him
> >
> > CONFIDENTIALITY NOTICE This e-mail message and any attachments are only
> for the use of the intended recipient and may contain information that is
> privileged, confidential or exempt from disclosure under applicable law. If
> you are not the intended recipient, any disclosure, distribution or other
> use of this e-mail message or attachments is prohibited. If you have
> received this e-mail message in error, please delete and notify the sender
> immediately. Thank you.
> >
> >
> > --
> > smcgruer • he / him
>
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 917 450 8783 <+1%20917-450-8783>
>
>
>
>
>
>

-- 
smcgruer • he / him

Received on Monday, 8 August 2022 17:07:56 UTC