Comments (6)
I would suggest that we should also consider other flows defined inside 3DS 2.0 as well, especially for cases where the current device has not yet been setup/registered for WebAuthn, but another device linked to this user, might have been setup.
This is a great solution for situations such as guest shopping, where the transaction is approved and signed for on a second device (typically a mobile phone the user has setup). So I would like to also explore
- How SPC can be used in conjunction with a secondary, Trusted device via Out of Band Authentication.
Note that we're not talking about an OTP of some form here, but rather the ability to reach out to a second device and activate the Authentication (e.g. a WebAuthn Platform Authenticator) on a second device that has been setup. if this is is something we can design in should achieve much higher adoption, since a user will not have to have their Fido Authenticator setup on all devices that they own.
Should we log that separately, or keep this as part of this ticket?
from secure-payment-confirmation.
That feels like a separate issue (and also independent of 3DS2). Want to raise a new one? We can discuss there. Thanks!
Ian
from secure-payment-confirmation.
Sure. Logged as #30 .
from secure-payment-confirmation.
Our current expectation is that 3DS v. 2.3 will answer this question. We'll finalize the issue resolution at that time.
from secure-payment-confirmation.
Labeled after-v1 based on 3 March 2022 WG discussion https://www.w3.org/2022/03/03-wpwg-minutes
from secure-payment-confirmation.
This is resolved by virtue of how SPC is integrated in 3DS 2.3; discussed at 23 June 2022 call
from secure-payment-confirmation.
Related Issues (20)
- i18n Review Checklist for Secure Payment Confirmation (headed to CR) HOT 1
- Broken "Object" xref in ยง Set SPC Transaction Mode HOT 2
- language and direction metadata needed? HOT 6
- Error example contains a hardcoded string HOT 1
- Term 'monkey-patch' may not be inclusive? HOT 1
- `DOMString` for `payeeName` vs. `USVString` for other fields? HOT 1
- Add locale hint for browser UX
- Proposal: Remove User Activation requirement for authentication HOT 1
- Use lowercase values in enum HOT 11
- Register SPC-related WebAuthn extensions in IANA registry HOT 8
- Broken references in Secure Payment Confirmation
- Example of `locale` member HOT 3
- I18N problem with displayName unresolved? HOT 3
- [PING] Only allow triggering authentication from a foreground tab HOT 4
- Broken references in Secure Payment Confirmation
- Broken references in Secure Payment Confirmation
- Add Support for Cross-Device Authentication HOT 2
- Implementing a time out for fallback UX HOT 1
- How will new passkey providers impact SPC HOT 1
- Latheef HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure-payment-confirmation.