W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2014

Re: From W3C's eCommerce Interest Group of the 1990s to Today's Web Payments Discussion

From: Joseph Potvin <jpotvin@opman.ca>
Date: Tue, 8 Apr 2014 05:19:00 -0400
Message-ID: <CAKcXiSrvAzbeut-doVoiE1Hn_S_9An96yjovuYXQQ37FUpTc8g@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Steven Rowat <steven_rowat@sunshine.net>, Web Payments CG <public-webpayments@w3.org>
RE: "If you work for a US tech giant you are not allowed to speak
openly about novel ideas for addressing a problem without first have
checked this with the legal department due to IPR issues."

Anders, Also that's true in all sorts or contexts. For example, during
the years I worked in the Canadian government where I led the
accommodation of free/libre/open source business practices for a
decade, I had to clear media interviews and conference presentations
with Communications Branch, and run articles and book chapters by
legal counsel first. There's a normal protocol to all that, which when
followed, doesn't necessarily get in the way of novelty. It is more
work, but I always treated it as an opportunity to disseminate the
novel ideas to the comms people and the lawyers.  In my current
private sector work, carefully managing the Intellectual Provenance
(IP) Rights boundary between the internally restricted and the
externally shared worked is a mutual interest.  On the topic of
developers communicating effectively with lawyers, here's the section
we're assembling in the OSI's FLOW Syllabus:
http://osi.xwiki.com/bin/Projects/draft-flow-syllabus#HHowtoMakeitEasierforCorporateLegalCounseltoHelpYou

RE:  It's a battlefield out there if you didn't knew it...  I guess
you feel that I'm a true pessimist, right?  I'm not, I just believe
that most people would be quite happy "only" getting the core web
platform in a better shape for new and exciting missions!

...  the truly novel stuff always requires honing one's real-life
"chess" skills, no only technology wizardry.

joseph



On Tue, Apr 8, 2014 at 4:14 AM, Anders Rundgren
<anders.rundgren.net@gmail.com> wrote:
> On 2014-04-08 02:11, Joseph Potvin wrote:
>> RE: members of [any group] will not, unless forced, take kindly to
>> anything that obstructs their interests (as they define them)
>>
>> There's nothing unique in that way about large companies. The same can
>> be said for any organization, including a local farmer's market.
>
> This is true.  I would though like to add a constraint that not everybody is
> aware of: If you work for a US tech giant you are not allowed to speak openly
> about novel ideas for addressing a problem without first have checked this
> with the legal department due to IPR issues.
>
> As we can read in the trade press, a simple "slide unlock" feature is enough
> to get you in deep trouble.
>
> Due to this, only listing requirements is out of scope unless you restrict
> yourself to watered-downed nonsense statements like "payments must be secured".
>
>>
>> The earlier eCommerce work of the W3C, since it was underway at a time
>> when computing was very expensive, depended entirely on centralized
>> resourcing. In contrast, today, any smart group of geeks has the
>> computing and deployment power and create and operate an eCommerce
>> platform.  But the earlier work ought to be reviewed for useful ideas.
>> That's why I think it can be useful to find somebody who was immersed
>> in that first round of efforts two decades ago.
>
> As I wrote there are tons of dead initiatives out there if somebody want
> to go over the casualties.  I believe 3D Secure is a very good example
> of a failed standard that only banks in the EU still try to impose on
> their clients.  However, the core idea has a lot of mileage if put
> in a better web platform which VISA and MasterCard never considered
> because then they would have had to talk to Microsoft & Netscape.
> There's a reason why on-line credit-card payments remains insecure and
> EMV-cards still come with the magstrip + security info in clear text...
>
> The Web Payments CG faces a bigger problem than VISA and MasterCard:
> Due to the browser vendors' decision to "outlaw" plugins you can't
> introduce _anything_ new the client side without their participation
> and support.  I do not see much interest from these guys.
>
> In fact, even in W3C's WebCrypto applications were put in the back-seat.
> 95% of the postings are from pretty opinionated cryptographers whose prime
> interest is trying to save the world from using "bad crypto algorithms".
> (in reality most crypto-related screw-ups are due to incorrect usage of crypto).
>
> I had a similar experience in TrustedComputingGroup where I repeatably
> (and to many peoples' dismay) questioned why payments etc. were not dealt
> with by any of the 10 TCG sub-groups.  It also took way too long to get
> the stuff out.  "Perfection" is great but unfortunately what looks fine
> on the drawing board may not work exactly as planned IRL.  MSFT _manadate_
> TPMs, other vendors are working with their own and IMO better concepts:
> http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf
>
> It's a battlefield out there if you didn't knew it...
>
> I guess you feel that I'm a true pessimist, right?  I'm not, I just believe
> that most people would be quite happy "only" getting the core web platform
> in a better shape for new and exciting missions!
>
> Thanx,
> Anders
>
>
>>
>> Joseph Potvin
>>
>>
>> On Mon, Apr 7, 2014 at 6:51 PM, Steven Rowat <steven_rowat@sunshine.net> wrote:
>>> Greetings,
>>>
>>>> Anders' law of standardization:
>>>> Innovation is a fuzzy process.  Standardization is fuzzy but in another
>>>> way.
>>>> Do not combine these activities unless everybody is prepared for a rocky
>>>> ride.
>>>
>>>
>>> I'm inclined to agree with Anders comments in response to Joseph (about the
>>> history of W3C following through on standards to do with payments).
>>>
>>> Although it's tangential to Joseph's questions, I'd like to add my own
>>> experience with being a member/contributing to the W3C, about 5-7 years ago:
>>>
>>> I became concerned that there was a pivotal change in the playing field
>>> afoot with HTML 5, namely that HTML 4 and earlier were markup languages,
>>> which any literate person could engage in, while HTML 5 appeared to be
>>> Javascript and DOM based in a much more complex way, essentially ceding the
>>> web-page writing field to paid professional specialists.
>>>
>>> More germane to the current situation is that I didn't feel I was given a
>>> thorough hearing about my concerns, in the sense that the directors and
>>> editors of the HTML5 spec didn't see this as a problem. These directors and
>>> editors were members of large corporations (Apple, etc.), which may have
>>> been, and probably was, related to this reception.
>>>
>>> So I also caution that "there's a lack of openness with the W3C" as Anders
>>> said, in the sense that members of large corporations will not, unless
>>> forced, take kindly to anything that obstructs their interests (as they
>>> define them). If members of such corporations are in positions of power in
>>> the writing or passing of the web payments specs then that might be a
>>> problem. I don't know enough about the current political setup to know if
>>> this is the case in this situation, but if it is then I'd speculate that no
>>> new level playing field could be created for web payments by the W3C route.
>>>
>>> Steven Rowat
>>>
>>>
>>>
>>> On 4/7/14 7:18 AM, Anders Rundgren wrote:
>>>>
>>>> Hi Joseph,
>>>> I only have a 18 year perspective on standardization in the payment and EC
>>>> space.
>>>>
>>>> It is important realizing that W3C is only one of quite a bunch of SDOs
>>>> and that W3C
>>>> to date have been much more successful with basic technology than with
>>>> applications.
>>>>
>>>> If we then enter into the world payments there is a veritable desert out
>>>> there
>>>> with dead payment standards and initiatives.
>>>>
>>>> One of the problems is that there's no documented interest among leading
>>>> banks
>>>> to standardize anything in open.  The Web Payment Workshop delegates may
>>>> differ
>>>> but I never saw any bank folks in W3C's WebCrypto although it was said
>>>> that one
>>>> of the use-cases were high-value transactions.
>>>>
>>>> There's also a lack of openness within the W3C itself.  The current W3C SE
>>>> API
>>>> standardization effort (which is highly related to payments) is mum on the
>>>> fact
>>>> that SIM-cards are owned by operators which makes such a standard
>>>> inaccessible
>>>> for probably some 99% of the potential market.
>>>>
>>>> Personally, I stick to business-model-neutral "nuts and bolts" technology.
>>>> The challenge is understanding "just enough" of the application space
>>>> without
>>>> getting lost there :-)
>>>>
>>>> Compared to the "good old days", standardization has become much more
>>>> difficult
>>>> since it is challenged by companies like Google who can do whatever they
>>>> want.
>>>> The tempo has also increased while automatic updates reduce the need for
>>>> "perfection".
>>>> Open source has turned out to be a strong alternative to real standards.
>>>>
>>>> Anders' law of standardization:
>>>> Innovation is a fuzzy process.  Standardization is fuzzy but in another
>>>> way.
>>>> Do not combine these activities unless everybody is prepared for a rocky
>>>> ride.
>>>>
>>>> Cheers,
>>>> Anders
>>>>
>>>> On 2014-04-07 13:15, Joseph Potvin wrote:
>>>>>
>>>>> Further to the wrap-up discussion about the creating on an Interest Group
>>>>> http://www.w3.org/2013/10/payments/minutes/2014-03-25-wrapup/
>>>>>
>>>>> Does anyone on these lists have the "two-decades view" of W3C
>>>>> involvement with this topic?
>>>>> http://www.w3.org/ECommerce/
>>>>> http://www.w3.org/TR/EC-related-activities
>>>>> http://www.w3.org/ECommerce/Micropayments/
>>>>> http://www.w3.org/TR/NOTE-jepi
>>>>>
>>>>> Three questions:
>>>>>
>>>>> 1. What happened to those original efforts towards a W3C Specification
>>>>> on eCommerce that would have included specifications on web payments?
>>>>>
>>>>> 2. What should we learn from substance and fate of those earlier efforts?
>>>>>
>>>>> 3. Is there a need to "start" a new IG?  Or might the W3C eCommerce IG
>>>>> just re-convene, update its charter, and carry on?
>>>>>
>>>>> Joseph Potvin
>>>>>
>>>>>
>>>>> On Thu, Apr 3, 2014 at 11:51 AM, Stephane Boyera <boyera@w3.org> wrote:
>>>>>>
>>>>>> Dear All,
>>>>>>
>>>>>> Thanks to the great help from the Web Payments Community Group and Manu
>>>>>> Sporny, we just published a new cleaned version of the minutes of the
>>>>>> workshop at
>>>>>> http://www.w3.org/2013/10/payments/minutes/
>>>>>> The agenda with links to slides and presentations is available at
>>>>>> http://www.w3.org/2013/10/payments/agenda
>>>>>>
>>>>>> We are planning to circulate a draft report for your comments in the
>>>>>> next 10
>>>>>> days.
>>>>>>
>>>>>> Best
>>>>>> Stephane
>>>>>> --
>>>>>> Stephane Boyera        stephane@w3.org
>>>>>> W3C                +33 (0) 6 73 84 87 27
>>>>>> BP 93
>>>>>> F-06902 Sophia Antipolis Cedex,
>>>>>> France
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>
Received on Tuesday, 8 April 2014 09:19:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:36 UTC