W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2014

Re: From W3C's eCommerce Interest Group of the 1990s to Today's Web Payments Discussion

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 09 Apr 2014 13:15:04 +0200
Message-ID: <53452BB8.5060108@gmail.com>
To: Tim Holborn <timothy.holborn@gmail.com>
CC: Joseph Potvin <jpotvin@opman.ca>, Web Payments CG <public-webpayments@w3.org>
Tim,

I'm just an engineer so I stick to simple and reasonably verifiable facts like Google's
dealings with U2F which I believe pretty well describes where we are today.

Anders

On 2014-04-09 12:01, Tim Holborn wrote:
> Well, 
>
> I hope the renumeration package suitably considers what they’ve purchased and/or leased.
>
> whilst it’s important that individuals employed by a company do not breach the companies interests; the company, as an incorporated legal entity as apposed to a natural legal entity does (or should) not offer (or require) servitude more broadly upon participating individuals outside of the particular scope of the role for which they are employed.  one type of consideration might be a persons lifestyle choices, whether they take drugs whilst seeking to act in the public service, within roles that affect the lives of the people within a governments states, for which such an employee are employed to serve the people (in theory).  If you can’t do payments; why don’t you go have a look at something like http://theodi.org/about-us / https://github.com/theodi - imagine a world where public spending statistics were more holistically (rather than ideologically) available for university researchers, sociologists, etc.  
>
> vint once told me if they’re not interested in providing that data, use dummy data so you can prove the benefit of having the data, or something along those lines… 
>
> I do acknowledge it is an issue; however companies are legal instruments / entities, created to service a purpose for humanity via the rule of law within a democracy (assuming you live in a democratic country, rule of law, et.al); not the other way around.  i get kinda sick of the funnel effect, ends-up with campaigns around the world screaming things like the 99% n such.  not very sustainable either, GFC a good example. 
>
> If you think this is the only area of sensitivity, you should try more commercial fields; like Broadcast standards, or GIS Mapping.  whilst the issue of fairness in economic considerations is one issue; the publication of such things is also interesting.  Nonetheless,
>
> there is a basic principle of ‘acknowledgement’ which is important legally with regard to copyright and an array of other principles.  Back in the day before internet, goods and services were physically traded. if you physically someone a script, business plan or other document (one of those ones that takes much longer to produce than it does to read) well, they were less likely to simply ’take it’ and send you to the lawyers if you didn’t like that idea.  if someone walked into a shop, they couldn’t walk out with the products then stick advertising outside your shop with a lower price; most IP of value was written in paper; stamped, made official.  http://en.wikipedia.org/wiki/Copyright_Clause : Internet has degraded that so much, the virtue of the copyright act in the US constitution is a lovely idea, but not very tangible to most people who work on computers.  Therefore, seems reasonable to assume that change is needed.  It is therefore my suggestion to look at the
> ‘smart property’ and ‘e-contracts’ aspects, and see how they’re integrated into the spec.  
>
> In Australia, our parliamentarians had a massive issue, in fact - one involved was involved in setting-up one of the first, and the largest (At the time) ISP’s in Australia, let alone other technical infrastructure.  He was caught by a ‘fake email’ http://en.wikipedia.org/wiki/Utegate 
>
> The commercial trade of cash equivalents specifically; is only one area.  in terms of Innovation; the functional aspect of using some of these newer technologies on IPR issues; such as automating priority-date issues on documentation and other ’smart property’ business cases; offers a way to improve systems, creating proving grounds, without the need to look specifically (for these higher-tech areas) at cash-equivalents and the trade issues incumbent within the concepts. 
>
> The Commercial world doesn’t understand fork / commit, they understand cut / copy / paste, and where there’s a will, there’s a way.  the problem gets down to an issue first considered in the authorship of the copyright clause (as one reference alone)... 
>
> With regard to the employment contractual effects; From the documentation it seems the company whom TimBL Was working with when creating WWW, took a certain view, so now the internet exists as a result of the view taken by these communities at the time.  Today, many of these early participants have had tremendous roles with internet given their socio-professional development most likely assisted them in developing positive relationships with people who grew, to know the issues, history and considerations more broadly. 
>
> yet perhaps this is an area where a declaration could be made; say when a FOAF is related to a DOAP; and something of value / merit is created.   I’ve argued for multiple web-id’s to deal with persona (i.e. Employee, at home inventor, author, father / mother, friend, etc.) 
>
> Problem with stealth, is that you go build something by yourself, then goto market and come-up against the same issues.  submarine patent issues is one such issue.   anyhow.  IMHO. i wouldn’t be engaging in contracts that have unreasonable prohibitions on communications and community engagement.  not many good things happen in dark places, those that are good can often be better with light anyway..
>
> bunkers don’t work well for the majority of people. at a minimum, people need a little sunlight in their lives. 
>
> </rant>
>
> https://www.google.com/search?q=define+commerce
>
>
> Tim.h
>
>
> On 9 Apr 2014, at 3:34 pm, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>> On 2014-04-08 12:23, Tim Holborn wrote:
>>> I think TimBL built the first web-browser, not just a bunch of standards.
>>>
>>> from my understanding he also gave it away freely.  world didn’t end.
>>
>> I once elaborated on interesting and potentially novel ideas in a public forum.
>> Due that I got fired for violating my employer's IP interests.
>>
>> I have later verified that it is indeed not permitted even discussing
>> possible *requirements* in open because that could point to product plans
>> or make people believe that you actually are serious which could lead to
>> articles in the trade press who act like vultures these days.
>>
>> So if anything really innovative is proposed, it is either already more
>> or less implemented by a leading vendor (Google's U2F is a very recent
>> example of this), or it comes from a party that has no chance implementing
>> it on their own.
>>
>> There are a few exceptions to this but payments do not belong to the "open"
>> discussion space.  I wouldn't be surprised if payments represent the single
>> most politically, technically and commercially difficult web standardization
>> item you can find!
>>
>> This is why I have personally opted on "stealth" solutions that flies safely
>> under the radar of the payment giants who lack competence in state-of-the-art
>> web technology.  One day the may woke up finding that their once completely
>> obscure competitors are advancing.  A lack of progress OTOH will undoubtedly
>> lead to even more centralized payment services so it is a at least worthy goal
>> even if the odds are pretty slim.
>>
>> Anders
>>
>>>
>>> timh.
>>>
>>> On 8 Apr 2014, at 7:19 pm, Joseph Potvin <jpotvin@opman.ca <mailto:jpotvin@opman.ca>> wrote:
>>>
>>>> RE: "If you work for a US tech giant you are not allowed to speak
>>>> openly about novel ideas for addressing a problem without first have
>>>> checked this with the legal department due to IPR issues."
>>>>
>>>> Anders, Also that's true in all sorts or contexts. For example, during
>>>> the years I worked in the Canadian government where I led the
>>>> accommodation of free/libre/open source business practices for a
>>>> decade, I had to clear media interviews and conference presentations
>>>> with Communications Branch, and run articles and book chapters by
>>>> legal counsel first. There's a normal protocol to all that, which when
>>>> followed, doesn't necessarily get in the way of novelty. It is more
>>>> work, but I always treated it as an opportunity to disseminate the
>>>> novel ideas to the comms people and the lawyers.  In my current
>>>> private sector work, carefully managing the Intellectual Provenance
>>>> (IP) Rights boundary between the internally restricted and the
>>>> externally shared worked is a mutual interest.  On the topic of
>>>> developers communicating effectively with lawyers, here's the section
>>>> we're assembling in the OSI's FLOW Syllabus:
>>>> http://osi.xwiki.com/bin/Projects/draft-flow-syllabus#HHowtoMakeitEasierforCorporateLegalCounseltoHelpYou
>>>>
>>>> RE:  It's a battlefield out there if you didn't knew it...  I guess
>>>> you feel that I'm a true pessimist, right?  I'm not, I just believe
>>>> that most people would be quite happy "only" getting the core web
>>>> platform in a better shape for new and exciting missions!
>>>>
>>>> ...  the truly novel stuff always requires honing one's real-life
>>>> "chess" skills, no only technology wizardry.
>>>>
>>>> joseph
>>>>
>>>>
>>>>
>>>> On Tue, Apr 8, 2014 at 4:14 AM, Anders Rundgren
>>>> <anders.rundgren.net@gmail.com> wrote:
>>>>> On 2014-04-08 02:11, Joseph Potvin wrote:
>>>>>> RE: members of [any group] will not, unless forced, take kindly to
>>>>>> anything that obstructs their interests (as they define them)
>>>>>>
>>>>>> There's nothing unique in that way about large companies. The same can
>>>>>> be said for any organization, including a local farmer's market.
>>>>>
>>>>> This is true.  I would though like to add a constraint that not everybody is
>>>>> aware of: If you work for a US tech giant you are not allowed to speak openly
>>>>> about novel ideas for addressing a problem without first have checked this
>>>>> with the legal department due to IPR issues.
>>>>>
>>>>> As we can read in the trade press, a simple "slide unlock" feature is enough
>>>>> to get you in deep trouble.
>>>>>
>>>>> Due to this, only listing requirements is out of scope unless you restrict
>>>>> yourself to watered-downed nonsense statements like "payments must be secured".
>>>>>
>>>>>>
>>>>>> The earlier eCommerce work of the W3C, since it was underway at a time
>>>>>> when computing was very expensive, depended entirely on centralized
>>>>>> resourcing. In contrast, today, any smart group of geeks has the
>>>>>> computing and deployment power and create and operate an eCommerce
>>>>>> platform.  But the earlier work ought to be reviewed for useful ideas.
>>>>>> That's why I think it can be useful to find somebody who was immersed
>>>>>> in that first round of efforts two decades ago.
>>>>>
>>>>> As I wrote there are tons of dead initiatives out there if somebody want
>>>>> to go over the casualties.  I believe 3D Secure is a very good example
>>>>> of a failed standard that only banks in the EU still try to impose on
>>>>> their clients.  However, the core idea has a lot of mileage if put
>>>>> in a better web platform which VISA and MasterCard never considered
>>>>> because then they would have had to talk to Microsoft & Netscape.
>>>>> There's a reason why on-line credit-card payments remains insecure and
>>>>> EMV-cards still come with the magstrip + security info in clear text...
>>>>>
>>>>> The Web Payments CG faces a bigger problem than VISA and MasterCard:
>>>>> Due to the browser vendors' decision to "outlaw" plugins you can't
>>>>> introduce _anything_ new the client side without their participation
>>>>> and support.  I do not see much interest from these guys.
>>>>>
>>>>> In fact, even in W3C's WebCrypto applications were put in the back-seat.
>>>>> 95% of the postings are from pretty opinionated cryptographers whose prime
>>>>> interest is trying to save the world from using "bad crypto algorithms".
>>>>> (in reality most crypto-related screw-ups are due to incorrect usage of crypto).
>>>>>
>>>>> I had a similar experience in TrustedComputingGroup where I repeatably
>>>>> (and to many peoples' dismay) questioned why payments etc. were not dealt
>>>>> with by any of the 10 TCG sub-groups.  It also took way too long to get
>>>>> the stuff out.  "Perfection" is great but unfortunately what looks fine
>>>>> on the drawing board may not work exactly as planned IRL.  MSFT _manadate_
>>>>> TPMs, other vendors are working with their own and IMO better concepts:
>>>>> http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf
>>>>>
>>>>> It's a battlefield out there if you didn't knew it...
>>>>>
>>>>> I guess you feel that I'm a true pessimist, right?  I'm not, I just believe
>>>>> that most people would be quite happy "only" getting the core web platform
>>>>> in a better shape for new and exciting missions!
>>>>>
>>>>> Thanx,
>>>>> Anders
>>>>>
>>>>>
>>>>>>
>>>>>> Joseph Potvin
>>>>>>
>>>>>>
>>>>>> On Mon, Apr 7, 2014 at 6:51 PM, Steven Rowat <steven_rowat@sunshine.net> wrote:
>>>>>>> Greetings,
>>>>>>>
>>>>>>>> Anders' law of standardization:
>>>>>>>> Innovation is a fuzzy process.  Standardization is fuzzy but in another
>>>>>>>> way.
>>>>>>>> Do not combine these activities unless everybody is prepared for a rocky
>>>>>>>> ride.
>>>>>>>
>>>>>>>
>>>>>>> I'm inclined to agree with Anders comments in response to Joseph (about the
>>>>>>> history of W3C following through on standards to do with payments).
>>>>>>>
>>>>>>> Although it's tangential to Joseph's questions, I'd like to add my own
>>>>>>> experience with being a member/contributing to the W3C, about 5-7 years ago:
>>>>>>>
>>>>>>> I became concerned that there was a pivotal change in the playing field
>>>>>>> afoot with HTML 5, namely that HTML 4 and earlier were markup languages,
>>>>>>> which any literate person could engage in, while HTML 5 appeared to be
>>>>>>> Javascript and DOM based in a much more complex way, essentially ceding the
>>>>>>> web-page writing field to paid professional specialists.
>>>>>>>
>>>>>>> More germane to the current situation is that I didn't feel I was given a
>>>>>>> thorough hearing about my concerns, in the sense that the directors and
>>>>>>> editors of the HTML5 spec didn't see this as a problem. These directors and
>>>>>>> editors were members of large corporations (Apple, etc.), which may have
>>>>>>> been, and probably was, related to this reception.
>>>>>>>
>>>>>>> So I also caution that "there's a lack of openness with the W3C" as Anders
>>>>>>> said, in the sense that members of large corporations will not, unless
>>>>>>> forced, take kindly to anything that obstructs their interests (as they
>>>>>>> define them). If members of such corporations are in positions of power in
>>>>>>> the writing or passing of the web payments specs then that might be a
>>>>>>> problem. I don't know enough about the current political setup to know if
>>>>>>> this is the case in this situation, but if it is then I'd speculate that no
>>>>>>> new level playing field could be created for web payments by the W3C route.
>>>>>>>
>>>>>>> Steven Rowat
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 4/7/14 7:18 AM, Anders Rundgren wrote:
>>>>>>>>
>>>>>>>> Hi Joseph,
>>>>>>>> I only have a 18 year perspective on standardization in the payment and EC
>>>>>>>> space.
>>>>>>>>
>>>>>>>> It is important realizing that W3C is only one of quite a bunch of SDOs
>>>>>>>> and that W3C
>>>>>>>> to date have been much more successful with basic technology than with
>>>>>>>> applications.
>>>>>>>>
>>>>>>>> If we then enter into the world payments there is a veritable desert out
>>>>>>>> there
>>>>>>>> with dead payment standards and initiatives.
>>>>>>>>
>>>>>>>> One of the problems is that there's no documented interest among leading
>>>>>>>> banks
>>>>>>>> to standardize anything in open.  The Web Payment Workshop delegates may
>>>>>>>> differ
>>>>>>>> but I never saw any bank folks in W3C's WebCrypto although it was said
>>>>>>>> that one
>>>>>>>> of the use-cases were high-value transactions.
>>>>>>>>
>>>>>>>> There's also a lack of openness within the W3C itself.  The current W3C SE
>>>>>>>> API
>>>>>>>> standardization effort (which is highly related to payments) is mum on the
>>>>>>>> fact
>>>>>>>> that SIM-cards are owned by operators which makes such a standard
>>>>>>>> inaccessible
>>>>>>>> for probably some 99% of the potential market.
>>>>>>>>
>>>>>>>> Personally, I stick to business-model-neutral "nuts and bolts" technology.
>>>>>>>> The challenge is understanding "just enough" of the application space
>>>>>>>> without
>>>>>>>> getting lost there :-)
>>>>>>>>
>>>>>>>> Compared to the "good old days", standardization has become much more
>>>>>>>> difficult
>>>>>>>> since it is challenged by companies like Google who can do whatever they
>>>>>>>> want.
>>>>>>>> The tempo has also increased while automatic updates reduce the need for
>>>>>>>> "perfection".
>>>>>>>> Open source has turned out to be a strong alternative to real standards.
>>>>>>>>
>>>>>>>> Anders' law of standardization:
>>>>>>>> Innovation is a fuzzy process.  Standardization is fuzzy but in another
>>>>>>>> way.
>>>>>>>> Do not combine these activities unless everybody is prepared for a rocky
>>>>>>>> ride.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Anders
>>>>>>>>
>>>>>>>> On 2014-04-07 13:15, Joseph Potvin wrote:
>>>>>>>>>
>>>>>>>>> Further to the wrap-up discussion about the creating on an Interest Group
>>>>>>>>> http://www.w3.org/2013/10/payments/minutes/2014-03-25-wrapup/
>>>>>>>>>
>>>>>>>>> Does anyone on these lists have the "two-decades view" of W3C
>>>>>>>>> involvement with this topic?
>>>>>>>>> http://www.w3.org/ECommerce/
>>>>>>>>> http://www.w3.org/TR/EC-related-activities
>>>>>>>>> http://www.w3.org/ECommerce/Micropayments/
>>>>>>>>> http://www.w3.org/TR/NOTE-jepi
>>>>>>>>>
>>>>>>>>> Three questions:
>>>>>>>>>
>>>>>>>>> 1. What happened to those original efforts towards a W3C Specification
>>>>>>>>> on eCommerce that would have included specifications on web payments?
>>>>>>>>>
>>>>>>>>> 2. What should we learn from substance and fate of those earlier efforts?
>>>>>>>>>
>>>>>>>>> 3. Is there a need to "start" a new IG?  Or might the W3C eCommerce IG
>>>>>>>>> just re-convene, update its charter, and carry on?
>>>>>>>>>
>>>>>>>>> Joseph Potvin
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Apr 3, 2014 at 11:51 AM, Stephane Boyera <boyera@w3.org> wrote:
>>>>>>>>>>
>>>>>>>>>> Dear All,
>>>>>>>>>>
>>>>>>>>>> Thanks to the great help from the Web Payments Community Group and Manu
>>>>>>>>>> Sporny, we just published a new cleaned version of the minutes of the
>>>>>>>>>> workshop at
>>>>>>>>>> http://www.w3.org/2013/10/payments/minutes/
>>>>>>>>>> The agenda with links to slides and presentations is available at
>>>>>>>>>> http://www.w3.org/2013/10/payments/agenda
>>>>>>>>>>
>>>>>>>>>> We are planning to circulate a draft report for your comments in the
>>>>>>>>>> next 10
>>>>>>>>>> days.
>>>>>>>>>>
>>>>>>>>>> Best
>>>>>>>>>> Stephane
>>>>>>>>>> --
>>>>>>>>>> Stephane Boyera        stephane@w3.org
>>>>>>>>>> W3C                +33 (0) 6 73 84 87 27
>>>>>>>>>> BP 93
>>>>>>>>>> F-06902 Sophia Antipolis Cedex,
>>>>>>>>>> France
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Received on Wednesday, 9 April 2014 11:15:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:36 UTC