search

w3c / security-request

Horizontal review requests will be made via issues in this repo.
4 stars 4 forks source link

Secure Payment Confirmation 2023-01-11 > 2023-02-01 #47

Open ianbjacobs opened 1 year ago

ianbjacobs commented 1 year ago

In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.

In August 2022 the Web Payments Working Group requested pre-Candidate Recommendation horizontal review of Secure Payment Confirmation (SPC). All reviews led to satisfactory outcomes. We have not received formal review in this form; see our original request: https://github.com/w3c/security-request/issues/14 Since August 2022, the Web Payments Working Group has made or plans to make two non-editorial changes to the specification that we seek to include in the forthcoming Candidate Recommendation: * The addition of an opt-out feature, requested by developers to help satisfy GDPR requirements. For background, see [issue 172](https://github.com/w3c/secure-payment-confirmation/issues/172) and the resulting [changes to the specification](https://github.com/w3c/secure-payment-confirmation/pull/215). Experimentation with this feature has demonstrated its utility to at least one organization that has experimented with SPC. * The expected removal of a requirement that the user agent consume a user activation during authentication. For background, see [issue 216](https://github.com/w3c/secure-payment-confirmation/issues/216), including the Chrome Team's security and privacy consideration notes. Although we have not yet updated the specification to remove the user activation requirement, we seek your review at this time. We would anticipate the actual change to the specification to be small (and it would include the security and privacy considerations).