Re: [w3ctag/design-reviews] Secure Payment Confirmation (#544) from Stephen McGruer on 2021-08-24 (public-webapps-github@w3.org from August 2021)

From: Stephen McGruer <notifications@github.com>
Date: Tue, 24 Aug 2021 05:52:39 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/544/904612762@github.com>

(Just realized that the OP is now out of date too and I don't have edit rights, so posting a new version here. Please feel free to request that I open a new issue if that's easier!)

I'm requesting a TAG review of Secure Payment Confirmaton.

Secure Payment Confirmation (SPC) is a proposed Web API to support streamlined authentication during a payment transaction. It is designed to scale authentication across merchants, to be used within a wide range of authentication protocols, and to produce cryptographic evidence that the user has confirmed transaction details.

SPC adds payment-specific capabilities atop WebAuthn and is designed with stronger privacy protections than risk analysis approaches that rely on data collection.

  - Explainer¹: https://github.com/w3c/secure-payment-confirmation/blob/main/explainer.md

  - Security and Privacy self-review²: https://github.com/w3c/secure-payment-confirmation/blob/main/security-privacy-questionnaire.md

  - GitHub repo (if you prefer feedback filed there): https://github.com/w3c/secure-payment-confirmation/

  - Primary contacts (and their relationship to the specification):
      - Stephen McGruer (stephenmcgruer), Google Chrome
      - Rouslan Solomakhin (rsolomakhin), Google Chrome
      - Ian Jacobs (ianbjacobs), W3C
  - Organization/project driving the design:
      - Web Payments WG
      - Google
      - Stripe
  - External status/issue trackers for this feature: https://chromestatus.com/feature/5702310124584960


Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://w3ctag.github.io/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): [Joint Task Force of Web Authentication and Web Payments Working Groups](https://github.com/w3c/webauthn-pay/wiki) (no longer current)
  - The group where standardization of this work is intended to be done ("unknown" if not known):
      - [Web Payments Working Group](https://www.w3.org/blog/wpwg/)
      - [WebAuthn Working Group](https://www.w3.org/blog/webauthn/) (advisory) 
  - Existing major pieces of multi-stakeholder review or discussion of this design:
  - Major unresolved issues with or opposition to this design: N/A
  - This work is being funded by: N/A

You should also know that... N/A

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/544#issuecomment-904612762

Received on Tuesday, 24 August 2021 12:52:52 UTC