Skip to content

Commit

Permalink
Merge pull request #261 from w3c/reg-guidance
Browse files Browse the repository at this point in the history 
SHA: 5a27628
Reason: push, by ianbjacobs

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@ianbjacobs @github-actions
ianbjacobs and github-actions[bot] committed Oct 18, 2023
1 parent f75e87b commit 83eb46e
Showing 1 changed file with 16 additions and 4 deletions.
20 changes: 16 additions & 4 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
<meta content="width=device-width, initial-scale=1, shrink-to-fit=no" name="viewport">
<title>Secure Payment Confirmation</title>
<meta content="w3c/ED" name="w3c-status">
<meta content="Bikeshed version 6edc88947, updated Thu Aug 17 11:18:09 2023 -0700" name="generator">
<meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator">
<link href="https://www.w3.org/TR/secure-payment-confirmation/" rel="canonical">
<meta content="591428a58ad0c6503c303a246fac4830966b5a0c" name="document-revision">
<meta content="5a27628948cb9dca9cdd4171ef0897f1e776ca9c" name="document-revision">
<style>/* Boilerplate: style-autolinks */
.css.css, .property.property, .descriptor.descriptor {
color: var(--a-normal-text);
Expand Down Expand Up @@ -785,7 +785,7 @@
<div class="head">
<p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
<h1 class="p-name no-ref" id="title">Secure Payment Confirmation</h1>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-08-22">22 August 2023</time></p>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-10-18">18 October 2023</time></p>
<details open>
<summary>More details about this document</summary>
<div data-fill-with="spec-metadata">
Expand Down Expand Up @@ -1306,6 +1306,12 @@ <h2 class="heading settled" data-level="3" id="sctn-registration"><span class="s
may remove the requirement for the extension from SPC. Note that
SPC credentials (with the extension) are otherwise full-fledged
WebAuthn credentials.</p>
<p class="note" role="note"><span class="marker">Note:</span> At registration time, Web Authentication requires both <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name" id="ref-for-dom-publickeycredentialentity-name">name</a></code> and <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname" id="ref-for-dom-publickeycredentialuserentity-displayname">displayName</a></code>, although per the
definition of the <a data-link-type="dfn" href="https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-user" id="ref-for-dom-publickeycredentialcreationoptions-user">user member</a>, implementations are not
required to display either of them in subsequent authentication
ceremonies. Of the two, as of October 2023 <code class="idl"><a data-link-type="idl" href="https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name" id="ref-for-dom-publickeycredentialentity-name①">name</a></code> is shown more
consistently. Developers should continue to monitor
implementations.</p>
<h2 class="heading settled" data-level="4" id="sctn-authentication"><span class="secno">4. </span><span class="content">Authentication</span><a class="self-link" href="#sctn-authentication"></a></h2>
<p>To authenticate a payment via Secure Payment Confirmation, this specification
defines a new <a data-link-type="dfn" href="https://w3c.github.io/payment-request/#dfn-payment-method" id="ref-for-dfn-payment-method①">payment method</a>, "<a data-link-type="dfn" href="#secure-payment-confirmation" id="ref-for-secure-payment-confirmation">secure-payment-confirmation</a>". This
Expand Down Expand Up @@ -2605,6 +2611,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
<li><span class="dfn-paneled" id="5d6beb3a">registration extension</span>
<li><span class="dfn-paneled" id="77a62788">relying party</span>
<li><span class="dfn-paneled" id="c92c9b81">relying party identifier</span>
<li><span class="dfn-paneled" id="c7e62ce0">user member</span>
<li><span class="dfn-paneled" id="2e3d2880">webauthn extension</span>
</ul>
<li>
Expand All @@ -2622,9 +2629,11 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
<li><span class="dfn-paneled" id="5a486d64">authenticatorSelection</span>
<li><span class="dfn-paneled" id="0624097e">challenge <small>(for CollectedClientData)</small></span>
<li><span class="dfn-paneled" id="7a83f58e">challenge <small>(for PublicKeyCredentialRequestOptions)</small></span>
<li><span class="dfn-paneled" id="853b63e3">displayName</span>
<li><span class="dfn-paneled" id="af57cf45">extensions</span>
<li><span class="dfn-paneled" id="82de8c4b">id</span>
<li><span class="dfn-paneled" id="447b180f">internal</span>
<li><span class="dfn-paneled" id="5f03b645">name</span>
<li><span class="dfn-paneled" id="221df805">origin</span>
<li><span class="dfn-paneled" id="2c8910a4">platform</span>
<li><span class="dfn-paneled" id="a7e81336">preferred</span>
Expand Down Expand Up @@ -2703,7 +2712,7 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
<dt id="biblio-url">[URL]
<dd>Anne van Kesteren. <a href="https://url.spec.whatwg.org/"><cite>URL Standard</cite></a>. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
<dt id="biblio-webauthn-3">[WEBAUTHN-3]
<dd>Jeff Hodges; et al. <a href="https://w3c.github.io/webauthn/"><cite>Web Authentication: An API for accessing Public Key Credentials - Level 3</cite></a>. URL: <a href="https://w3c.github.io/webauthn/">https://w3c.github.io/webauthn/</a>
<dd>Michael Jones; Akshay Kumar; Emil Lundberg. <a href="https://w3c.github.io/webauthn/"><cite>Web Authentication: An API for accessing Public Key Credentials - Level 3</cite></a>. URL: <a href="https://w3c.github.io/webauthn/">https://w3c.github.io/webauthn/</a>
<dt id="biblio-webdriver1">[WEBDRIVER1]
<dd>Simon Stewart; David Burns. <a href="https://w3c.github.io/webdriver/"><cite>WebDriver</cite></a>. URL: <a href="https://w3c.github.io/webdriver/">https://w3c.github.io/webdriver/</a>
<dt id="biblio-webdriver2">[WebDriver2]
Expand Down Expand Up @@ -3139,6 +3148,7 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
window.dfnpanelData['5d6beb3a'] = {"dfnID": "5d6beb3a", "url": "https://w3c.github.io/webauthn/#registration-extension", "dfnText": "registration extension", "refSections": [{"refs": [{"id": "ref-for-registration-extension"}, {"id": "ref-for-registration-extension\u2460"}, {"id": "ref-for-registration-extension\u2461"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['77a62788'] = {"dfnID": "77a62788", "url": "https://w3c.github.io/webauthn/#relying-party", "dfnText": "relying party", "refSections": [{"refs": [{"id": "ref-for-relying-party"}, {"id": "ref-for-relying-party\u2460"}, {"id": "ref-for-relying-party\u2461"}, {"id": "ref-for-relying-party\u2462"}, {"id": "ref-for-relying-party\u2463"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-relying-party\u2464"}], "title": "1.1.1. Cryptographic evidence of transaction confirmation"}, {"refs": [{"id": "ref-for-relying-party\u2465"}], "title": "1.1.2. Registration in a third-party iframe"}, {"refs": [{"id": "ref-for-relying-party\u2466"}, {"id": "ref-for-relying-party\u2467"}, {"id": "ref-for-relying-party\u2468"}], "title": "1.1.3. Merchant control of authentication"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea"}, {"id": "ref-for-relying-party\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2461"}, {"id": "ref-for-relying-party\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2463"}], "title": "2. Terminology"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464"}], "title": "4. Authentication"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465"}], "title": "4.1.10. Displaying a transaction confirmation UX"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466"}, {"id": "ref-for-relying-party\u2460\u2467"}], "title": "5. WebAuthn Extension - \"payment\""}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468"}], "title": "5.2. CollectedClientAdditionalPaymentData Dictionary"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2460"}], "title": "6.1. PaymentCredentialInstrument Dictionary"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2463"}, {"id": "ref-for-relying-party\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2467"}, {"id": "ref-for-relying-party\u2461\u2468"}], "title": "8.1. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460"}], "title": "10.1. Cross-origin authentication ceremony"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461"}, {"id": "ref-for-relying-party\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2466"}, {"id": "ref-for-relying-party\u2462\u2467"}], "title": "10.1.1. Login Attack"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460"}], "title": "10.1.2. Payment Attack"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2462"}], "title": "10.2. Merchant-supplied authentication data"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2464"}], "title": "11.2. Probing for credential ids"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2468"}, {"id": "ref-for-relying-party\u2464\u24ea"}], "title": "11.3. Joining different payment instruments"}, {"refs": [{"id": "ref-for-relying-party\u2464\u2460"}, {"id": "ref-for-relying-party\u2464\u2461"}, {"id": "ref-for-relying-party\u2464\u2462"}], "title": "11.4. Credential ID(s) as a tracking vector"}], "external": true};
window.dfnpanelData['c92c9b81'] = {"dfnID": "c92c9b81", "url": "https://w3c.github.io/webauthn/#relying-party-identifier", "dfnText": "relying party identifier", "refSections": [{"refs": [{"id": "ref-for-relying-party-identifier"}, {"id": "ref-for-relying-party-identifier\u2460"}], "title": "2. Terminology"}, {"refs": [{"id": "ref-for-relying-party-identifier\u2461"}], "title": "4.1.5. SecurePaymentConfirmationRequest Dictionary"}], "external": true};
window.dfnpanelData['c7e62ce0'] = {"dfnID": "c7e62ce0", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-user", "dfnText": "user member", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user"}], "title": "3. Registration"}], "external": true};
window.dfnpanelData['2e3d2880'] = {"dfnID": "2e3d2880", "url": "https://w3c.github.io/webauthn/#webauthn-extensions", "dfnText": "webauthn extension", "refSections": [{"refs": [{"id": "ref-for-webauthn-extensions"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-webauthn-extensions\u2460"}], "title": "3. Registration"}, {"refs": [{"id": "ref-for-webauthn-extensions\u2461"}], "title": "4.1.5. SecurePaymentConfirmationRequest Dictionary"}], "external": true};
window.dfnpanelData['b6db798e'] = {"dfnID": "b6db798e", "url": "https://w3c.github.io/webauthn/#dictdef-authenticationextensionsclientinputs", "dfnText": "AuthenticationExtensionsClientInputs", "refSections": [{"refs": [{"id": "ref-for-dictdef-authenticationextensionsclientinputs"}, {"id": "ref-for-dictdef-authenticationextensionsclientinputs\u2460"}], "title": "4.1.5. SecurePaymentConfirmationRequest Dictionary"}, {"refs": [{"id": "ref-for-dictdef-authenticationextensionsclientinputs\u2461"}], "title": "4.1.11. Steps to respond to a payment request"}, {"refs": [{"id": "ref-for-dictdef-authenticationextensionsclientinputs\u2462"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['8e16d894'] = {"dfnID": "8e16d894", "url": "https://w3c.github.io/webauthn/#dictdef-collectedclientdata", "dfnText": "CollectedClientData", "refSections": [{"refs": [{"id": "ref-for-dictdef-collectedclientdata"}], "title": "1.1.1. Cryptographic evidence of transaction confirmation"}, {"refs": [{"id": "ref-for-dictdef-collectedclientdata\u2460"}], "title": "5. WebAuthn Extension - \"payment\""}, {"refs": [{"id": "ref-for-dictdef-collectedclientdata\u2461"}, {"id": "ref-for-dictdef-collectedclientdata\u2462"}], "title": "5.1. CollectedClientPaymentData Dictionary"}, {"refs": [{"id": "ref-for-dictdef-collectedclientdata\u2463"}], "title": "5.2. CollectedClientAdditionalPaymentData Dictionary"}, {"refs": [{"id": "ref-for-dictdef-collectedclientdata\u2464"}, {"id": "ref-for-dictdef-collectedclientdata\u2465"}, {"id": "ref-for-dictdef-collectedclientdata\u2466"}], "title": "10.1.1. Login Attack"}, {"refs": [{"id": "ref-for-dictdef-collectedclientdata\u2467"}, {"id": "ref-for-dictdef-collectedclientdata\u2468"}], "title": "10.1.2. Payment Attack"}], "external": true};
Expand All @@ -3152,9 +3162,11 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
window.dfnpanelData['5a486d64'] = {"dfnID": "5a486d64", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-authenticatorselection", "dfnText": "authenticatorSelection", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2460"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2461"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['0624097e'] = {"dfnID": "0624097e", "url": "https://w3c.github.io/webauthn/#dom-collectedclientdata-challenge", "dfnText": "challenge (for CollectedClientData)", "refSections": [{"refs": [{"id": "ref-for-dom-collectedclientdata-challenge"}], "title": "8.1. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-dom-collectedclientdata-challenge\u2460"}], "title": "10.1.1. Login Attack"}, {"refs": [{"id": "ref-for-dom-collectedclientdata-challenge\u2461"}], "title": "10.1.2. Payment Attack"}], "external": true};
window.dfnpanelData['7a83f58e'] = {"dfnID": "7a83f58e", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-challenge", "dfnText": "challenge (for PublicKeyCredentialRequestOptions)", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge"}], "title": "1.1.1. Cryptographic evidence of transaction confirmation"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge\u2460"}], "title": "4.1.11. Steps to respond to a payment request"}], "external": true};
window.dfnpanelData['853b63e3'] = {"dfnID": "853b63e3", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname", "dfnText": "displayName", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialuserentity-displayname"}], "title": "3. Registration"}], "external": true};
window.dfnpanelData['af57cf45'] = {"dfnID": "af57cf45", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-extensions", "dfnText": "extensions", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-extensions"}], "title": "4.1.11. Steps to respond to a payment request"}], "external": true};
window.dfnpanelData['82de8c4b'] = {"dfnID": "82de8c4b", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-id", "dfnText": "id", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialdescriptor-id"}], "title": "4.1.11. Steps to respond to a payment request"}], "external": true};
window.dfnpanelData['447b180f'] = {"dfnID": "447b180f", "url": "https://w3c.github.io/webauthn/#dom-authenticatortransport-internal", "dfnText": "internal", "refSections": [{"refs": [{"id": "ref-for-dom-authenticatortransport-internal"}], "title": "4.1.11. Steps to respond to a payment request"}], "external": true};
window.dfnpanelData['5f03b645'] = {"dfnID": "5f03b645", "url": "https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name", "dfnText": "name", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialentity-name"}, {"id": "ref-for-dom-publickeycredentialentity-name\u2460"}], "title": "3. Registration"}], "external": true};
window.dfnpanelData['221df805'] = {"dfnID": "221df805", "url": "https://w3c.github.io/webauthn/#dom-collectedclientdata-origin", "dfnText": "origin", "refSections": [{"refs": [{"id": "ref-for-dom-collectedclientdata-origin"}], "title": "8.1. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-dom-collectedclientdata-origin\u2460"}], "title": "10.1.1. Login Attack"}, {"refs": [{"id": "ref-for-dom-collectedclientdata-origin\u2461"}], "title": "10.1.2. Payment Attack"}], "external": true};
window.dfnpanelData['2c8910a4'] = {"dfnID": "2c8910a4", "url": "https://w3c.github.io/webauthn/#dom-authenticatorattachment-platform", "dfnText": "platform", "refSections": [{"refs": [{"id": "ref-for-dom-authenticatorattachment-platform"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['a7e81336'] = {"dfnID": "a7e81336", "url": "https://w3c.github.io/webauthn/#dom-residentkeyrequirement-preferred", "dfnText": "preferred", "refSections": [{"refs": [{"id": "ref-for-dom-residentkeyrequirement-preferred"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
Expand Down

0 comments on commit 83eb46e

Please sign in to comment.