IETF Logo Mail Archive

Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

Giridhar Mandyam <mandyam@qti.qualcomm.com> Tue, 23 May 2023 08:36 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: webauthn-reg-review@ietfa.amsl.com
Delivered-To: webauthn-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8772C151078 for <webauthn-reg-review@ietfa.amsl.com>; Tue, 23 May 2023 01:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RdUx7qBNBxQ for <webauthn-reg-review@ietfa.amsl.com>; Tue, 23 May 2023 01:36:22 -0700 (PDT)
Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9225DC14F736 for <webauthn-reg-review@ietf.org>; Tue, 23 May 2023 01:36:22 -0700 (PDT)
Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34N62hP6012669; Tue, 23 May 2023 08:36:20 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=qcppdkim1; bh=5wquodxN4O7PgzH5auGGOtIqpbpz0gjGF5a+SPZSiIQ=; b=mq7Wh0/Da/6w5yeK54jaB+DTXzs8UxcxpjDJxFCVFSHag5HinI4FbYTqEEQf2iK9mgYi LWluzLn4HP9divHi/0CsB80mUwncxM1urpHNMNRViMO/7pAvs4eGobw5gLFI0nIzTMLJ JYxJWtk/3I0DdY3q7CrJJUle1wh2+Z9/mPQB+WDT6T78i4VOroiHGd8RyzpTvQj7tAcq ShkGRNuGz9V2DVaUaES/iFxyqKPfx3nPieBB1+xs7yvWV1kXGFXIByfQt5OJiw0KkTbG Q/4Idxn/ugcC+GE3HCQVy33mouttSltTxQt0yjb4D37Ssixztou/ucV/2aBnpHjwf0+n lA==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2177.outbound.protection.outlook.com [104.47.59.177]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3qre8p1cn9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 May 2023 08:36:20 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YrdFtVhcQniA93PpvqKDK3uuH6Y6J9tZz8OXbX6oJo/0omuNoIxYPhV+CjoTRmIXv0EVdBX6PNYEjEhq5UhPtYDB2PNILqR14iuIjt6tphbQyf0Y+5VLmEzZafqlsl0GDag5h+9aP/BxjhmKF0G8rqp2CrVJun0u8AhU7Y/BEYiO40oEsplJPRHmYhWMkbgIiRdW8BB4kPXJXP0gyPQH61WHMFzv9+dKEuMS04aBHNixveYO7hlUK9pH2VQ+5zq/trleQfca6hIBRKwwt1MTPT1d2cVp7rKdOlyt7oJGKpsatGNUCaoKZJ79IJBrzs224+j7Cn0ULSSw+H3k3aRUVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5wquodxN4O7PgzH5auGGOtIqpbpz0gjGF5a+SPZSiIQ=; b=gtzSDivXRTtBTRQSM+u7X1I6pWdzx5LDEzL58yzVJ9MlhAm5laiHj5LF1sH9cEjHkd4pi/7epcyCimNg41B58QRMhjbDFJPjLgOud8jenM4HSoEW1i/17IzOJU4X+zXCJ8Hp9fb+KrQFipprXCXHcJyw/rwnmtYbEU/51EyZjmCuP7vzyjXUD6aoKRilY891cXV7a3meX/bm4fietmMtsJqWQDElub4xP7p5HmYAZacpacu54INdHj+89UkiptFVoHSsraUIlsw5yR6w3BE8h27WuGt8MjlovrDA4u7watY/a4ftcc28Yftp1ZKzDbME/ipY8ejoWKKRCxAgi3SkSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by PH0PR02MB7397.namprd02.prod.outlook.com (2603:10b6:510:1d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Tue, 23 May 2023 08:36:17 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::81a6:750c:da74:9e7b]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::81a6:750c:da74:9e7b%7]) with mapi id 15.20.6411.028; Tue, 23 May 2023 08:36:17 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: Ian Jacobs <ij@w3.org>, "webauthn-reg-review@ietf.org" <webauthn-reg-review@ietf.org>
CC: Stephen McGruer <smcgruer@google.com>, Philippe Le Hégaret <plh@w3.org>
Thread-Topic: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
Thread-Index: AQHZjL3oecRotg+LAEWy8vAMDU1k5q9niFfQ
Date: Tue, 23 May 2023 08:36:17 +0000
Message-ID: <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org>
In-Reply-To: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB8353:EE_|PH0PR02MB7397:EE_
x-ms-office365-filtering-correlation-id: 04419c5a-8710-4621-396f-08db5b68c6c3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UzAet5Au8vXk3wRLLmy/aSjWBe4Rz1osQoCFAVcEK7GL0Lw84I8RIz3Oq0vB2VJofbM/7WcW6jNJukeXUJXtPRfs9JBjOq/XphZ6qxtRgwlACrQVVjF0mdjpqM5IOb4qWn4NVqJezcUkfNr20hLyLU+3TeNb4vpzrMzzxuo5D9tIptOq58BfjSzGZpZ9PDiPreXmUw+x0Q8CWohdrvv+SErR9Fq23KCuPGb5digAvIniAXXi1oPifjx+AlrKHDOaCs1vrPFT3gYfISwqGDodKGF124yiOxwP6rfTlVJfXa1bc177mamWgeGsOWgThhYl8AjH9wFyQ5/+XnlSTDV9TyBzjEnDUBYdPs0Aa4HlfiOGfMCdi89WCOx9NF/ejDnvxEdHFVFZn39ECEwg7GpLfCrlLZfTT9ZmGiCH4+XXM2gLzgm6w5WC2OYrAKMQdP744X5uzHRnf/tyjVZWhrbCZpxsbMhJjPmJKxdogDHFbmkgHhCApREu3RposftPOsujGRNRqODFxPliSQvK+WeTIh7jMzfw1HABfATRGTDEWyvfT9C7AHiexTOXLhilB5gJeNdfPmNYdAF9IifT0rNY36Mz7XwG2ME0eqnC/rFogd5xWk9QCATI5/fTXy7JpU6IFw1ENQSzCUn2fSiGgtMP/A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(136003)(39860400002)(346002)(366004)(376002)(451199021)(122000001)(6506007)(26005)(9686003)(186003)(53546011)(478600001)(66899021)(7696005)(966005)(38100700002)(15650500001)(55016003)(2906002)(71200400001)(76116006)(8936002)(5660300002)(66556008)(66476007)(66946007)(8676002)(66574015)(52536014)(33656002)(86362001)(316002)(54906003)(4326008)(166002)(41300700001)(38070700005)(110136005)(40140700001)(83380400001)(66446008)(64756008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jlv1pF936/4pB6TgTLgn+YKXAo/eMkYxryMx16RXj/1BZvZCojRW2bCak8JFDd3thTmvej/jAnfUR7Bw3d/JuS6qXc1zleKG8TscZYJuj+PgX7sMKuQqe6QpksPuQ9+pgQWiSI2zwu1NVlyPbqFwUPvgqsEPMhtfkbBKfMi0FGomFHyY+NRUeBATNfMVx3MrYP9ZKbN3+0pf0tPMQplqr7ZjnyAGZXhAUh0wshpYB5+cGdRHPAsoq0dWxRQrgUGF4ePm5ZWeHw7dLPYFKtEOA5oTCdF3Ufa8mAQbId5+HE5rBqlyH0yHCus41iMrE96LQOwxHSckFCgRY1hcGSOG2w0fmpUVwbdwuWcc/u6hgRsBacS+4l1TEnPzj3J/sjtl2ieAC9Y+9pQdns+dr/OyL1CDjOFsUEgOTR+Je0/TNeobMEU2UYHBEv0UO8Otdhtspfe8axvYr2sZs4ctiMOwkCyJjpUriyfMFTO+vDaYEq7xGaCMpX2djNJPY6CIntic9w050sZZlAZu71qooKQmbSDP/eYcSMMuAgxKeHAEhYCCJ27PO2mXQheR2nJ5zniNBSb+zA5eGYoQQ5zhTpgzqE1Zbuea0vxw/rOcQ1uGRr1IqD1MS6L7GhyxOaOtDK6MeC3Ff88+kmhfe2YrRrmJ0DZ1ZaxOPkzg0xBwukq928DR3rGDeRt+5tfNLxawaNyi8gTVGOBEGrL8OVWnoAa2r1CFUZZ1skgWF0QnUDCLi9kD5GB/n9sXMeDXDToprMAQjbeqbsbhnK11YaBGsQqk2/FLCTJxUx7Gyt5BdOeppBFiOeMY5npWUPtfznUSH7wtTLwv+p8disUxG6YJNp62KX+IbALNFlZwhmQvWkFf3ktmSXz0skWSSBBoADmYSF5R6HfXWgWYIR/BkR+unx9oUT4sfiT54PB2tKJcGMN6S52Pg/utsgHEia6Ra6g9RB4oHIpfkOS2g0b0lCBdhZzEFc/s1kQmGFXfwZkWFo+iWBPzEbbUz46KU6WkuXZX2pfsCFgpJG5+sIq4FgmSa/Dpsf37O3cQ35/omU7t8FAISB7YOh221PvikGuggb5i0+izwOb4n/0SAONTg1h9HtYt1bvHNuGdoXix3I9ac/ZanU+gf/0wUVI/4uqtpFgTxRUHRyQKES+uJ899QU5MPH5aw4cOB9zhmtCZhkyBO9lSac0jSEkel+5bf6NUyMyWFXqHoV8YxujON8rszLt0KoKfW0CLU47xQLaIiZobPfd0QxWdWGVFjlTbsTk/Pm0woA/OTw/juRbze/WBXTZP+641WF/NtNR1GbC0euZUsU8fiwBoH7Z5msvhDDV0j/bid6rqc9AsyZOszgAcMzLV+Q5Hz6dDXbfNaZo+hauxWNmQ5gqKIb36jypG1+Uji/CquNu8Dc1iIyzwNkC+iLHxV0kTTl3mtBVBYR9CaWfisUdAu1mch/WKP6yFO4PhHE/+t619/xTsHKrGJUYR4bqj9hO4+M1HyqOg1g3p8Ff2LsiD5LWV0tDgA28p0j2p3oT4q/09v3EA2lngq8VlEdn1LwX6GOKqG5nMyYgShsuPi/466jXQVK/go7zmX7JTQWMQAUgY
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: XtZ2lEmVRT4F+ouVS67/7mhdVxLDGxJsgA8lgMujnOD0EBtqYCvq/bclqdnE8CyX+70AkpFLNMG/+9RBQTk7XvUfdn4EHfAhQ/c5a7xcAqj3aPuxJ/US3VyoVqa0pg/P3MHDoXzuM7iB7pqEh+PIMbNMs2SBaWg+kMipEG3jZ3MCNQAgYopBonMKxrGPbxsGURw4WooAc7VItfQ9ui65T/RjyE1QLjpkVwBH3tm+5c6KyTvD3fRRjRJqdI5Tle3tTqYwlQT5+pxFmyo1RgVP/OGn7NYx8t6orXox6uybyRnCFVEDyQe5WyrlMcB2wTUjbWVcUmrNMYuatDVCVzFji5X/lq03cVTsg+n3vTOB9atNkVrgRuLSDdfAKjNuoVH6vGID1JJ7ukdROsFxspTSPaCIFMJhlOIW4gKM/H9FwY0bf6vKeW1ZXjtqV2c7ezI8Yy+2DgbB19dacEZm3TQavs2lKc+RJqztghKzVRoQSGnuVrORaCBUFkPFhIh0PmDokwvW+VAWr4N+yP6VVDrqdA0nPfbu8TTlU3umK4bhPDO6jhsh1u0inb9d5oVOOO158r5xfZwpCGBqQ1K/fm4H0wk3Vb2f4RGO44Y+VNeozYcpB4G2kQ9vME34cavk+RKlN20uIB2x0vKbx/FFWDU8VCjcKfuhQFYpXFotnSGbbumqErc6klFHbyQ2UqDIUnAcX1AVulxZ3btescQYzdZcdbwVnEKDiOzXV97iOLs1zNSj8npscfaxt2U9tsaLFOUv0bVfu88Q+YeAB9le7ZIGnMUntE3TIxtCwfyPO8sg5C5l/WGw/arrD7WvhYSThrgp
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 04419c5a-8710-4621-396f-08db5b68c6c3
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2023 08:36:17.2180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7N2elZwkV3YUXVlSNk07pPNHa0tpBmxW1JJACyHV2orZ3jmRyJoaSC3EIEY+1XiqbNz7HDpgJzgyZHYWa32LSR9rD2Sd3WXxYVjzKATmqS8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB7397
X-Proofpoint-ORIG-GUID: WCtdj_JWsZuCVrHIciND41RG6wfwMcwF
X-Proofpoint-GUID: WCtdj_JWsZuCVrHIciND41RG6wfwMcwF
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-23_04,2023-05-22_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 adultscore=0 mlxlogscore=999 mlxscore=0 malwarescore=0 bulkscore=0 lowpriorityscore=0 spamscore=0 impostorscore=0 clxscore=1011 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305230070
Archived-At: <https://mailarchive.ietf.org/arch/msg/webauthn-reg-review/YV4FKasPm5W5-yes6B_-aV-Cs8s>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
X-BeenThere: webauthn-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Registration requests should be sent to the mailing list described in \[draft-hodges-webauthn-registries, Section 17\]." <webauthn-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webauthn-reg-review/>
List-Post: <mailto:webauthn-reg-review@ietf.org>
List-Help: <mailto:webauthn-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2023 08:36:26 -0000

Thanks for the heads' up.  It looks like as per https://w3c.github.io/secure-payment-confirmation/#sctn-payment-extension-registration, it is still a work in progress.  Do you have insight as to when the extension specification will be complete?

-Giri

-----Original Message-----
From: Webauthn-reg-review <webauthn-reg-review-bounces@ietf.org> On Behalf Of Ian Jacobs
Sent: Monday, May 22, 2023 7:58 AM
To: webauthn-reg-review@ietf.org
Cc: Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
Subject: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Mike, Giridhar,

The W3C Web Payments Working Group has received Director approval [1] to publish Secure Payment Confirmation (SPC) [2] as a Candidate Recommendation. We expect this publication to take place in early June.

SPC defines a "payment" WebAuthn extension [3]. After discussion with the Web Authentication Working Group [4] we would like to register this extension in the WebAuthn Extension Identifiers registry [5], following the procedures defined in section 2.2.1 (Registering Extension Identifiers [6]) of RFC 8809 [7].

Below is a draft of the information for the "payment" extension. I welcome your feedback on whether it satisfies the requirements for registration.

I also have some questions:

* My expectation is that we would first publish SPC as a Candidate Recommendation, then I would notify you to complete the registration. Does that work for you?

* Because this will be the first extension registered by a group other than the Web Authentication Working Group, I have included a Note that the WebAuthn WG has discussed this extension (with a link to the meeting minutes). Is that useful?

Thank you,

Ian

[1] https://github.com/w3c/transitions/issues/504#issuecomment-1545729323
[2] https://w3c.github.io/secure-payment-confirmation/
[3] https://w3c.github.io/secure-payment-confirmation/#sctn-payment-extension-registration
[4] https://www.w3.org/2023/05/03-webauthn-minutes#t0
[5] https://www.iana.org/assignments/webauthn/webauthn.xhtml
[6] https://www.rfc-editor.org/rfc/rfc8809.html#section-2.2.1
[7] https://www.rfc-editor.org/rfc/rfc8809.html

========================
Extension identifier: payment

Description: This extension supports the following functionality defined by the Secure Payment Confirmation API: (1) it allows credential creation in a cross-origin iframe (2) it allows a party other than the Relying Party to use the credential to perform an authentication ceremony on behalf of the Relying Party, and (3) it allows the browser to identify and cache Secure Payment Confirmation credentials.

Reference: [<a href="https://www.w3.org/TR/secure-payment-confirmation/“>Secure Payment Confirmation</a>] Section §5, WebAuthn Extension - "payment"

Change Controller: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]

Notes: Registration follows <a href="https://www.w3.org/2023/05/03-webauthn-minutes#t01">3 May 2023 discussion</a> with the Web Authentication Working Group.

========================
For Contact Information

Id: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]

Name: W3C Web Payments Working Group

Contact URI: mailto: public-payments-wg@w3.org

Last Updated: <date>

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783





--
Webauthn-reg-review mailing list
Webauthn-reg-review@ietf.org
https://www.ietf.org/mailman/listinfo/webauthn-reg-review

v2.23.0 | Report a Bug | By Email