You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is issue is here to track progress on a use case that was highlighted during the Web Payments Security Interest group meetings at TPAC.
The use case is as follows:
When a merchant initiates a card transaction using 3DS they will get back a URL which they will render in an iframe. This content is hosted by the user's card issuer (or their behalf) in a system called the ACS.
The user provides some interaction with the ACS-hosted content through which they authenticate themselves (and authorise the transaction).
The user interaction may involve providing an OTP that was sent to the user via another channel (e.g. SMS) or providing a biometric credential etc.
Current notes/challenges with this case are:
The ability to invoke Payment Request from within the iframe
The ability to invoke webAuthN from within the iframe
The need for the PR API to be invoked by the ACS (as opposed to the merchant which is the original intent
We are not currently working on a 3DS-specific payment method. Instead we've taken up SRC as an umbrella; see: https://github.com/w3c/src/wiki
I think this issue is mostly for us to track Web Authentication version 2 capabilities with respect to some use cases where PR API or authentication are called from iframes.
This is issue is here to track progress on a use case that was highlighted during the Web Payments Security Interest group meetings at TPAC.
The use case is as follows:
Current notes/challenges with this case are:
cc @rsolomakhin @ianbjacobs @jeremywagemans @btidor-stripe
The text was updated successfully, but these errors were encountered: