W3C home > Mailing lists > Public > public-webpayments@w3.org > February 2013

Re: Building A Paid App For Firefox OS

From: Paul <paul@pogodan.com>
Date: Wed, 27 Feb 2013 12:43:00 -0500
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Web Payments <public-webpayments@w3.org>
Message-Id: <8FD7AD92-7F03-41F0-9355-9421DAB2A176@pogodan.com>
To: Kumar McMillan <kmcmillan@mozilla.com>
On Feb 27, 2013, at 12:31 PM, Kumar McMillan <kmcmillan@mozilla.com> wrote:

> 
> On Feb 27, 2013, at 10:53 AM, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> 
>> At first glance the Firefox Marketplace for Firefox OS may look similar to the Apple Store or Google Play Store but there is a key difference: it does not lock you into Mozilla or lock you into your Firefox OS phone. It enables you to sell a web app that will run on any open web device by way of the receipt protocol. Non-Mozilla marketplaces can participate in selling apps on Firefox OS out of the box by implementing the receipt format and users won’t notice anything different when running a paid app from either store.
>> 
>> When other devices support the receipt protocol then theoretically you could pay for an app once and run it everywhere. There is, of course, a chicken vs. egg problem here so Mozilla hopes to be the egg that helps prove out the decentralized receipt concept and iterate on the protocol. Mozilla invites other vendors to help us work on getting receipts right so that paid apps are as portable and “webby” as possible.
>> 
>> [Read More...]
>> 
>> https://hacks.mozilla.org/2013/02/building-a-paid-app-for-firefox-os/
>> 
> 
> Hi Melvin, thanks for posting to the list. I am following the web payments work here and we (Mozilla) are certainly interested in making payments work on the web in a decentralized manner.
> 
> In comparison to Pay Swarm, I'll point out that our web app receipt format says nothing about how to *pay* for the app (that's way harder!).  However, I think the decentralized receipt format is the most well understood part of Firefox OS' current approach to payments. It is a simple JWT format using standard crypto. The key synchronization is a little complex but it should hopefully be easy enough for other marketplaces to implement. We'll find out how easy once some others try it out. Right now, only Mozilla has implemented the receipt format.
> 
> As far as I know, neither iOS or Android have attempted to make open payment receipts that third parties can verify. As my article states, we are interested in building an ecosystem where anyone can sell apps and anyone can build a *runtime* that supports any paid app.
> 
> I'll be posting another article soon about how in-app payments work but IMO those are not as webby and decentralized as app receipts. There is lots of work to do!
> 
>> I wonder if the firefox marketplace could be a good way to bootstrap the web app eco system …
> 
> The current open payments concepts came out of our labs group a couple years ago. They are our first take on payments so I think they will evolve once they're in the wild.
> 
> -Kumar

This is definitely interesting. A couple questions I have are:
* would the app fail to boot/go into 'pirated' mode if the receipt server went down/started handing out bad responses?
* with a fully open source OS and app, it seems it would always be fairly trivial to bypass at least the client-side part of the equation, or is there something I'm missing that would prevent the user from just removing the receipt validation code? obviously if the app's actual functionality required data from a server you run that would change things


-- 
Paul Meserve
Pogoapp | www.pogoapp.com
Received on Wednesday, 27 February 2013 17:43:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 February 2013 17:43:24 GMT