You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clarify that RP can use its own credentials even if extension not specified (#272)
Make clear that an RP should be able to use its own credentials even if payment extension not specified.
---------
Co-authored-by: Stephen McGruer <[email protected]>
Copy file name to clipboardExpand all lines: scope.md
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -112,7 +112,7 @@ Note: This use case intends to capture the "in-transaction registration" use cas
112
112
113
113
#### EMV® Secure Remote Commerce (SRC) System as Relying Party
114
114
115
-
* Alice checkouts on a merchant web site with SRC, which triggers the SRC Digital Card Facilitator (DCF) to be displayed. The SRC DCF asks whether she wants to use biometric authentication to streamline payment. She agrees and SRC DCF redirects her to her bank where she goes through an ID&V process with her bank for the credit card she wishes to use.
115
+
* Alice checkouts on a merchant web site with SRC, which triggers the SRC Digital Card Facilitator (DCF) to be displayed. The SRC DCF asks whether she wants to use biometric authentication to streamline payment. She agrees and SRC DCF redirects her to her bank where she goes through an Identity and Verification (ID&V) process with her bank for the credit card she wishes to use.
116
116
* As an alternative, Alice visits her bank, authenticates to her bank, registers into biometric authentication, and selects card(s) that she wants to make available to SRC. The bank (the Relying Party) shares the authentication credential with the SRC System.
117
117
* The following week Alice checkouts with a merchant enabled with SRC. The SRCi/DCF prompts Alice to do biometric authentication. The SRC System reviews the authentication results, and the bank authorizes the transaction.
118
118
@@ -187,7 +187,7 @@ These use cases represent additional considerations, some of which (e.g., unregi
187
187
#### Merchant as Relying Party
188
188
189
189
* Alice logs into her favorite merchant using a merchant proprietary mechanism or using biometric authentication.
190
-
* The merchant asks Alice if she wants to use biometric authentication to streamline payment. She agrees and goes through an ID&V process with her bank for the credit card she wishes to use. (The merchant may decide to perform IDamp;&V during the checkout or outside of the checkout.)
190
+
* The merchant asks Alice if she wants to use biometric authentication to streamline payment. She agrees and goes through an ID&V process with her bank for the credit card she wishes to use. (The merchant may decide to perform ID&V during the checkout or outside of the checkout.)
191
191
* The merchant is the relying party for this authentication credential, and shares authentication data with Alice’s bank and/or payment network to allow for partial or full validation of authentication results in subsequent checkouts.
192
192
* The following week Alice checks out on the merchant site and is prompted by the merchant to do biometric authentication. The merchant uses SPC then shares authentication results with Alice’s bank and/or payment network, which reviews the data. The bank authorizes the transaction.
193
193
@@ -220,7 +220,7 @@ priority:
220
220
221
221
## Out of Scope
222
222
223
-
* ID & V to establish real world identity during registration.
223
+
* ID&V to establish real world identity during registration.
224
224
* Use cases for peer-to-peer payments or business-to-business transactions.
1. If the |data|["{{SecurePaymentConfirmationRequest/rpId}}"] is
808
+
not the [=origin=] of the [=relevant settings object=] of |request|,
809
+
run the [=steps to silently determine if a credential is SPC-enabled=], passing in |data|["{{SecurePaymentConfirmationRequest/rpId}}"] and |id|. If the result is `false`, remove |id| from |data|["{{SecurePaymentConfirmationRequest/credentialIds}}"].
807
810
808
811
1. If |data|["{{SecurePaymentConfirmationRequest/credentialIds}}"] is now empty,
809
812
return `false`. The user agent must maintain
@@ -1667,4 +1670,3 @@ This section adds the below-listed [=extension identifier=] to the IANA "WebAuth
1667
1670
- Specification Document: Section [[#sctn-payment-extension-registration]] of this specification
1668
1671
- Change Controller: [W3C Web Payments Working Group](https://www.w3.org/groups/wg/payments)
1669
1672
- Notes: Registration follows [3 May 2023 discussion](https://www.w3.org/2023/05/03-webauthn-minutes#t01) with the Web Authentication Working Group.
0 commit comments