The Web Payments Working Group is meeting on 10-11 November as part of TPAC 2025.

Registration

• Registration
• Who has registered

Agenda

See also the WPSIG agenda during TPAC.

Monday, 10 November 2025

SPC focus.

• 09:00-09:30: Welcome, intros, admin, state of the group, goals, dinner
• 09:30-10:30: SPC experimentation findings
  • Visa, Mastercard, possibly others
• 10:30-11:00: Break
• 11:00-12:30:
  • Possibly more findings from pilots
  • SPC implementation updates and authenticator discussion
    • Double step-up situation? (see issue 287 and issue 315)
    • Desktop
    • Other operating systems
• 12:30-13:45: Lunch
• 13:45-15:00: SPC use cases and issues
  • Support for multiple RPs in the Payment Request API for SPC
  • Can SPC be designed to grow to accommodate more use cases more easily? Examples:
    • Agentic
    • Proposal: Extending Payment Confirmation experience to include line items
    • Recurring (see issue 185)
    • This might also help as people think about SPC in light of emerging wallets and digital payment credentials (see wallet comparison)?
  • In general, how to encourage more experimentation of new ideas?
  • Single-factor authentication / registrationless authentication / SMS replacement
• 15:00-15:30: Break
• 15:30-16:00: SPC use cases and issues (continued)
  • Issue review
• 16:00-16:45: Priorities, activities, longer term plans

Followed by breakout sessions.

The Chairs anticipate a group dinner on Monday.

Tuesday, 11 November 2025

There will be breakout sessions before the group meeting starts

• 09:45-11:00: Digital wallets
  • Facilitated payment links (see comparison of wallet technologies)
    • TAG review issue 1015. (Are TAG members available for this discussion?)
    • Relation to payment handlers and DC API wallets
  • Payment request / payment handler
    • Improved error codes in Payment Request
    • Any implementation updates?
    • Any adoption update?
    • Any real-world demand for SPC in a payment handler?
    • Are any changes needed to support agentic payment scenarios?
    • Relation to DC API wallets?
  • Other topics
    • See also Thursday trust signals discussion.
• 11:00-11:30: Break
• 11:30-13:00: Payments in Japan
  • Japan governmental agencies on phishing-resistant MFA (Morimori for 15-20 minutes)
  • Survey of state of Japan payment industry, the status of interbank networks, and CBDCs (Takashi Minamii/JCB for 30 minutes)
  • Rakuten perspectives on ecommerce in Japan (Julien Cayzac / Rogerio Matsui) (30 minutes)
• 13:00-14:15: Lunch
• 14:15-15:00: Authentication and Payments
  • DBSC update (Daniel Rubery)
  • Fraud mitigation; what signals would be useful to merchants?
• 15:00-16:00 Joint meeting with Web Authentication WG (@@This start time to be confirmed by WebAuthn WG)
  • FIDO requirements for payments (Jean-Luc di Manno, 15 mins)
  • Passkeys and VCs (Tim Cappalli, 20 mins with discussion)
  • Passkeys and Agentic AI (Fahad Saleem, 15 mins with discussion)
• 16:00-16:30: Break
• 16:30-18:00: Joint meeting with Web Authentication WG
  • Short update on browser-bound key (BBK) enhancement to SPC (Ian? Stephen?)
  • SPC issues related to WebAuthn (Ian)
  • Multiple RPs
  • Status of immediate mediation (related to fallback UX)?
  • Passkey endpoints / existing WebAuthn well-known URL
    • Could this be used to reach out to RP during SPC call (cf. issue 287)?
  • Update on WebAuth L3 and L4 plans
  • Input from WPWG to WebAuthn discussion of L4 requirements
  • Authentication and payments (see also DBSC and WebBotAuth and HTTP SIG)

Candidate agenda items

SPC

• Authenticators
  • Should we add support for roaming authenticators for the specific case where they are plugged in?
• Other updates
  • 3DS updates (and relation, if any, to SPC)