- From: ianbjacobs via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Jan 2023 20:33:28 +0000
- To: public-web-security@w3.org
ianbjacobs has just labeled an issue for https://github.com/w3c/security-request as "REVIEW REQUESTED": == Secure Payment Confirmation 2023-01-11 > 2023-02-01 == In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments. - name of spec to be reviewed: Secure Payment Confirmation - URL of spec: https://www.w3.org/TR/2023/WD-secure-payment-confirmation-20230111/ - Does your document have an in-line Security Considerations section, ideally one separate from the Privacy Considerations? https://w3c.github.io/secure-payment-confirmation/#sctn-security-considerations - What and when is your next expected transition? Candidate Recommendation in Q1 2023 - What has changed since any previous review? <blockquote> In August 2022 the Web Payments Working Group requested pre-Candidate Recommendation horizontal review of Secure Payment Confirmation (SPC). All reviews led to satisfactory outcomes. We have not received formal review in this form; see our original request: https://github.com/w3c/security-request/issues/14 Since August 2022, the Web Payments Working Group has made or plans to make two non-editorial changes to the specification that we seek to include in the forthcoming Candidate Recommendation: * The addition of an opt-out feature, requested by developers to help satisfy GDPR requirements. For background, see [issue 172](https://github.com/w3c/secure-payment-confirmation/issues/172) and the resulting [changes to the specification](https://github.com/w3c/secure-payment-confirmation/pull/215). Experimentation with this feature has demonstrated its utility to at least one organization that has experimented with SPC. * The expected removal of a requirement that the user agent consume a user activation during authentication. For background, see [issue 216](https://github.com/w3c/secure-payment-confirmation/issues/216), including the Chrome Team's security and privacy consideration notes. Although we have not yet updated the specification to remove the user activation requirement, we seek your review at this time. We would anticipate the actual change to the specification to be small (and it would include the security and privacy considerations). </blockquote> - Please point to the results of your own self-review: https://github.com/w3c/secure-payment-confirmation/blob/main/security-privacy-questionnaire.md - Where and how to file issues arising? https://github.com/w3c/secure-payment-confirmation/issues - Pointer to any explainer for the spec? https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md See https://github.com/w3c/security-request/issues/47 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 January 2023 20:33:30 UTC