- From: Stephen McGruer <smcgruer@google.com>
- Date: Thu, 23 May 2024 08:50:47 -0400
- To: Adrian Hope-Bailie <adrian@fynbos.dev>
- Cc: Ian Jacobs <ij@w3.org>, public-payments-wg@w3.org
- Message-ID: <CADY3Maek=+hNmETNbCnYKDKB1xOho=f-_RS+y+4xH3WQ_C2=9A@mail.gmail.com>
> • SPC and device binding With apologies for how late this is, I've now posted a proposal to the SPC repo for this - https://github.com/w3c/secure-payment-confirmation/issues/271 During the WG sync, I'll talk through the proposal and hopefully we'll be able to have some robust discussion on it :D. On Thu, 23 May 2024 at 07:00, Adrian Hope-Bailie <adrian@fynbos.dev> wrote: > Thank you! Here's the slides I'll use > > On Wed, May 22, 2024 at 3:50 PM Ian Jacobs <ij@w3.org> wrote: > >> Hi Adrian, >> >> Sounds great; I’ve added it to the agenda. Let’s count on 15-20 minutes >> towards the end of the call. >> >> Ian >> >> > On May 22, 2024, at 8:02 AM, Adrian Hope-Bailie <adrian@fynbos.dev> >> wrote: >> > >> > If there is room in the agenda I'd like to discuss a problem we are >> trying to solve in the WICG with relation to Web Monetization. >> > Specifically, we are trying to find a way to securely provision a >> signing key in the browser to be able to make signed API calls to a >> 3rd-party (digital wallet, PSP, bank etc) to initiate small payments >> without user interaction. >> > >> > For some context, the user experience is that the user authorizes the >> browser to make certain payments (under a specific value, to specific >> merchants etc) without requiring strong authentication. >> > >> > For example, the user approves their browser sending "micro-payments" >> (under $1) up to a limit of $10 per month to websites they visit. >> > Each time the user visits a website that is able to receive these >> payments the browser makes a payment based on some heuristic (e.g. the user >> visits it often). >> > >> > We don't want the browser to invoke WebAuthn/passkeys each time it >> makes an API call in order to sign the API call (signed API requests is how >> the system authenticates the client) but we are also wary of keys in >> software that can be exfiltrated. >> > >> > I have a proposal for how this could work and would like 15 minutes to >> walk it through and get feedback if time allows? >> > >> > >> > >> > On Tue, May 21, 2024 at 6:26 PM Ian Jacobs <ij@w3.org> wrote: >> > Dear Web Payments WG, >> > >> > Here is the agenda for our 23 May teleconference: >> > https://github.com/w3c/webpayments/wiki/Agenda-20240523 >> > >> > Currently confirmed: >> > >> > • SPC and device binding >> > • Next meeting: 6 June >> > >> > For meeting information, log into the W3C calendar: >> > https://www.w3.org/groups/wg/payments/calendar >> > >> > For the co-Chairs, >> > Ian >> > >> > -- >> > Ian Jacobs <ij@w3.org> >> > https://www.w3.org/People/Jacobs/ >> > Tel: +1 917 450 8783 <+1%20917-450-8783> >> > >> > >> > >> > >> > >> > >> >> -- >> Ian Jacobs <ij@w3.org> >> https://www.w3.org/People/Jacobs/ >> Tel: +1 917 450 8783 <+1%20917-450-8783> >> >> >> >> >> >> -- smcgruer • he / him
Received on Thursday, 23 May 2024 12:51:06 UTC