RE: [Minutes] 7 July task force of the Web Authentication and Web Payments Working Groups

Hi,

Unfortunately I was not able to attend the meeting on 7th of July, so therefore I was not able to ask my questions. I’m hoping you can help me by providing the clarifications on the following points:


  1.  In order to properly generate the assertions RP must provide the challenge i.e. secure random value that the authenticator signs. I understand that in the proposal the assertions are going to be verified by the issuer, so the issuer is going to be generating the challenge value. If so, then how the value is obtained by the merchant/PSP and transmitted to PR API?



  1.  From the enrolment flow I understand that the Payment Handler (?) is registering credentials by redirecting to the issuer? I wonder how does the PH know which issuer to register credentials for? In 3-D Secure it’s a role od Directory Server to allow 3DS Server to identify Issuer’s ACS. I’m missing that piece of a jigsaw in the proposed flow.



  1.  In the first flow the card details are key entered by the consumer into the existing checkout form. I wonder how the card details are provided into the PH? Do I get that right the data is simply provided into PR API?


I hope my questions make sense to you.

Best Regards,
Tomasz




Tomasz Błachowicz
Payment API Specification Consultant
Products and Innovation, Digital Platforms

Mastercard
Remote | Łódź, Poland
tel +44 (20) 75132236 | mobile +48 604 746 061
[cid:image001.png@01D656C6.D8AC1D40]<www.mastercard.com>

From: Danyao Wang <danyao@google.com>
Sent: 08 July 2020 00:37
To: Ian Jacobs <ij@w3.org>
Cc: public-webauthn-pay@w3.org
Subject: Re: [Minutes] 7 July task force of the Web Authentication and Web Payments Working Groups


CAUTION: The message originated from an EXTERNAL SOURCE. Please use caution when opening attachments, clicking links or responding to this email.



On Tue, Jul 7, 2020 at 11:44 AM Ian Jacobs <ij@w3.org<mailto:ij@w3.org>> wrote:
Hi all,

Minutes from today’s discussion:
   https://www.w3.org/2020/07/07-webauthn-pay-minutes<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.w3.org_2020_07_07-2Dwebauthn-2Dpay-2Dminutes&d=DwMFaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP0bDlmMmY&r=gGO7JtsSyntBU-GDdHDB4l3lQwFRpuFyuge3kx2OlvY&m=60YUA-t5tjMadOQ5EN93h5Kv6Irkag2afKiAVqlGZm8&s=2uPg9xslLT9hLWov7cDpt-A7_M9kuQmUvbBPZtrHNIg&e=>

Slides from Danyao will be available shortly and linked from the minutes.

Here are the slides: https://docs.google.com/presentation/d/1MlgVNcknyzhAB0VIymoi9jW-lzzyuzAD6z2r6lAIkLM/edit#slide=id.p<https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_presentation_d_1MlgVNcknyzhAB0VIymoi9jW-2DlzzyuzAD6z2r6lAIkLM_edit-23slide-3Did.p&d=DwMFaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP0bDlmMmY&r=gGO7JtsSyntBU-GDdHDB4l3lQwFRpuFyuge3kx2OlvY&m=60YUA-t5tjMadOQ5EN93h5Kv6Irkag2afKiAVqlGZm8&s=TI23w3ZCCATIhDpU1mI0UTxTAxmeqaP_QoP-VIBvogA&e=>


Next call: 21 July

Thank you,

Ian

--
Ian Jacobs <ij@w3.org<mailto:ij@w3.org>>
https://www.w3.org/People/Jacobs/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.w3.org_People_Jacobs_&d=DwMFaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP0bDlmMmY&r=gGO7JtsSyntBU-GDdHDB4l3lQwFRpuFyuge3kx2OlvY&m=60YUA-t5tjMadOQ5EN93h5Kv6Irkag2afKiAVqlGZm8&s=PlA1iGNP4tHRC0UrgoPCHhjFovAHqsmv2yhqi1V7ZG4&e=>
Tel: +1 718 260 9447<tel:(718)%20260-9447>



CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.