- From: Stephen McGruer <smcgruer@google.com>
- Date: Thu, 18 Aug 2022 12:17:00 -0400
- To: Ian Jacobs <ij@w3.org>
- Cc: Praveena Subrahmanyam <praveena.subrahmanyam@airbnb.com>, "Tare, Sameer" <Sameer.Tare@mastercard.com>, Gerhard Oosthuizen <goosthuizen@entersekt.com>, Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CADY3MaerbX-73=fLA__b-=3jYoHPgmJEuwkJB0iUesnYGbz+rw@mail.gmail.com>
Hi folks, Thanks for the discussion and agreement to re-open this discussion today in the WPWG meeting. I have incorporated the requested changes to the comment by Rolf, and have now posted the comment to the WebAuthn issue: https://github.com/w3c/webauthn/issues/1656#issuecomment-1219682589 Thanks, Stephen On Mon, 8 Aug 2022 at 13:07, Stephen McGruer <smcgruer@google.com> wrote: > Absolutely, please feel free to. > > On Mon, 8 Aug 2022 at 13:06, Ian Jacobs <ij@w3.org> wrote: > >> Stephen, >> >> Can I put the link to your draft document in the agenda of the 18th >> meeting? >> >> Ian >> >> > On Aug 2, 2022, at 9:15 AM, Praveena Subrahmanyam < >> praveena.subrahmanyam@airbnb.com> wrote: >> > >> > +1 on the proposal and the comments made in this thread. >> > >> > On Tue, Aug 2, 2022 at 9:12 AM Stephen McGruer <smcgruer@google.com> >> wrote: >> > Hi folks, >> > >> > Thanks Sameer and Gerhard for the input so far on this. Would love to >> hear other viewpoints (including just agreement). >> > >> > > I would also already venture that we make this an agenda point for >> the 18th, at least to discuss, but potentially also to make a decision on >> this. >> > >> > Ack, SGTM - let's put this on the agenda for the 18th, preferably to >> make a decision :). >> > >> > Thanks, >> > Stephen >> > >> > On Fri, 22 Jul 2022 at 15:22, Tare, Sameer <Sameer.Tare@mastercard..com> >> wrote: >> > Hi Gerhard, >> > >> > >> > >> > Sharing my thoughts on this over email based on an initial read. From a >> Payments/3DS perspective I can see this feature to be of very significant >> value in terms of >> > >> > >> > >> > 1) Scaling the use of FIDO based authentication methods in 3ds >> eco-system >> > >> > >> > >> > 2) Making the experience of implementing SPC/WebAuthn authentication >> methods for 3ds providers more cohesive where creation of credential does >> not have to offered separately (potentially more challenging when PSPs are >> involved) >> > >> > >> > >> > As this topic evolves, this may require consideration in the EMV 3DSWG. >> The specification as it stands today does not allow registration at the >> time of transaction so that will need to reviewed and we also need to >> consider that the merchants are not negatively impacted from various facets >> of credential creation (user education, latency, errors/cancellation etc) >> > >> > >> > >> > Sameer Tare >> > >> > Director >> > >> > Product Development >> > >> > >> > >> > Mastercard | mobile +1 6365158322 <+1%20636-515-8322> >> > >> > <image001.png> >> > >> > >> > >> > From: Gerhard Oosthuizen <goosthuizen@entersekt.com> >> > Sent: Friday, July 22, 2022 10:04 AM >> > To: Stephen McGruer <smcgruer@google.com>; Web Payments Working Group < >> public-payments-wg@w3.org> >> > Subject: {EXTERNAL} RE: Re-opening discussion with WebAuthn on >> credential creation in an iframe >> > >> > >> > >> > CAUTION: The message originated from an EXTERNAL SOURCE. Please use >> caution when opening attachments, clicking links or responding to this >> email. >> > >> > >> > >> > Hi Stephen, >> > >> > >> > >> > Thank you for the proposal ( >> https://docs.google.com/document/d/1mMgktymuzspnhfKC9i6_yBfb_VqXcc-DiBBhe0TSv5I/edit >> ) >> > >> > >> > >> > I will confer with the other chairs on the appropriate mechanism to >> indicate working group support for this/to submit it on behalf of the >> working group. >> > >> > I would also already venture that we make this an agenda point for the >> 18th, at least to discuss, but potentially also to make a decision on this. >> > >> > >> > >> > Request for input: >> > >> > It would be great however if we can already get some indications from >> group members on their views on this proposal; including even questions and >> further considerations that we may want to add to this proposal. >> > >> > So to all of us: please weigh in with some initial views on this matter >> via email. >> > >> > >> > >> > My thoughts: >> > >> > The proposal is well-structured and considered. The proposal makes >> sense to me and I can see the benefit to enable certain use-cases. In fact, >> at this stage I have no suggestions for changes or edits. >> > >> > >> > >> > Kind regards, >> > >> > Gerhard >> > >> > >> > >> > >> > >> > From: Stephen McGruer <smcgruer@google.com> >> > Sent: Tuesday, 19 July 2022 15:22 >> > To: Web Payments Working Group <public-payments-wg@w3.org> >> > Subject: Re-opening discussion with WebAuthn on credential creation in >> an iframe >> > >> > >> > >> > Hi folks, >> > >> > >> > >> > (Sending email as the next WG meeting isn't until August 18th and so we >> cannot discuss live.) >> > >> > >> > >> > As you may recall, we have discussed a need in the Web Payments WG for >> WebAuthn credential creation to be available in a cross-origin iframe >> (e.g., to allow a https://bank.com iframe embedded inside of >> https://merchant.com to enroll a user during a payment flow). We've >> heard that this is useful both for SPC as well as users of 'pure' WebAuthn. >> > >> > >> > >> > To that end, I've drafted the comment below to re-open the discussion >> with our WebAuthn colleagues on issue 1656. I hope for the comment to be >> made with the backing of the WPWG, so please do take a look and feel free >> to give feedback. >> > >> > >> > >> > [Draft] WebAuthn issue to re-allow credential creation in a >> cross-origin iframe >> > >> > >> > >> > I leave it to the chairs how we might want to ratify support for this; >> I'm happy to wait until the August 18th sync, or perhaps we can just do it >> over email? >> > >> > >> > >> > Thanks, >> > >> > Stephen >> > >> > >> > >> > -- >> > >> > smcgruer • he / him >> > >> > CONFIDENTIALITY NOTICE This e-mail message and any attachments are only >> for the use of the intended recipient and may contain information that is >> privileged, confidential or exempt from disclosure under applicable law. If >> you are not the intended recipient, any disclosure, distribution or other >> use of this e-mail message or attachments is prohibited. If you have >> received this e-mail message in error, please delete and notify the sender >> immediately. Thank you. >> > >> > >> > -- >> > smcgruer • he / him >> >> -- >> Ian Jacobs <ij@w3.org> >> https://www.w3.org/People/Jacobs/ >> Tel: +1 917 450 8783 <+1%20917-450-8783> >> >> >> >> >> >> > > -- > smcgruer • he / him > -- smcgruer • he / him
Received on Thursday, 18 August 2022 16:17:25 UTC