Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/w3c/secure-payment-confirmation

Secure Payment Confirmation (SPC)
https://github.com/w3c/secure-payment-confirmation

3ds payment-handler payment-request public-key webauthn

Last synced: about 1 month ago
JSON representation

Secure Payment Confirmation (SPC)

Host: GitHub
URL: https://github.com/w3c/secure-payment-confirmation
Owner: w3c
License: other
Created: 2020-07-24T13:03:59.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-08-13T18:26:47.000Z (3 months ago)
Last Synced: 2024-09-30T07:01:28.124Z (about 1 month ago)
Topics: 3ds, payment-handler, payment-request, public-key, webauthn
Language: Bikeshed
Homepage: https://w3c.github.io/secure-payment-confirmation/
Size: 3.7 MB
Stars: 113
Watchers: 33
Forks: 40
Open Issues: 26
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
- Security: security-privacy-questionnaire.md

Awesome Lists containing this project

README

        # Secure Payment Confirmation

Secure Payment Confirmation (SPC) is a Web API to support streamlined

authentication during a payment transaction. It is designed to scale

authentication across merchants, to be used within a wide range of

authentication protocols, and to produce cryptographic evidence that the user

has confirmed transaction details. The [W3C Web Payments Working

Group](https://www.w3.org/Payments/WG/) is developing SPC.

Links:

- [Explainer](explainer.md)

- [Specification](https://w3c.github.io/secure-payment-confirmation/) ([spec.bs](spec.bs))

- [Use Cases](scope.md#user-stories)

- [Requirements](requirements.md)

- [Tests](https://wpt.fyi/results/secure-payment-confirmation?label=master&label=experimental&aligned)

![Screenshot](payment.png)

## FAQ

### Q. Who can validate the SPC response besides the actual Relying Party (RP)?

An SPC challenge bundles transaction details with transaction-specific dynamic data from the Relying Party. An SPC response includes a signature over that challenge. Validation in SPC refers to the verification of that signature using the credential public key. A Relying Party can choose to share the credential public key with another party (e.g., a card network or payment service provider) via out-of-band communication to enable that party to validate the SPC assertion.

## Acknowledgements

Contributors:

* Adrian Hope-Bailie (Coil)

* Benjamin Tidor (Stripe)

* Danyao Wang (Google)

* Christiaan Brand (Google)

* Rouslan Solomakhin (Google)

* Nick Burris (Google)

* Gerhard Oosthuizen (Entersekt)