How can SPC be used in conjunction with a frictionless 3DS flow? about secure-payment-confirmation HOT 6 CLOSED

I would suggest that we should also consider other flows defined inside 3DS 2.0 as well, especially for cases where the current device has not yet been setup/registered for WebAuthn, but another device linked to this user, might have been setup.

This is a great solution for situations such as guest shopping, where the transaction is approved and signed for on a second device (typically a mobile phone the user has setup). So I would like to also explore

• How SPC can be used in conjunction with a secondary, Trusted device via Out of Band Authentication.

Note that we're not talking about an OTP of some form here, but rather the ability to reach out to a second device and activate the Authentication (e.g. a WebAuthn Platform Authenticator) on a second device that has been setup. if this is is something we can design in should achieve much higher adoption, since a user will not have to have their Fido Authenticator setup on all devices that they own.

Should we log that separately, or keep this as part of this ticket?

from secure-payment-confirmation.

@Goosth,

That feels like a separate issue (and also independent of 3DS2). Want to raise a new one? We can discuss there. Thanks!
Ian

from secure-payment-confirmation.

Sure. Logged as #30 .

from secure-payment-confirmation.

Our current expectation is that 3DS v. 2.3 will answer this question. We'll finalize the issue resolution at that time.

from secure-payment-confirmation.

Labeled after-v1 based on 3 March 2022 WG discussion https://www.w3.org/2022/03/03-wpwg-minutes

from secure-payment-confirmation.

This is resolved by virtue of how SPC is integrated in 3DS 2.3; discussed at 23 June 2022 call

from secure-payment-confirmation.