← Back to release summary

Secure Payment Confirmation: Browser Bound Keys

Category

Miscellaneous

Type

New or changed feature

Status

Proposed (Chrome Proposed)

Intent stage

None

Summary

Adds an additional cryptographic signature over Secure Payment Confirmation assertions and credential creation. The corresponding private key is not synced across devices. This helps web developers meet requirements for device binding for payment transactions.

Motivation

This feature amends to Secure Payment Confirmation to keep up with syncing passkeys and device requirements for online payments. The Browser Bound Keys feature adds device binding in the browser to enabling payment use cases where device binding is required.

Standards & signals

• Specification: https://w3c.github.io/secure-payment-confirmation/#sctn-browser-bound-key-store
• Firefox: No signal — Firefox have never finalized their view on SPC, so we updated the original SPC issue with a note on this additional capability.
• Safari: No signal — Safari have never finalized their view on SPC, so we updated the original SPC issue with a note on this additional capability.
• Web developers: No signals
• Tracking bug: https://issues.chromium.org/issues/377278827

Docs: https://github.com/w3c/secure-payment-confirmation/issues/271 https://github.com/w3c/secure-payment-confirmation/pull/286 https://github.com/w3c/secure-payment-confirmation/pull/296

Samples: https://rsolomakhin.github.io/pr/spc-sync

Explainers: https://github.com/w3c/secure-payment-confirmation/issues/271

View on chromestatus.com