IETF Logo Mail Archive

Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

Ian Jacobs <ij@w3.org> Thu, 15 June 2023 12:41 UTC

Return-Path: <ij@w3.org>
X-Original-To: webauthn-reg-review@ietfa.amsl.com
Delivered-To: webauthn-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0BAC14CE45 for <webauthn-reg-review@ietfa.amsl.com>; Thu, 15 Jun 2023 05:41:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RRlG5QmFeICB for <webauthn-reg-review@ietfa.amsl.com>; Thu, 15 Jun 2023 05:41:45 -0700 (PDT)
Received: from tucana.w3.org (tucana.w3.org [128.30.52.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49A50C14CE36 for <webauthn-reg-review@ietf.org>; Thu, 15 Jun 2023 05:41:44 -0700 (PDT)
Received: from pool-108-46-145-139.nycmny.fios.verizon.net ([108.46.145.139] helo=smtpclient.apple) by tucana.w3.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ij@w3.org>) id 1q9mIH-006J6u-Lk; Thu, 15 Jun 2023 12:41:41 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ian Jacobs <ij@w3.org>
In-Reply-To: <B34A0B9D-FF17-4B7C-A017-C4ECA857EF88@w3.org>
Date: Thu, 15 Jun 2023 07:41:41 -0500
Cc: "webauthn-reg-review@ietf.org" <webauthn-reg-review@ietf.org>, Stephen McGruer <smcgruer@google.com>, Philippe Le Hégaret <plh@w3.org>
X-Mao-Original-Outgoing-Id: 708525690.98883-4b162efc7281b57413958141aa2c65e4
Content-Transfer-Encoding: quoted-printable
Message-Id: <38F5B4F5-BD99-44FA-A646-03AEEA012C8D@w3.org>
References: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org> <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <8B3FB6B1-A6C1-4AD3-B5E5-89C088185AEC@w3.org> <SJ0PR02MB83534413068CE1C9B4E976EC81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B3E2CD8D-9714-40C3-B3EA-1309A85BDB59@w3.org> <SJ0PR02MB8353DF6FFE1584C2B560D32A81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <91F93224-BD6D-4566-AF4B-4D40D57436A8@w3.org> <SJ0PR02MB835344D3D5688BC50D4A822B81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B34A0B9D-FF17-4B7C-A017-C4ECA857EF88@w3.org>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "michael_b_jones@hotmail.com" <michael_b_jones@hotmail.com>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webauthn-reg-review/-NFaDPjBGh2CLB6NfW6M8aBd4XU>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
X-BeenThere: webauthn-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Registration requests should be sent to the mailing list described in \[draft-hodges-webauthn-registries, Section 17\]." <webauthn-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webauthn-reg-review/>
List-Post: <mailto:webauthn-reg-review@ietf.org>
List-Help: <mailto:webauthn-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2023 12:41:47 -0000

Hi Giridhar and Michael,

Today W3C published the Candidate Recommendation of Secure Payment Confirmation:
  https://www.w3.org/TR/2023/CR-secure-payment-confirmation-20230615/

With that publication I’d like to request addition of the “payment” extension to the WebAuthn registry.

I have re-included below the proposed registry data. Please let me know if you’d like any additional information
or if anything needs correction.

Thank you,
Ian
  
========================
Extension identifier: payment

Description: This extension supports the following functionality defined by the Secure Payment Confirmation API: (1) it allows credential creation in a cross-origin iframe (2) it allows a party other than the Relying Party to use the credential to perform an authentication ceremony on behalf of the Relying Party, and (3) it allows the browser to identify and cache Secure Payment Confirmation credentials. For discussion of important ways in which SPC differs from Web Authentication, see in particular the <a href="https://www.w3.org/TR/secure-payment-confirmation/#sctn-security-considerations”>Security Considerations</a> and <a href="https://www.w3.org/TR/secure-payment-confirmation/#sctn-privacy-considerations”>Privacy Considerations</a>.

Reference: [<a href="https://www.w3.org/TR/secure-payment-confirmation/“>Secure Payment Confirmation</a>] Section §5, WebAuthn Extension - "payment"

Change Controller: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]

Notes: Registration follows <a href="https://www.w3.org/2023/05/03-webauthn-minutes#t01">3 May 2023 discussion</a> with the Web Authentication Working Group.

========================
For Contact Information

Id: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]

Name: W3C Web Payments Working Group

Contact URI: mailto: public-payments-wg@w3.org

Last Updated: <date>

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783

v2.23.0 | Report a Bug | By Email