[privacy-request] Issue: Secure Payment Confirmation 2023-01-11 > 2023-02-01 (#110) marked as REVIEW REQUESTED

ianbjacobs has just labeled an issue for https://github.com/w3cping/privacy-request as "REVIEW REQUESTED":

== Secure Payment Confirmation 2023-01-11 > 2023-02-01 ==
- name of spec to be reviewed: Secure Payment Confirmation (SPC)
- URL of spec: https://www.w3.org/TR/2023/WD-secure-payment-confirmation-20230111/

- What and when is your next expected transition? Candidate Recommendation, Q1 2023
- What has changed since any previous review?

In August 2022 the Web Payments Working Group requested pre-Candidate Recommendation horizontal review of Secure Payment Confirmation (SPC). All reviews led to satisfactory outcomes. Thank you for the privacy review and discussion:
  https://github.com/w3cping/privacy-request/issues/101

Since then, the Web Payments Working Group has made or plans to make two non-editorial changes to the specification that we seek to include in the forthcoming Candidate Recommendation:

* The addition of an opt-out feature, requested by developers to help satisfy GDPR requirements. For background, see [issue 172](https://github.com/w3c/secure-payment-confirmation/issues/172) and the resulting [changes to the specification](https://github.com/w3c/secure-payment-confirmation/pull/215). Experimentation with this feature has demonstrated its utility to at least one organization that has experimented with SPC.
* The expected removal of a requirement that the user agent consume a user activation during authentication. For background, see [issue 216](https://github.com/w3c/secure-payment-confirmation/issues/216), including the Chrome Team's security and privacy consideration notes. Although we have not yet updated the specification to remove the user activation requirement, we seek your review at this time. We would anticipate the actual change to the specification to be small (and it would include the security and privacy considerations).

- Does your document have an in-line Privacy Considerations section, ideally one separate from the Security Considerations? https://w3c.github.io/secure-payment-confirmation/#sctn-privacy-considerations
- Where and how to file issues arising? https://github.com/w3c/secure-payment-confirmation/issues
- Pointer to any explainer for the spec? https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md

Other comments:

* Updates self-review based on Security and Privacy questionnaire: https://github.com/w3c/secure-payment-confirmation/blob/main/security-privacy-questionnaire.md

Thank you!

See https://github.com/w3cping/privacy-request/issues/110


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 11 January 2023 20:26:02 UTC