RE: WPWG - RP to RPID in SPC specs from EMVCo Technology Consultant on 2022-08-24 (public-payments-wg@w3.org from August 2022)

From: EMVCo Technology Consultant <technology.consultant@emvco.com>
Date: Wed, 24 Aug 2022 07:21:21 +0000
To: Ian Jacobs <ij@w3.org>
CC: Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <PH0PR13MB544517FECA8BE911826B481AE8739@PH0PR13MB5445.namprd13.prod.outlook.com>

Hi Ian and WPWG members,

EMVCo teams reviewed the proposal and explanation provided on this subject.
I'm happy to confirm that there is no impact to the EMV specifications.
So no concern on EMVCo side with this proposal.

Best regards
Bastien

-----Message d'origine-----
De : Ian Jacobs <ij@w3.org> 
Envoyé : vendredi 19 août 2022 15:17
À : EMVCo Technology Objet : Re: WPWG - RP to RPID in SPC specs

Hi Bastien,

Sameer also asked this and I provided a reply on GitHub:
 https://github.com/w3c/secure-payment-confirmation/pull/198#issuecomment-1219806870

Quoted below for convenience.

Ian

===
@stare893 You are correct that SPC input refers to the Web Authentication rpid; see the request dictionary:
https://w3c.github.io/secure-payment-confirmation/#sctn-securepaymentconfirmationrequest-dictionary

This proposal is to change the field name in the output; see the additional payment dictionary:
https://w3c.github.io/secure-payment-confirmation/#sctn-collectedclientadditionalpaymentdata-dictionary

The proposal is that assertions will include the field name "rpid" to align with the Web Authentication name.

The Chrome implementation would support both "rp" and "rpid" field names for some period of time, eventually deprecating "rp".

It was not clear to us on the call today whether the 3DS specification itself would need to change (e.g., because it refers to the "rp" field in the resulting assertion), or if instead it would just be implementations (e.g., ACS) that would need to adapt code to look for "rpid" rather than "rp" in the assertion.
====

> On Aug 19, 2022, at 3:55 AM, EMVCo Technology wrote:
> 
> Hi Ian,
>  
> After exchanging emails with 3DS team, we’re not sure what and where exactly is the change because SPC is already using rpId.
> Do you know exactly what the proposal is / where changes will apply?
>  
> The below is from the SPC documentation. 
>  
> dictionary SecurePaymentConfirmationRequest {
>     required BufferSource challenge;
>     required USVString rpId;
>     required sequence<BufferSource> credentialIds;
>     required PaymentCredentialInstrument instrument;
>     unsigned long timeout;
>     DOMString payeeName;
>     USVString payeeOrigin;
>     AuthenticationExtensionsClientInputs extensions; };
>  
> Note that we are referring to “rpId” in 3DS spec v2.3.1, but I want to 
> make sure we are not missing anything here…
>  
> Thank you for your help on this.
>  
> Best regards
> Bastien

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/

Tel: +1 917 450 8783

Received on Wednesday, 24 August 2022 07:26:49 UTC