The following evaluation is based on the FAST checklist.
Note: This checklist was created in August 2022 in preparation for Candidate Recommendation. Since that time, the Working Group made (or plans to make) two additional non-editorial changes regarding an opt-out feature and removal of a user activation requirement. January 2023 updates to this checklist take those changes into account.
SPC does not include any features that result in rendering content in a page.
When Secure Payment Confirmation is called at authentication time, the browser displays the following information in a transaction dialog owned by the browser:
- payeeName and/or payeeOrigin (both strings)
- instrument displayName and icon (an image or link to an image). The specification discusses how to use the displayName as alt text for the icon.
- Transaction total and currency (both strings).
- Instructions for requesting that the relying party forget stored authentication credentials ("opt-out"). This feature is optional in the API; by default no opt-out experience is shown in the transaction dialog.
N/A
N/A
- The transaction dialog includes browser-owned buttons to cancel, proceed with Web Authentication, or (optionally) to ask that the relying party forget stored authentication credentials.
- Accessibility considerations for WebAuthn are documented in that specification.
N/A
N/A
N/A
- SPC relies on the timeout parameter of Web Authentication.
- Relevant accessibility considerations for WebAuthn are documented in that specification.
- The SPC transaction dialog includes both an icon and string to help the user identify the relevant payment instrument.
N/A
N/A
N/A
N/A
N/A
N/A
- SPC relies on the user agent to generate a user interface (the transaction dialog). Previous review of Secure Payment Confirmation concluded there was no need to review the specification (issue 14) and the specification is largely the same since that review.
N/A