- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 4 May 2022 08:25:06 +0200
- To: Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On 2022-05-02 19:56, Christine Runnegar wrote: > Hi all. > > Wednesday 4 May 2022 > > We’ve been invited to join the Web Payments WG meeting at 11am-noon EDT (1500-1600 UTC) to discuss open issues on Secure Payment Confirmation (SPC): https://github.com/w3cping/tracking-issues/issues?q=is%3Aissue+is%3Aopen+label%3As%3Asecure-payment-confirmation The privacy issues with credentialId (key handle) are essentially covered by the fact that 3DS [1] presumes certified software [2]. That is, even if you handle data that is potentially privacy impeding, a proper server implementation should deal with that which in practical terms means not sharing such data with other parties. It is though worth noting that SPC is likely to be the only API/solution on the market requiring exchange of key handles. The need to provide card number in clear to merchants is IMO more bothering considering that Apple eliminated this already back in 2014 when they introduced Apple Pay. In fact, Merchants do not need card numbers at all; they need a confirmation (from the payment network) that the payment succeeded. Although out of scope for this discussion, Apple's take on the matter also have huge advantages for users and merchants. Unsurprisingly, Google's proprietary payment product follows the path set by Apple. thanx, Anders 1] On-line payment authorization system created by EMVCo 2] Not mentioned in the SPC specification although it is imperative for the integrity and security of the system. > > Their agenda and call links: > https://github.com/w3c/webpayments/wiki/Remote-Agenda-202205 > > Pre-reading (slide deck): > http://www.w3.org/2022/Talks/wpwg-privacy-202205/wpwgp-202205.pptx > http://www.w3.org/2022/Talks/wpwg-privacy-202205/wpwgp-202205.key > > This is part of a 3-day meeting for the Web Payments WG, and the joint session with WebAuthn the next day (1400-1500 UTC Thursday) might also be of interest. > > Thursday 5 May 2022 (PING meeting) > > Here is our agenda: > > (1) Update regarding EPUB 3.3 privacy review > > (2) Privacy review requests from the Web of Things WG > > - Web of Things (WoT) Thing Description 1.1 2022-04-27 > 2022-05-15 > > See: https://github.com/w3cping/privacy-request/issues/84 > > - Web of Things (WoT) Discovery 2022-04-27 > 2022-08-30 > > See: https://github.com/w3cping/privacy-request/issues/83 > > (3) AOB > > Christine >
Received on Wednesday, 4 May 2022 06:25:19 UTC