Goosth

Thanks @stephenmcgruer. The 3p powers is definitely the one that may cause the most concern for Relying parties. We've seen recently with 'Delegated Auth' that some Banks are not that...

SPC brings 3 things: Cryptographic proof, Payment specific display and Cross Domain ability. From @adrianhopebailie's comments it seems that `navigator.credentials.get(...)` will be able to provide a payment specific display. By...

Thanks Stephen, Yes, I support this proposal. From: Stephen McGruer ***@***.***> Sent: Wednesday, 22 June 2022 23:19 To: w3c/secure-payment-confirmation ***@***.***> Cc: Subscribed ***@***.***> Subject: Re: [w3c/secure-payment-confirmation] Supporting roaming authenticators (#12)...

We have to find the right balance of friction. We're all in agreement that the payment must be confirmed by the user before the cryptogram will be returned. It cannot...

Thanks for the clarification here @danyao. So are we then saying that something like the following will happen - The end user will make a final field selection (eg. shipping...

I would add to this that if the Relying party indicates it's preference for 2FA (Biometric/PIN + possession), the user or merchant should not be able to waive that. They...

EMVCo published a set of UX guidelines: * https://3ds-ux-guidelines.emvco.com/ Not sure if this has yet been updated for 3DS 2.3, but it's a good start. From: ianbjacobs ***@***.***> Sent: Saturday,...

Thanks for a great writeup Stephen. You raise some very valid points. This is a very important discussion that will have long term implications. There's an innate difference between a...