From dd14bfa745532240752b73d5f23fe99e3af7def6 Mon Sep 17 00:00:00 2001 From: Stephen McGruer Date: Wed, 10 Aug 2022 14:29:42 -0400 Subject: [PATCH] [Spec] Rename rp --> rpId in CollectedClientAdditionalPaymentData To align with WebAuthn, we should use the term rpId here. This is a breaking change, but implementations can mitigate the breakage by continuing to include the old 'rp' name going forwards. See https://github.com/w3c/secure-payment-confirmation/issues/191 --- spec.bs | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/spec.bs b/spec.bs index d75e768..63f7150 100644 --- a/spec.bs +++ b/spec.bs @@ -770,7 +770,7 @@ The [=steps to respond to a payment request=] for this payment method, for a giv : {{AuthenticationExtensionsPaymentInputs/isPayment}} :: The boolean value `true`. - : {{AuthenticationExtensionsPaymentInputs/rp}} + : {{AuthenticationExtensionsPaymentInputs/rpId}} :: |data|["{{SecurePaymentConfirmationRequest/rpId}}"] : {{AuthenticationExtensionsPaymentInputs/topOrigin}} :: |topOrigin| @@ -872,7 +872,7 @@ directly; for authentication the extension can only be accessed via boolean isPayment; // Only used for authentication. - USVString rp; + USVString rpId; USVString topOrigin; DOMString payeeName; USVString payeeOrigin; @@ -887,7 +887,7 @@ directly; for authentication the extension can only be accessed via
**TODO**: Find a better way to do this. Needed currently because other members are auth-time only.
- : rp member + : rpId member :: The [=Relying Party=] id of the credential(s) being used. Only used at authentication time; not registration. : topOrigin member @@ -989,8 +989,8 @@ directly; for authentication the extension can only be accessed via 1. {{CollectedClientPaymentData/payment}} set to a new {{CollectedClientAdditionalPaymentData}} whose fields are: - : {{CollectedClientAdditionalPaymentData/rp}} - :: |extension_inputs|["{{AuthenticationExtensionsPaymentInputs/rp}}"] + : {{CollectedClientAdditionalPaymentData/rpId}} + :: |extension_inputs|["{{AuthenticationExtensionsPaymentInputs/rpId}}"] : {{CollectedClientAdditionalPaymentData/topOrigin}} :: |extension_inputs|["{{AuthenticationExtensionsPaymentInputs/topOrigin}}"] : {{CollectedClientAdditionalPaymentData/payeeName}} @@ -1036,7 +1036,7 @@ The {{CollectedClientPaymentData}} dictionary inherits from dictionary CollectedClientAdditionalPaymentData { - required USVString rp; + required USVString rpId; required USVString topOrigin; DOMString payeeName; USVString payeeOrigin; @@ -1049,9 +1049,13 @@ The {{CollectedClientAdditionalPaymentData}} dictionary contains the following fields: <dl dfn-type="dict-member" dfn-for="CollectedClientAdditionalPaymentData"> - : <dfn>rp</dfn> member + : <dfn>rpId</dfn> member :: The id of the [=Relying Party=] that created the credential. + NOTE: For historical reasons, some implementations may additionally + include this parameter with the name `rp`. The values of `rp` and + `rpId` must be the same if both are present. + : <dfn>topOrigin</dfn> member :: The origin of the top level context that requested to sign the transaction details. @@ -1173,7 +1177,7 @@ Confirmation, the [=Relying Party=] MUST proceed as follows: 1. After step 13, insert the following steps: - * Verify that the value of |C|["{{CollectedClientPaymentData/payment}}"]["{{CollectedClientAdditionalPaymentData/rp}}"] + * Verify that the value of |C|["{{CollectedClientPaymentData/payment}}"]["{{CollectedClientAdditionalPaymentData/rpId}}"] matches the [=Relying Party=]'s origin. * Verify that the value of |C|["{{CollectedClientPaymentData/payment}}"]["{{CollectedClientAdditionalPaymentData/topOrigin}}"]