- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 15 May 2012 22:56:33 -0400
- To: Web Payments <public-webpayments@w3.org>
- CC: David Raggett <dsr@w3.org>, Alan Bird <abird@w3.org>, Doug Schepers <schepers@w3.org>
Dave, Alan, Doug,
Pay particular attention to the Web Payments minutes from today as we
spent the telecon discussing a number of the questions that were raised
by Dave Raggett last week.
Thanks to Dave Longley for scribing! The minutes for today's telecon are
available here:
http://payswarm.com/minutes/2012-05-15/
Full text of the discussion follows for archival purposes at the W3C.
Audio of the meeting is available as well (link provided below).
--------------
Web Payments Community Group Telecon Minutes for 2012-05-15
Agenda:
http://lists.w3.org/Archives/Public/public-webpayments/2012May/0024.html
Topics:
1. Web Intents for Payment
2. State of the Art Review of Payments
3. Technologies Focused on in the Group
4. W3C Next Steps for Web Payment
Chair:
Manu Sporny
Scribe:
Dave Longley
Present:
Dave Longley, Manu Sporny, David I. Lehn
Audio:
http://payswarm.com/minutes/2012-05-15/audio.ogg
Dave Longley is scribing.
Manu Sporny: today's call is mostly about w3c's headlights
program for 2012 and what our position is on Dave Raggett's
questions
Manu Sporny: both Doug Schepers and Dave Raggett have asked us
to think about how web intents in payments would work
Manu Sporny: the other thing they've asked is for some kind of
review on the state of art for payments
Manu Sporny: we may follow up on what technologies we ought to
focus on and what the w3c should focus on over the next year on
webpayments
Manu Sporny: so we're going to discuss the direction to take,
etc.
Manu Sporny: any updates/changes to the agenda?
Dave Longley: nope
Topic: Web Intents for Payment
Manu Sporny:
http://www.w3.org/wiki/Payments_Task_Force#Payments_and_Web_Intents
Manu Sporny: first, the most "dangerous" thing that dave raggett
hinted at in his email
Manu Sporny: this is for web intents for payment
Manu Sporny: it seems a lot of people in the w3c think web
intents would go a far way in handling webpayments
Manu Sporny: without really covering interoperability
Manu Sporny: Dave Lehn, didn't you implement some web intents
stuff at some point?
David I. Lehn: i made a quick demo for buying images/etc...
stuff like that using the new scheme handler/registration stuff.
It had more to do with payment schemes, but it would more or less
work the same way.
Manu Sporny: the w3c is thinking of doing a demo with
webpayments with webintents
Manu Sporny: the idea is you get your payment provider from web
intents ...
Manu Sporny: but a lot of what payswarm does isn't in there
Manu Sporny: some of the w3c people don't seem to be aware of
this interoperabilty issue.
Dave Longley: A couple of thoughts - web intents are a good way
to pick your payment provider. [scribe assist by Manu Sporny]
Dave Longley: You visit your payment provider, and that site
registers for 'pay' web intent - you go to another site and the
browser's interface shows you that you can use visa, payswarm
provider, etc. to do that. In PaySwarm, how does the client pick
their PaySwarm provider? [scribe assist by Manu Sporny]
Dave Longley: We chose not to address this because BrowserID and
Web Intents were going to address it - works well for NASCAR
problem. It's fine when the website owner doesn't have a large
stake in what's going on... but when they want to sell a good or
a service, they need to receive money... fundamentally different
situation from login or photo preferences. Dealing with money
requires far more trust and security than photos. [scribe assist
by Manu Sporny]
David I. Lehn: The quick demo I tried was using
registerProtocolHandler API:
http://lists.w3.org/Archives/Public/public-webpayments/2011Oct/0013.html
Dave Longley: There must be a greater level of trust between
vendor and customer and payment provider - there are also two
payment providers involved, potentially. There are four parties
that need to trust each other, and two parties that need to
interoperate (from a financial standpoing). [scribe assist by
Manu Sporny]
Dave Longley: Vendors have to know how to mark up what they have
for sale - they need to be able to describe what they're offering
- what's the cost? Description of good/service? They need to know
that the customer's payment provider is going to process this in
the correct way. [scribe assist by Manu Sporny]
Dave Longley: Customers and payment providers need to know that
they're doing business with the appropriate party - that the
customer's payment provider is abiding by rules that the vendor
wants to enforce... if the correct amount isn't paid, you're
going to have a big problem. There needs to be some sort of
digital agreement/contract/receipt... when you are dealing with
those sorts of things, you need to check for authenticity.
[scribe assist by Manu Sporny]
Dave Longley: All of this stuff goes way beyond the simple
concept of web intents - you also need to care about privacy and
encryption... digital signatures. [scribe assist by Manu Sporny]
Dave Longley: All of this leads to some sort of PKI - we end up
introducing all of these technologies to establish trust - if we
are going to talk about Web Intents - we need to have a way to
list assets on a website - PaySwarm does that and we have a
vocabulary. [scribe assist by Manu Sporny]
Dave Longley: You need to be able to put this data on your site
- RDFa + JSON-LD is one way to do this - this is why we have this
in PaySwarm. Once you've done that, you need a way to encrypt and
decrypt data - AES and RSA in PaySwarm does that. [scribe assist
by Manu Sporny]
Dave Longley: Then you need to check the authenticity of
contracts/receipts - you need non-repudiation, you need to be
able to check digital signatures - RSA... basically a PKI... you
need all of these layers /in addition to/ Web Intents to have the
systems be interoperable. [scribe assist by Manu Sporny]
Dave Longley: Not only that, but the payment providers need to
interoperate or you have a centralized system - you need some
sort of payment provider whitelist - to ensure that payment
provider for the buyer can get money to payment provider for the
vendor. [scribe assist by Manu Sporny]
Dave Longley: If you don't have all of this stuff, you end up
with a centralized system... you have Google, PayPal, Amazon - no
room for smaller players, no room for interoperabilty between
bigger players. [scribe assist by Manu Sporny]
Manu Sporny: i agree, this is a good breakdown of the problems
that exist that aren't covered by Web Intents payments proposal.
Manu Sporny: we can argue that you don't need some of the things
on this list individually, but each time you do that, you take
away something fundamental from interoperablity or competition
... or you require centralization,etc.
Manu Sporny: any of these things take away from a basic
decentralized w3c web solution
Manu Sporny: we need to make this very clear in our response
that web intents is just the tip of the iceberg
Manu Sporny: to do payments correctly on the web there's more
that has to be done
Manu Sporny: my concern is people will come in an say "well, we
can get something working really quickly" and do something
centralized
Manu Sporny: but lay out a path to decentralization
Manu Sporny: the intention for this will be good but they could
easily be corrupted if a large company jumps in an stops that
process
Manu Sporny: i'm going to point doug schepers and dave raggett
at this discussion, perhaps they can ping the right people at
W3C.
Manu Sporny: they seem to be interested in how to do webpayments
in the browser, which is very important, but it's really the last
step in the whole process.
Dave Longley: I can see how you can look at existing systems and
shopping carts and come up with some UI that looks like it would
work - but you'd have the same silo problem that you have today
with payment providers - very important to solve the underlying
problems first before coming up with the perfect UI for a
browser. Web Intents solves the problem of popping up a UI, but
it doesn't solve any of the more important, back-end issues.
[scribe assist by Manu Sporny]
Manu Sporny: anything else before moving on?
Manu Sporny: ok, moving on
Topic: State of the Art Review of Payments
Manu Sporny:
http://www.w3.org/wiki/Payments_Task_Force#Brief_survey_of_existing_payment_services
Manu Sporny: typically the w3c creates an exploratory group to
see how/if they want to tackle a problem on the web and they
review all the existing relevant technologies
Manu Sporny: the group generates a report that indicates the
problems the standard can address and can't address ,etc.
Manu Sporny: so what i think dave raggett wanted is for a list
of payment providers to be created and then we'd search for a
common thread for standardizing between them.
Manu Sporny: we've been looking at this area for a long time,
maybe about 4 years, but the issue is that we haven't really
written our findings down...
Manu Sporny: we've done the work, we just didn't write the
report but we don't want to distract ourselves from the technical
work right now.
Manu Sporny: i indicated on the mailing list that it would be a
big distraction for us, but maybe someone else in the group could
volunteer.
Manu Sporny: in any case, the biggest problem is that all of the
payment providers listed are not interoperable, some of them only
work with visa or only mastercard, they each have their own APIs,
they aren't compatible with each other
Manu Sporny: some of them are in the spirit of payswarm (using
REST-based APIs) but they have other drawbacks - like you have to
be a cell network operator to implement their APIs
Manu Sporny: so there are many centralization problems here. I'm
hesitant to sign us up for doing work for writing a report on all
of this
David I. Lehn: who do they expect to do this work?
Manu Sporny: us (the community group)
Manu Sporny: the w3c is interested in webpayments, but they
don't have the W3C membership that would be interested in
webpayments, particularly if some large companies aren't
interested in interoperability
Manu Sporny: the people that are involved in payments (apple,
google, paypal) seem to want to have closed environments
Manu Sporny: the people that are already out there (visa,
mastercard, cell phone operators) and really established only
work on their payment network (no interoperability)
Manu Sporny: so w3c has asked "why don't these payment providers
(or banks) want to write a report on this?"
Manu Sporny: usually these groups don't have the technical
expertise to do it (banks), or they don't necessarily want to do
any work towards interoperability (large established payment
networks like VISA, PayPal, etc.)
Manu Sporny: so instead we have people like those in our CG that
are focused on creating interoperability
Manu Sporny: the w3c has an argument then that it should be easy
for us to write a report on this because most people in the CG
have spent a lot of time researching this already
Manu Sporny: but it's actually quite a time consuming task to
do, doing a table wouldn't be difficult, but a report would take
a while
Manu Sporny: even just doing a comparison between payswarm and
opentransact took a week of writing.
Manu Sporny: there are at least 30 services out there, comparing
each one may take a year worth of writing...
Manu Sporny: i think everyone has their plate full and we don't
have to write a report, i'm just concerned about the
ramifications of that
Manu Sporny: because i can see them saying we didn't have a
report on the basic research
Manu Sporny: so how can we create a solution that works for
everyone?
Manu Sporny: but we're creating *the* interoperable solution
because there isn't one out there
Manu Sporny: i really don't think we should make this our focus
now ... we're trying to get payswarm out there and proving the
API in the field
Manu Sporny: i think that's much more important than reviewing
the current state of the art
David I. Lehn: I agree [scribe assist by Manu Sporny]
Dave Longley: Yeah... maybe once we show how we have an
interoperable system - we can show how all the other systems are
not interoperable - we don't have the bandwidth to go off and
write those reports right now. If someone at W3C wants to write
these reports - our CG does not have the resources to do this at
this point in time. [scribe assist by Manu Sporny]
Manu Sporny: moving on, the w3c also talked about 3rd party
complementary systems
Manu Sporny: on top of payment systems, like checking for lists
of ingredients, checking allergies before buying things at the
store, etc.
Manu Sporny: all of these things are very linked-data sort of
things
Manu Sporny: all interesting extensions that you could
investigate
Manu Sporny: but, this is out of scope at present for this
group.
Dave Longley: I agree that the extensions are out of scope...
but I do think that we need to understand the use cases to make
sure PaySwarm covers those use cases. I think that's why we're
using JSON-LD and RDFa - we want people to build on the basic,
core Linked Data in the system. [scribe assist by Manu Sporny]
Manu Sporny: at the bottom of the w3c report we have two use
cases
Manu Sporny: one is using a phone as a ticket
Manu Sporny: we cover that in our payswarm use cases (the
concept of a digital receipt and doing something with it)
Manu Sporny: the one use case is monetary transfer without a
bank account
Manu Sporny: just using the phone as wallet
Manu Sporny: we go a step further, we say your wallet is
something that can't be destroyed/you can't use ...
Manu Sporny: you either store your wallet on your own server or
with a payment provider you trust
Manu Sporny: we've discussed these i think and payswarm covers
them
Dave Longley: Can we change the mailing list that they use? Did
they meant to do this: public-web-payments@w3.org [scribe assist
by Manu Sporny]
David I. Lehn: i got the idea that they meant to have a
different mailing list for different purposes
discussion about the mailing list issues, etc.
Manu Sporny: i'll send an email to dave raggett about how the
two mailing lists might cause confusion
Manu Sporny: since the working group doesn't exist yet, etc.
Topic: Technologies Focused on in the Group
Manu Sporny: we're focused on specifically payswarm, webcredits,
and opentransact
Manu Sporny: most discussion has been on payswarm
Manu Sporny: now we also have IFEX
Manu Sporny: which we should track because it solves an issue
that none of the other specs cover
Manu Sporny: which is how you do an exchange for currency and
move physical funds
Manu Sporny: for example, the frontend for webpayments could be
payswarm with the backend being visa, mastercard, etc, and IFEX
Manu Sporny: the group also asked why don't we focus on a major
player ... the simple answer is that no one in the group works
there or knows where they are trying to go
Manu Sporny: we don't know what they want or how we ought to
standardize for them
Dave Longley: i agree
David I. Lehn: agreed
Topic: W3C Next Steps for Web Payment
Manu Sporny: so what do we want them to do to help webpayments
out?
Manu Sporny: dave raggett proposed a workshop/outreach
Manu Sporny: one of the things w3c could do is become more
involved in the mailing list and on the calls
Manu Sporny: i know doug subscribes to the list but is very busy
as is dave
Manu Sporny: we could ask them to make w3c a priority
Manu Sporny: i think we should push them to figure out where
payments belongs (which group it belongs in)
Manu Sporny: and figure out the criteria for starting a working
group, etc.
Dave Longley: I'd really like to see W3C be more involved on the
list or the calls - or both. All the people that are working on
this stuff toward interoperability are fairly involved already...
we need them to be more involved. [scribe assist by Manu Sporny]
David I. Lehn: I agree - I want to make sure we are addressing
everything they want us to address. [scribe assist by Manu
Sporny]
David I. Lehn: Would having a summary help them understand where
we are from week to week. [scribe assist by Manu Sporny]
Manu Sporny: i think the minutes are clear, we're having regular
meetings, they could attend and give their thoughts or they could
read the minutes and comment on the list
Manu Sporny: we announce the meeting on twitter and the mailing
list and the website
Manu Sporny: i think the problem is they are lacking the
bandwidth to keep up with this stuff
Manu Sporny: and none of the member companies really want to get
involved
Manu Sporny: i don't want to create more work than we already
have
Manu Sporny: we're already focused on the things we think will
make a difference
Manu Sporny: what the working group needs is a spec and an
experimental implementation of that spec
Manu Sporny: i think we need to discuss with the w3c team and
indicate what we want out of this and what they need
Manu Sporny: we could try reaching out to google and paypal or
have w3c reach out to them
Manu Sporny: flattr/IFEX/opentransact are keeping an eye on the
list
Manu Sporny: Amir Taaki (bitcoin) pings us from time to time,
watches the group
Manu Sporny: most of the experimental providers on the w3c
report are watching this list/know about it
Manu Sporny: maybe it would be helpful to get the ripple on
board
Manu Sporny: opentabs work is being done in this group
Dave Longley: I really think we need to get someone from W3C
participating in the calls, or reading the minutes - the Web
Intents suggestion was a great example of missing the mark. We
need the W3C folks to be more educated about the work that is
happening in this group. [scribe assist by Manu Sporny]
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny)
President/CEO - Digital Bazaar, Inc.
blog: PaySwarm Website for Developers Launched
http://digitalbazaar.com/2012/02/22/new-payswarm-alpha/
Received on Wednesday, 16 May 2012 02:57:02 UTC