IETF Logo Mail Archive

Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

Ian Jacobs <ij@w3.org> Tue, 23 May 2023 12:48 UTC

Return-Path: <ij@w3.org>
X-Original-To: webauthn-reg-review@ietfa.amsl.com
Delivered-To: webauthn-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56D54C151710 for <webauthn-reg-review@ietfa.amsl.com>; Tue, 23 May 2023 05:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2ILQPNNIi7h for <webauthn-reg-review@ietfa.amsl.com>; Tue, 23 May 2023 05:48:02 -0700 (PDT)
Received: from tucana.w3.org (tucana.w3.org [128.30.52.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12BBC15170B for <webauthn-reg-review@ietf.org>; Tue, 23 May 2023 05:48:02 -0700 (PDT)
Received: from 107-195-167-16.lightspeed.cicril.sbcglobal.net ([107.195.167.16] helo=smtpclient.apple) by tucana.w3.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ij@w3.org>) id 1q1RQm-00DmHX-Mb; Tue, 23 May 2023 12:48:00 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\))
From: Ian Jacobs <ij@w3.org>
In-Reply-To: <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com>
Date: Tue, 23 May 2023 07:47:59 -0500
Cc: "webauthn-reg-review@ietf.org" <webauthn-reg-review@ietf.org>, Stephen McGruer <smcgruer@google.com>, Philippe Le Hégaret <plh@w3.org>
X-Mao-Original-Outgoing-Id: 706538869.341292-160f7f8d37f183b28e075ae7c46835f3
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B3FB6B1-A6C1-4AD3-B5E5-89C088185AEC@w3.org>
References: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org> <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>
X-Mailer: Apple Mail (2.3731.500.231)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webauthn-reg-review/lI2-Q4GmuzNosjVidQ8Mml9bi78>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
X-BeenThere: webauthn-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Registration requests should be sent to the mailing list described in \[draft-hodges-webauthn-registries, Section 17\]." <webauthn-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webauthn-reg-review/>
List-Post: <mailto:webauthn-reg-review@ietf.org>
List-Help: <mailto:webauthn-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2023 12:48:07 -0000

Hi Giri,

I expect the specification to become a Candidate Recommendation the second week of June. I do not have a sense of when the final Recommendation will be published. 

While a Candidate Recommendation may still change it is "a document that satisfies the technical requirements of the Working Group that produced it and their dependencies, and has already received wide review.” [1]. There will be a “this version” URI for the publication, and that dated version of the specification
will remain unchanged.

Thank you,
Ian

[1] https://www.w3.org/2021/Process-20211102/#RecsCR

> On May 23, 2023, at 3:36 AM, Giridhar Mandyam <mandyam@qti.qualcomm.com> wrote:
> 
> Thanks for the heads' up.  It looks like as per https://w3c.github.io/secure-payment-confirmation/#sctn-payment-extension-registration, it is still a work in progress.  Do you have insight as to when the extension specification will be complete?
> 
> -Giri
> 
> -----Original Message-----
> From: Webauthn-reg-review <webauthn-reg-review-bounces@ietf.org> On Behalf Of Ian Jacobs
> Sent: Monday, May 22, 2023 7:58 AM
> To: webauthn-reg-review@ietf.org
> Cc: Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
> Subject: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
> 
> WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
> 
> Mike, Giridhar,
> 
> The W3C Web Payments Working Group has received Director approval [1] to publish Secure Payment Confirmation (SPC) [2] as a Candidate Recommendation. We expect this publication to take place in early June.
> 
> SPC defines a "payment" WebAuthn extension [3]. After discussion with the Web Authentication Working Group [4] we would like to register this extension in the WebAuthn Extension Identifiers registry [5], following the procedures defined in section 2.2.1 (Registering Extension Identifiers [6]) of RFC 8809 [7].
> 
> Below is a draft of the information for the "payment" extension. I welcome your feedback on whether it satisfies the requirements for registration.
> 
> I also have some questions:
> 
> * My expectation is that we would first publish SPC as a Candidate Recommendation, then I would notify you to complete the registration. Does that work for you?
> 
> * Because this will be the first extension registered by a group other than the Web Authentication Working Group, I have included a Note that the WebAuthn WG has discussed this extension (with a link to the meeting minutes). Is that useful?
> 
> Thank you,
> 
> Ian
> 
> [1] https://github.com/w3c/transitions/issues/504#issuecomment-1545729323
> [2] https://w3c.github.io/secure-payment-confirmation/
> [3] https://w3c.github.io/secure-payment-confirmation/#sctn-payment-extension-registration
> [4] https://www.w3.org/2023/05/03-webauthn-minutes#t0
> [5] https://www.iana.org/assignments/webauthn/webauthn.xhtml
> [6] https://www.rfc-editor.org/rfc/rfc8809.html#section-2.2.1
> [7] https://www.rfc-editor.org/rfc/rfc8809.html
> 
> ========================
> Extension identifier: payment
> 
> Description: This extension supports the following functionality defined by the Secure Payment Confirmation API: (1) it allows credential creation in a cross-origin iframe (2) it allows a party other than the Relying Party to use the credential to perform an authentication ceremony on behalf of the Relying Party, and (3) it allows the browser to identify and cache Secure Payment Confirmation credentials.
> 
> Reference: [<a href="https://www.w3.org/TR/secure-payment-confirmation/“>Secure Payment Confirmation</a>] Section §5, WebAuthn Extension - "payment"
> 
> Change Controller: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]
> 
> Notes: Registration follows <a href="https://www.w3.org/2023/05/03-webauthn-minutes#t01">3 May 2023 discussion</a> with the Web Authentication Working Group.
> 
> ========================
> For Contact Information
> 
> Id: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>]
> 
> Name: W3C Web Payments Working Group
> 
> Contact URI: mailto: public-payments-wg@w3.org
> 
> Last Updated: <date>
> 
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 917 450 8783
> 
> 
> 
> 
> 
> --
> Webauthn-reg-review mailing list
> Webauthn-reg-review@ietf.org
> https://www.ietf.org/mailman/listinfo/webauthn-reg-review

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783

v2.23.0 | Report a Bug | By Email