Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
Ian Jacobs <ij@w3.org> Mon, 17 July 2023 16:38 UTC
Return-Path: <ij@w3.org>
X-Original-To: webauthn-reg-review@ietfa.amsl.com
Delivered-To: webauthn-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E23DDC13AE42 for <webauthn-reg-review@ietfa.amsl.com>; Mon, 17 Jul 2023 09:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0X00CEYFDhZM for <webauthn-reg-review@ietfa.amsl.com>; Mon, 17 Jul 2023 09:37:59 -0700 (PDT)
Received: from tucana.w3.org (tucana.w3.org [128.30.52.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1829C13AE3F for <webauthn-reg-review@ietf.org>; Mon, 17 Jul 2023 09:37:59 -0700 (PDT)
Received: from 107-195-167-16.lightspeed.cicril.sbcglobal.net ([107.195.167.16] helo=smtpclient.apple) by tucana.w3.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ij@w3.org>) id 1qLRES-00B1At-EZ; Mon, 17 Jul 2023 16:37:56 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ian Jacobs <ij@w3.org>
In-Reply-To: <38F5B4F5-BD99-44FA-A646-03AEEA012C8D@w3.org>
Date: Mon, 17 Jul 2023 11:37:55 -0500
Cc: "webauthn-reg-review@ietf.org" <webauthn-reg-review@ietf.org>, Stephen McGruer <smcgruer@google.com>, Philippe Le Hégaret <plh@w3.org>
X-Mao-Original-Outgoing-Id: 711304665.612828-a2deec8c79325e6c5f5296f9ea9122b6
Content-Transfer-Encoding: quoted-printable
Message-Id: <2442E340-BE6E-44DA-A123-2107A20DC9EA@w3.org>
References: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org> <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <8B3FB6B1-A6C1-4AD3-B5E5-89C088185AEC@w3.org> <SJ0PR02MB83534413068CE1C9B4E976EC81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B3E2CD8D-9714-40C3-B3EA-1309A85BDB59@w3.org> <SJ0PR02MB8353DF6FFE1584C2B560D32A81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <91F93224-BD6D-4566-AF4B-4D40D57436A8@w3.org> <SJ0PR02MB835344D3D5688BC50D4A822B81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B34A0B9D-FF17-4B7C-A017-C4ECA857EF88@w3.org> <38F5B4F5-BD99-44FA-A646-03AEEA012C8D@w3.org>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "michael_b_jones@hotmail.com" <michael_b_jones@hotmail.com>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webauthn-reg-review/lwgZSNbWMXFw-eMy7UPqE8GOTrM>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
X-BeenThere: webauthn-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Registration requests should be sent to the mailing list described in \[draft-hodges-webauthn-registries, Section 17\]." <webauthn-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webauthn-reg-review/>
List-Post: <mailto:webauthn-reg-review@ietf.org>
List-Help: <mailto:webauthn-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2023 16:38:02 -0000
Hi Giridhar and Michael, I wanted to see whether there are any updates regarding this request to add the ‘payment’ extension to the WebAuthn extension registry. Thank you, Ian > On Jun 15, 2023, at 7:41 AM, Ian Jacobs <ij@w3.org> wrote: > > Hi Giridhar and Michael, > > Today W3C published the Candidate Recommendation of Secure Payment Confirmation: > https://www.w3.org/TR/2023/CR-secure-payment-confirmation-20230615/ > > With that publication I’d like to request addition of the “payment” extension to the WebAuthn registry. > > I have re-included below the proposed registry data. Please let me know if you’d like any additional information > or if anything needs correction. > > Thank you, > Ian > > ======================== > Extension identifier: payment > > Description: This extension supports the following functionality defined by the Secure Payment Confirmation API: (1) it allows credential creation in a cross-origin iframe (2) it allows a party other than the Relying Party to use the credential to perform an authentication ceremony on behalf of the Relying Party, and (3) it allows the browser to identify and cache Secure Payment Confirmation credentials. For discussion of important ways in which SPC differs from Web Authentication, see in particular the <a href="https://www.w3.org/TR/secure-payment-confirmation/#sctn-security-considerations”>Security Considerations</a> and <a href="https://www.w3.org/TR/secure-payment-confirmation/#sctn-privacy-considerations”>Privacy Considerations</a>. > > Reference: [<a href="https://www.w3.org/TR/secure-payment-confirmation/“>Secure Payment Confirmation</a>] Section §5, WebAuthn Extension - "payment" > > Change Controller: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>] > > Notes: Registration follows <a href="https://www.w3.org/2023/05/03-webauthn-minutes#t01">3 May 2023 discussion</a> with the Web Authentication Working Group. > > ======================== > For Contact Information > > Id: [<a href="https://www.w3.org/groups/wg/">W3C_Web_Payments_Working_Group</a>] > > Name: W3C Web Payments Working Group > > Contact URI: mailto: public-payments-wg@w3.org > > Last Updated: <date> > > -- > Ian Jacobs <ij@w3.org> > https://www.w3.org/People/Jacobs/ > Tel: +1 917 450 8783 > > > > > -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 917 450 8783
- [Webauthn-reg-review] Request to add payment exte… Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Michael Jones
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Ian Jacobs
- Re: [Webauthn-reg-review] Request to add payment … Giridhar Mandyam
- Re: [Webauthn-reg-review] Request to add payment … Michael Jones
- [Webauthn-reg-review] [IANA #1281661] RE: Request… David Dong via RT
- Re: [Webauthn-reg-review] [IANA #1281661] Request… Ian Jacobs