Contact emails slobo...@chromium.org, smcgr...@chromium.org, rous...@chromium.org
Explainer https://github.com/w3c/secure-payment-confirmation/issues/271 Specification https://pr-preview.s3.amazonaws.com/pejic/secure-payment-confirmation/pull/286.html Summary Adds an additional cryptographic signature over Secure Payment Confirmation assertions and credential creation. The corresponding private key is not synced across devices. This helps web developers meet requirements for device binding for payment transactions. Blink component Blink>Payments Motivation This feature amends to Secure Payment Confirmation to keep up with syncing passkeys and device requirements for online payments. The Browser Bound Keys feature adds device binding in the browser to enabling payment use cases where device binding is required. Initial public proposal https://github.com/w3c/secure-payment-confirmation/issues/271 TAG review None TAG review status Pending Risks Interoperability and Compatibility Browser bound keys are an additive feature for Secure Payment Confirmation, the risk is that other browser do not implement it. Gecko: No signal WebKit: No signal Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability Web developers should be able to inspect the new signature output which is defined in WebIDL, thus no changes are needed in devtools. Is this feature fully tested by web-platform-tests? No DevTrial instructions https://docs.google.com/document/d/1Wgx8MQG4GsdPErGPya7iMCbhw5NiSrLrNIoDPq2_P2s/edit?usp=sharing Flag name on about://flags enable-secure-payment-confirmation-browser-bound-key Finch feature name SecurePaymentConfirmationBrowserBoundKeys Requires code in //chrome? False Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5106102997614592?gate=5162046825693184 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68093084.170a0220.15e62e.01e5.GAE%40google.com.
