w3cping / privacy-request

tracking privacy reviews of W3C specifications
10 stars 2 forks source link

Secure Payment Confirmation 2022-08-11 > 2022-09-16 #101

Closed ianbjacobs closed 2 years ago

ianbjacobs commented 2 years ago

In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.

Next transition is to Candidate Recommendation, expected mid-September 2022.

I believe the most recent PING review (leading to issues) of the specification was around October 2021. Our most recent joint discussion of issues took place on 4 May 2022: https://www.w3.org/2022/05/04-wpwg-minutes.html#t02

Here are the list of changes to the specification since the original October 2021 PING review: https://github.com/w3c/secure-payment-confirmation/compare/8c18586..7204dc0d#diff-6f5a1d8263b0b0c42e2716ba5750e3652e359532647ac934c1c70086ae3cedda

(Sorry, in addition to showing a diff for the source file (spec.bs) that diff shows other files as well that are not relevant here.)

Yes: https://www.w3.org/TR/2022/WD-secure-payment-confirmation-20220810/#sctn-privacy-considerations

https://github.com/w3c/secure-payment-confirmation/blob/main/security-privacy-questionnaire.md

Other comments:

There is one remaining open issue (#154 [1]) from previous PING review. Given the current SPC design, it is not likely that the SPC specification itself will have anything to say on this topic. We have left the issue open as part of our ongoing discussion with the Web Authentication Working Group, but I do not anticipate that we will make changes to version 1 of SPC related to this topic before requesting to advance to Candidate Recommendation.

[1] https://github.com/w3c/secure-payment-confirmation/issues/154

samuelweiler commented 2 years ago

I'm fine with pushing 154 to after-v1; that's the last remaining privacy-needs-resolution item, so no objection to the CR.