Skip to content

Commit

Permalink
Merge pull request #257 from w3c/iana-considerations
Browse files Browse the repository at this point in the history
SHA: 6c20660
Reason: push, by ianbjacobs

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
  • Loading branch information
ianbjacobs and github-actions[bot] committed Aug 22, 2023
1 parent 50ddfda commit ce1aa67
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
<meta content="width=device-width, initial-scale=1, shrink-to-fit=no" name="viewport">
<title>Secure Payment Confirmation</title>
<meta content="w3c/ED" name="w3c-status">
<meta content="Bikeshed version d29f71adb, updated Wed Jul 19 11:08:56 2023 -0700" name="generator">
<meta content="Bikeshed version 6edc88947, updated Thu Aug 17 11:18:09 2023 -0700" name="generator">
<link href="https://www.w3.org/TR/secure-payment-confirmation/" rel="canonical">
<meta content="509ee15f764e7892ba14e4293b23fc66f00a8a68" name="document-revision">
<meta content="6c20660e319148e643c85911888ef3f0351233fc" name="document-revision">
<style>/* Boilerplate: style-autolinks */
.css.css, .property.property, .descriptor.descriptor {
color: var(--a-normal-text);
Expand Down Expand Up @@ -785,7 +785,7 @@
<div class="head">
<p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
<h1 class="p-name no-ref" id="title">Secure Payment Confirmation</h1>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-07-31">31 July 2023</time></p>
<p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-08-22">22 August 2023</time></p>
<details open>
<summary>More details about this document</summary>
<div data-fill-with="spec-metadata">
Expand Down Expand Up @@ -926,6 +926,7 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
</ol>
<li><a href="#sctn-accessibility-considerations"><span class="secno">12</span> <span class="content">Accessibility Considerations</span></a>
<li><a href="#sctn-i18n-considerations"><span class="secno">13</span> <span class="content">Internationalization Considerations</span></a>
<li><a href="#sctn-iana-considerations"><span class="secno">14</span> <span class="content">IANA Considerations</span></a>
<li>
<a href="#w3c-conformance"><span class="secno"></span> <span class="content">Conformance</span></a>
<ol class="toc">
Expand Down Expand Up @@ -2358,6 +2359,20 @@ <h2 class="heading settled" data-level="13" id="sctn-i18n-considerations"><span
when inserting them into the user interface. They should set the
direction when it is known, or default to first-strong ("auto")
when it is not.</p>
<h2 class="heading settled" data-level="14" id="sctn-iana-considerations"><span class="secno">14. </span><span class="content">IANA Considerations</span><a class="self-link" href="#sctn-iana-considerations"></a></h2>
<p>This section adds the below-listed <a data-link-type="dfn" href="https://w3c.github.io/webauthn/#extension-identifier" id="ref-for-extension-identifier">extension identifier</a> to the IANA "WebAuthn Extension Identifiers" registry <a data-link-type="biblio" href="#biblio-iana-webauthn-registries" title="Registries for Web Authentication (WebAuthn)">[IANA-WebAuthn-Registries]</a> established by <a data-link-type="biblio" href="#biblio-rfc8809" title="Registries for Web Authentication (WebAuthn)">[RFC8809]</a>.</p>
<ul>
<li data-md>
<p>WebAuthn Extension Identifier: payment</p>
<li data-md>
<p>Description: This extension supports the following functionality defined by the Secure Payment Confirmation API: (1) it allows credential creation in a cross-origin iframe (2) it allows a party other than the Relying Party to use the credential to perform an authentication ceremony on behalf of the Relying Party, and (3) it allows the browser to identify and cache Secure Payment Confirmation credentials. For discussion of important ways in which SPC differs from Web Authentication, see in particular <a href="#sctn-security-considerations">§ 10 Security Considerations</a> and <a href="#sctn-privacy-considerations">§ 11 Privacy Considerations</a></p>
<li data-md>
<p>Specification Document: Section <a href="#sctn-payment-extension-registration">§ 5 WebAuthn Extension - "payment"</a> of this specification</p>
<li data-md>
<p>Change Controller: <a href="https://www.w3.org/groups/wg/payments">W3C Web Payments Working Group</a></p>
<li data-md>
<p>Notes: Registration follows <a href="https://www.w3.org/2023/05/03-webauthn-minutes#t01">3 May 2023 discussion</a> with the Web Authentication Working Group.</p>
</ul>
</main>
<div data-fill-with="conformance">
<h2 class="no-ref no-num heading settled" id="w3c-conformance"><span class="content">Conformance</span><a class="self-link" href="#w3c-conformance"></a></h2>
Expand Down Expand Up @@ -2585,6 +2600,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
<li><span class="dfn-paneled" id="88ae1d28">client extension</span>
<li><span class="dfn-paneled" id="e4d7113a">credential id</span>
<li><span class="dfn-paneled" id="3781d718">discoverable credential</span>
<li><span class="dfn-paneled" id="b6a00a38">extension identifier</span>
<li><span class="dfn-paneled" id="fe1cbc76">public key credential</span>
<li><span class="dfn-paneled" id="5d6beb3a">registration extension</span>
<li><span class="dfn-paneled" id="77a62788">relying party</span>
Expand Down Expand Up @@ -2668,6 +2684,8 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
<dd>Anne van Kesteren; et al. <a href="https://html.spec.whatwg.org/multipage/"><cite>HTML Standard</cite></a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
<dt id="biblio-i18n-glossary">[I18N-GLOSSARY]
<dd>Richard Ishida; Addison Phillips. <a href="https://w3c.github.io/i18n-glossary/"><cite>Internationalization Glossary</cite></a>. URL: <a href="https://w3c.github.io/i18n-glossary/">https://w3c.github.io/i18n-glossary/</a>
<dt id="biblio-iana-webauthn-registries">[IANA-WebAuthn-Registries]
<dd><a href="https://www.rfc-editor.org/rfc/rfc8809.html"><cite>Registries for Web Authentication (WebAuthn)</cite></a>. URL: <a href="https://www.rfc-editor.org/rfc/rfc8809.html">https://www.rfc-editor.org/rfc/rfc8809.html</a>
<dt id="biblio-image-resource">[IMAGE-RESOURCE]
<dd>Aaron Gustafson; Rayan Kanso; Marcos Caceres. <a href="https://w3c.github.io/image-resource/"><cite>Image Resource</cite></a>. URL: <a href="https://w3c.github.io/image-resource/">https://w3c.github.io/image-resource/</a>
<dt id="biblio-infra">[INFRA]
Expand All @@ -2680,6 +2698,8 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
<dd>Marcos Caceres; Rouslan Solomakhin; Ian Jacobs. <a href="https://w3c.github.io/payment-request/"><cite>Payment Request API 1.1</cite></a>. URL: <a href="https://w3c.github.io/payment-request/">https://w3c.github.io/payment-request/</a>
<dt id="biblio-rfc2119">[RFC2119]
<dd>S. Bradner. <a href="https://datatracker.ietf.org/doc/html/rfc2119"><cite>Key words for use in RFCs to Indicate Requirement Levels</cite></a>. March 1997. Best Current Practice. URL: <a href="https://datatracker.ietf.org/doc/html/rfc2119">https://datatracker.ietf.org/doc/html/rfc2119</a>
<dt id="biblio-rfc8809">[RFC8809]
<dd>J. Hodges; G. Mandyam; M. Jones. <a href="https://www.rfc-editor.org/rfc/rfc8809"><cite>Registries for Web Authentication (WebAuthn)</cite></a>. August 2020. Informational. URL: <a href="https://www.rfc-editor.org/rfc/rfc8809">https://www.rfc-editor.org/rfc/rfc8809</a>
<dt id="biblio-url">[URL]
<dd>Anne van Kesteren. <a href="https://url.spec.whatwg.org/"><cite>URL Standard</cite></a>. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
<dt id="biblio-webauthn-3">[WEBAUTHN-3]
Expand Down Expand Up @@ -3114,6 +3134,7 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
window.dfnpanelData['88ae1d28'] = {"dfnID": "88ae1d28", "url": "https://w3c.github.io/webauthn/#client-extension", "dfnText": "client extension", "refSections": [{"refs": [{"id": "ref-for-client-extension"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['e4d7113a'] = {"dfnID": "e4d7113a", "url": "https://w3c.github.io/webauthn/#credential-id", "dfnText": "credential id", "refSections": [{"refs": [{"id": "ref-for-credential-id"}, {"id": "ref-for-credential-id\u2460"}], "title": "2. Terminology"}], "external": true};
window.dfnpanelData['3781d718'] = {"dfnID": "3781d718", "url": "https://w3c.github.io/webauthn/#discoverable-credential", "dfnText": "discoverable credential", "refSections": [{"refs": [{"id": "ref-for-discoverable-credential"}], "title": "2. Terminology"}], "external": true};
window.dfnpanelData['b6a00a38'] = {"dfnID": "b6a00a38", "url": "https://w3c.github.io/webauthn/#extension-identifier", "dfnText": "extension identifier", "refSections": [{"refs": [{"id": "ref-for-extension-identifier"}], "title": "14. IANA Considerations"}], "external": true};
window.dfnpanelData['fe1cbc76'] = {"dfnID": "fe1cbc76", "url": "https://w3c.github.io/webauthn/#public-key-credential", "dfnText": "public key credential", "refSections": [{"refs": [{"id": "ref-for-public-key-credential"}, {"id": "ref-for-public-key-credential\u2460"}], "title": "2. Terminology"}, {"refs": [{"id": "ref-for-public-key-credential\u2461"}], "title": "11.2. Probing for credential ids"}], "external": true};
window.dfnpanelData['5d6beb3a'] = {"dfnID": "5d6beb3a", "url": "https://w3c.github.io/webauthn/#registration-extension", "dfnText": "registration extension", "refSections": [{"refs": [{"id": "ref-for-registration-extension"}, {"id": "ref-for-registration-extension\u2460"}, {"id": "ref-for-registration-extension\u2461"}], "title": "5. WebAuthn Extension - \"payment\""}], "external": true};
window.dfnpanelData['77a62788'] = {"dfnID": "77a62788", "url": "https://w3c.github.io/webauthn/#relying-party", "dfnText": "relying party", "refSections": [{"refs": [{"id": "ref-for-relying-party"}, {"id": "ref-for-relying-party\u2460"}, {"id": "ref-for-relying-party\u2461"}, {"id": "ref-for-relying-party\u2462"}, {"id": "ref-for-relying-party\u2463"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-relying-party\u2464"}], "title": "1.1.1. Cryptographic evidence of transaction confirmation"}, {"refs": [{"id": "ref-for-relying-party\u2465"}], "title": "1.1.2. Registration in a third-party iframe"}, {"refs": [{"id": "ref-for-relying-party\u2466"}, {"id": "ref-for-relying-party\u2467"}, {"id": "ref-for-relying-party\u2468"}], "title": "1.1.3. Merchant control of authentication"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea"}, {"id": "ref-for-relying-party\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2461"}, {"id": "ref-for-relying-party\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2463"}], "title": "2. Terminology"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464"}], "title": "4. Authentication"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465"}], "title": "4.1.10. Displaying a transaction confirmation UX"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466"}, {"id": "ref-for-relying-party\u2460\u2467"}], "title": "5. WebAuthn Extension - \"payment\""}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468"}], "title": "5.2. CollectedClientAdditionalPaymentData Dictionary"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2460"}], "title": "6.1. PaymentCredentialInstrument Dictionary"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2463"}, {"id": "ref-for-relying-party\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2467"}, {"id": "ref-for-relying-party\u2461\u2468"}], "title": "8.1. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460"}], "title": "10.1. Cross-origin authentication ceremony"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461"}, {"id": "ref-for-relying-party\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2466"}, {"id": "ref-for-relying-party\u2462\u2467"}], "title": "10.1.1. Login Attack"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460"}], "title": "10.1.2. Payment Attack"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2462"}], "title": "10.2. Merchant-supplied authentication data"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2464"}], "title": "11.2. Probing for credential ids"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2468"}, {"id": "ref-for-relying-party\u2464\u24ea"}], "title": "11.3. Joining different payment instruments"}, {"refs": [{"id": "ref-for-relying-party\u2464\u2460"}, {"id": "ref-for-relying-party\u2464\u2461"}, {"id": "ref-for-relying-party\u2464\u2462"}], "title": "11.4. Credential ID(s) as a tracking vector"}], "external": true};
Expand Down

0 comments on commit ce1aa67

Please sign in to comment.