Re: Authority Objects applied to W3C Payment Specifications from Anders Rundgren on 2017-04-01 (public-payments-wg@w3.org from April 2017)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 1 Apr 2017 09:49:21 +0200
To: Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <130ac88c-29b3-f62e-ed61-fdf4383259f7@gmail.com>

On 2017-04-01 07:47, Adrian Hope-Bailie wrote:
> It's not clear to me what you are asking the WG to do here?

Well, it would awfully be cool if somebody in the WG (or elsewhere) took
some time verifying my claims that authority objects represent a
"Secure Light-weight Trust-delegation Mechanism" actually are correct.

The purpose of the system is fully documented. The example on
https://github.com/w3c/webpayments-methods-credit-transfer-direct-debit/issues/42#issuecomment-289415093
shows an application which I have used for development purposes
where authority objects play a pivotal role.

Anders

>
> On 19 March 2017 at 21:48, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     Hi All,
>
>     Since the chairs have requested "radio silence" during the F2F to not distract the WG, I take the liberty of posting a topic before you have actually started :-)
>
>     If you click on the URL https://mobilepki.org/webpay-payeebank/payees/86344 <https://mobilepki.org/webpay-payeebank/payees/86344> you will (assuming the server is up-and-running...) a Payee "Authority" object in HTML.
>
>     Authority objects represent a core functionality in the (in)famous Saturn payment authorization scheme but could be applied to specifications and drafts that have been published by the WG as well.
>
>     In the "scailine API" submitted by BCPE (https://api.scailine.org/ext/useCaseOnlinePisp.pdf <https://api.scailine.org/ext/useCaseOnlinePisp.pdf>) the need for Merchant PSPs directly signing "Shopping Carts" could be replaced by the Merchant rather including a URL to its authority object in the shopping cart object which the User's PSP subsequently can use for verifying the authenticity of the Merchant.
>
>     Applied to "tokenization" (https://w3c.github.io/webpayments/proposals/tokenized_cards.html <https://w3c.github.io/webpayments/proposals/tokenized_cards.html>), the whole TSP concept could be replaced by fully distributed Provider "Authority" objects offering encryption keys.
>
>     In Saturn the authority object concept is also used for enabling "Reverse Push Authorizations" which I claim (feel free challenging this!!!), greatly simplifies Wallets as well as opening the door to other payment related scenarios like Bookings, Automated Gas Stations, Secure Cards-on-File, Refunds, etc. without requiring native support for those in the underlying payment infrastructure.
>
>     Anders
>
>
>

Received on Saturday, 1 April 2017 07:49:58 UTC