Re: Payment Protected Resources -- Using HTTP 402

On 27 May 2014 20:08, Andrei Sambra <andrei.sambra@gmail.com> wrote:

> Hi Melvin,
>
>
> On Tue, May 27, 2014 at 1:23 PM, Melvin Carvalho <melvincarvalho@gmail.com
> > wrote:
>
>> Many of us are now using web ACLs on a regular basis.
>>
>> A rule may look like:
>>
>> <>
>>     <http://www.w3.org/ns/auth/acl#accessTo> <.>, <> ;
>>     <http://www.w3.org/ns/auth/acl#agent> <http://melvincarvalho.com/#me>
>> ;
>>     <http://www.w3.org/ns/auth/acl#mode> <
>> http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>
>> .
>>
>> This essentially says that my user ID can have read and write access to
>> the named resource.
>>
>> I thought it might be an interesting idea to extend this type of access
>> control to allow payment protected resources.
>>
>> So each server will maintain a balance for each user, as is typical with
>> many commercial business models these days.
>>
>> If the user does not have any credit the server will return a 402 HTTP
>> response code, explaining the cost of the item and how they can top up
>> their balance.  This could either be via a traditional payment method such
>> as Euros, or, say, via a balance in crypto currencies, or as part of a
>> loyalty / reward scheme that the web site issues.
>>
>> I'm wondering if we can extend the vocab we have to add payments?
>>
>> Perhaps a simple way would be to subclass #accessTo with #paidAccessTo
>>
>
> Why do you want to extend the WAC vocabulary? Why not just define that
> relation outside WAC -- maybe in a Web payments vocabulary -- and instead
> use it together with WAC?
>

Sure, it's not a big deal where exactly the predicate lives, more about
what it will do.

I referenced WAC because it might make sense to use owl:subClassOf
http://www.w3.org/ns/auth/acl#accessTo


> You also have to consider servers that do not do Web payments. How would
> they interpret that rule if I switch from a server supporting this feature
> to a server that does not support it?
>

Great question.

So if I dropped this rule in today, it would probably be ignored by systems
that did not support payments.  I think that's fine.

So if I write a system that supports payments, I think it would perhaps
have to merge the two rules together to work out that a resource is payment
protected?

I'm unsure the best way, so was hoping to brain storm ideas ...


>
> -- Andrei
>
>
>>
>> Then have in the ACL rule a simple payment amount (or rule)
>>
>> Then say something like:
>>
>> <#amount>  0.001^^BTC
>>
>> Anyone have any thoughts on whether this could be implemented?
>>
>
>

Received on Tuesday, 27 May 2014 21:31:05 UTC