- From: Adrian Hope-Bailie <adrian@hopebailie.com>
- Date: Tue, 17 Nov 2015 16:48:23 +0200
- To: Jeffrey Burdges <jeffrey.burdges@inria.fr>
- Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-ID: <CA+eFz_+t_4+-sDJgCGTNr+-_0zbN=HRs_5Gs3yHEFe6x1uid1Q@mail.gmail.com>
Hi Jeffrey, Welcome! Great to have another open payment scheme join the group, it helps us to validate our architecture against as many schemes as possible. I have followed Taler for a little while and think that your payment flow will fit happily into the flows we are proposing in the WG. I'd also be very interested to figure out how Taler and the Interledger protocol (http://interledger.org) may compliment one another. Adrian On 17 November 2015 at 14:57, Jeffrey Burdges <jeffrey.burdges@inria.fr> wrote: > > Hello, > > I'm sending a message to introduce myself, as I've only just recently > joined the payment's groups. About myself : > > I'm working for GNU Taler at INRIA in Rennes, France. > > Taler is a transaction system based on blind signing that provides > anonymity for buyers, but supports taxation by not providing sellers > with any anonymity. It supports giving change and refunds anonymously > too. You'll find more information available at : > http://taler.net > http://grothoff.org/christian/taler-draft.pdf > https://taler.net/developers > http://api.taler.net/ > > We're involved with the group to help ensure that Taler is as > compatible as possible with the emerging payment standard. We're > interested in helping to review the broader standard for privacy > concerns too of course. > > As a starter, there are two specific concerns I'm happy to discuss : > > First, there are several young payment methods, including Taler, that > do not require any identity information from users when making > purchases. These payment methods usually exhibit the physical wallet > -like security property that users' risks are limited by virtue of the > fact that they carry only a limited amount in their wallet at any given > time. Frequently, these scheme also exhibit the wallet-like properties > that merchants and/or payment system providers incur little or no risks > at all. We hope that such "true wallet" systems are treated as first > class citizens along with the legacy payment schemes that require user > identification for payment and thus incur higher risks. > > Second, we've built a browser plugin that handles interactions with > Taler mints and merchants. At present, we're notifying the DOM of > purchase confirmation pages, as this greatly improves the user > experience. We consider this problematic however because it > potentially leaks 1 bit of information to the merchant, namely the fact > that our plugin is installed. That's okay if only one payment plugin > does this, but it rapidly becomes a privacy threat if many commonly > used options do so. Ideally, we'd prefer a mechanism through which all > payment plugins could modify the DOM so that they appeared integrated > with the payment page, while ensuring that javascript on the page could > not communicate the available payment options back to the merchant. > > Thank you and I look forward to working with you, > Jeff > > p.s. We'll have the whole team at 32c3 in Hamburg and I'll be at RWC > at Stanford if anyone wants to meet in person. > >
Received on Tuesday, 17 November 2015 14:48:52 UTC