Re: [payment agent] Payment architecture feature priorities from Dave Raggett on 2015-04-24 (public-webpayments-ig@w3.org from April 2015)

From: Dave Raggett <dsr@w3.org>
Date: Fri, 24 Apr 2015 10:33:04 +0100
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments IG <public-webpayments-ig@w3.org>
Message-Id: <0F7D574F-05F3-4B78-8A8F-43D6C11F442F@w3.org>

> On 24 Apr 2015, at 05:55, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> I took an action today to try and attempt to figure out how to
> prioritize payment architecture features and map them to use cases:
> 
> https://www.w3.org/Payments/IG/wiki/Payment_Architecture_Feature_Priorities <https://www.w3.org/Payments/IG/wiki/Payment_Architecture_Feature_Priorities>
Hi Manu,

Thanks, this is very helpful.  

One suggestion is not to rule out local apps for the initial charter.  W3C is seeking to close the gap with native, but this is a long term goal, and in the short term we should acknowledge that developers are likely to be attracted to native apps due to the richer capabilities available to native apps compared with web apps.  On both Android and iOS it is already possible to transfer from a web app to a native app. However, I am not clear on how a result can be returned to the originating web app.  This is not an insuperable barrier, as we could ensure that the payment request passes a URI to deliver the response to. The web app would then wait for a notification from the server. 

We wouldn’t need to provide a registration API for native apps, since the operating system will handle that for us automatically based upon the app’s manifest.  The same could be true for web based implementations.  The Web Apps WG is currently standardising a JSON based manifest for web apps.  A further possibility is via the web page markup, e.g. metadata declared in the HTML HEAD.

In respect to authentication for cloud based instruments, I am expecting W3C to launch a new group focusing on strong authentication.  Depending upon how far this has got, we may be able to cite a dependency on that group from our charter.

In respect to the requirement for a digital signature on the payment request (aka invoice in your terminology), I suspect that this may be dependent on specific payment instruments, and would like to understand this better. For instance, to validate a digital signature you need to have a pre-existing trust relationship.

I question whether the new WG would need to standardise the proof of payment as this would normally be defined by the standards applicable to each payment instrument. The same applies to the routing of requests from merchant sites to payment service providers.

Best regards,
—
   Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>

Received on Friday, 24 April 2015 09:33:09 UTC