- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 09 Apr 2014 17:22:42 -0400
- To: Web Payments CG <public-webpayments@w3.org>
Hi all,
Here's a fairly in depth piece about the path this community has taken
over the years to get to where we are today and where we could go after
the W3C Web Payments Workshop. Keep in mind that this is an opinion
piece, but one that is grounded as much as possible in facts:
http://manu.sporny.org/2014/dawn-of-web-payments/
Those that have been with the community for a while could skip the first
40% and start reading in the middle:
http://manu.sporny.org/2014/dawn-of-web-payments#workshop
The full text of the article is included below for archival purposes and
in case any of you would like to respond in-line.
----------------------------------------------------------------------
The Marathonic Dawn of Web Payments
A little over six years ago, a group of doe-eyed Web developers,
technologists, and economists decided that the way we send and
receive money over the Web was fundamentally broken and needed to
be fixed. The tiring dance of filling out your personal details on
every website you visited seemed archaic. This was especially true
when handing over your debit card number, which is basically a
password into your bank account, to any fly by night operation
that had something you wanted to buy. It took days to send money
where an email would take milliseconds. Even with the advent of
Bitcoin, not much has changed since 2007.
At the time, we naively thought that it wouldn’t take long for the
technology industry to catch on to this problem and address it
like they’ve addressed many of the other issues around publishing
and communication over the Web. After all, getting paid and paying
for services is something all of us do as a fundamental part of
modern day living. Change didn’t come as fast as we had hoped. So
we kept our heads down and worked for years gathering momentum to
address this issue on the Web. I’m happy to say that we’ve just
had a breakthrough.
The first ever W3C Web Payments Workshop happened two weeks ago.
It was a success. Through it, we have taken significant steps
toward a better future for the Web and those that make a living by
using it. This is the story of how we got from there to here, what
the near future looks like, and the broad implications this work
has for the Web.
TL;DR: The W3C Web Payments Workshop was a success, we’re moving
toward standardizing some technologies around the way we send and
receive money on the Web; join the [1]Web Payments Community Group
if you want to find out more.
Primordial Web Payment Soup
In late 2007, our merry little band of collaborators started
piecing together bits of the existing Web platform in an attempt
to come up with something that could be standardized. After a
while, it became painfully obvious that the Web Platform was
missing some fundamental markup and security technologies. For
example, there was no standard machine-readable or automate-able
way of describing an item for sale on the Web. This meant that
search engines can’t index all the things on the Web that are
offered for sale. It also meant that all purchasing decisions had
to be made by people. You couldn’t tell your Web browser something
like “I trust the New York Times, let them charge me $0.05 per
article up to $10 per month for access to their website”.
[2]Linked Data seemed like the right solution for machine-readable
products, but the Linked Data technologies at the time seemed
mired in complex, draconian solutions (SOAP, XML, XHTML, etc.):
the bane of most Web Developers.
We became involved in the [3]Microformats community and in the
creation of technologies like [4]RDFa in the hope that we could
apply it to the Web Payments work. When it became apparent that
RDFa was only going to solve part of the problem (and potentially
produce a new set of problems), we created [5]JSON-LD and started
to [6]standardize it through the [7]W3C.
As these technologies started to grow out of the need to support
payments on the Web, it became apparent that we needed to get more
people from the general public, government, policy, traditional
finance, and technology sectors involved.
Founding a Payment Incubator for the Web
We needed to build a movement around the Web Payments work and the
founding of a community was the first step in that movement. In
2009, we founded the PaySwarm Community and worked on the
technologies related to payments on the Web with a handful of
individuals. In 2011, we transitioned the PaySwarm Community to
the W3C and renamed the group to the [8]Web Payments Community
Group. To be clear, Community Groups at W3C are never officially
sanctioned by W3C’s membership, but they are where most of the
pre-standardization work happens. The purpose of the Web Payments
Community Group was to incubate payment technologies and lobby W3C
to start official standardization work related to how we exchange
monetary value on the Web.
What started out as nine people spread across the world has grown
into an active community of more than 150 people today. That
community includes interesting organizations like Bloomberg,
Mozilla, Stripe, Yandex, Ripple Labs, Citigroup, Opera, Joyent,
and Telefónica. We have [9]14 technologies that are in the
pre-standardization phase, ready to be placed into the
standardization pipeline at W3C if we can get enough support from
Web developers and the W3C member organizations.
Traction
In 2013, a number of us thought there was enough momentum to lobby
W3C to hold the world’s first Web Payments Workshop. The purpose
of the workshop would be to get major payment providers,
government organizations, telecommunication providers, Web
technologists, and policy makers into the same room to see if they
thought that payments on the Web were broken and to see if people
in the room thought that there was something that we could do
about it.
In November of 2013, plans were hatched to hold the [10]worlds
first Web Payments Workshop. Over the next several months, the
W3C, the Web Payments Workshop Program Committee, and the Web
Payments Community Group worked to bring together as many major
players as possible. The result was something better than we could
have hoped for.
The Web Payments Workshop
In March 2014, the Web Payments Workshop was held in the
beautiful, historic, and apropos Paris stock exchange, the
[11]Palais Brongniart. It was packed by an all-star list of
financial and technology industry titans like the US Federal
Reserve, Google, SWIFT, Yandex, Mozilla, Bloomberg, ISOC,
Rabobank, and [12]103 other people and organizations that shape
financial and Web standards. In true W3C form, every single
session was [13]minuted and is available to the public. The
sessions focused on the following key areas related to payments
and the Web. The entire contents of each session, all 14 hours of
discussion, are linked to below:
1. [14]Introductions by W3C and European Commission
2. [15]Overview of Current and Future Payment Ecosystems
3. [16]Toward an Ideal Web Payments Experience
4. [17]Back End: Banks, Regulation, and Future Clearing
5. [18]Enhancing the Customer and Merchant Experience
6. [19]Front End: Wallets – Initiating Payment and Digital
Receipts
7. [20]Identity, Security, and Privacy
8. [21]Wrap-up of Workshop and Next Steps
I’m not going to do any sort of deep dive into what happened
during the workshop. W3C will be releasing a workshop report in
the next few weeks that will do justice to summarizing what went
on during the event. The rest of this blog post will focus on what
will most likely happen after that workshop report comes out.
The Next Year in Web Payments
The next step of the W3C process is to convene an official group
that will take all of the raw input from the Web Payments
Workshop, the papers submitted to the event, input from various
W3C Community Groups and from the industry at large, and reduce
the scope of work down to something that is narrowly focused but
will have a very large series of positive impacts on the Web.
This group will most likely operate for 6-12 months to make its
initial set of recommendations for work that should start
immediately in existing W3C Working Groups. It may also recommend
that entirely new groups be formed at W3C to start standardization
work. Once standardization work starts, it will be another 3-4
years before we see an official Web standard. While that sounds
like a long time, keep in mind that large chunks of the work will
happen in parallel, or have already happened. For example, the
first iteration of the RDFa and JSON-LD bits of the Web Payments
work are already done and standardized. The [22]HTTP Signatures
work is quite far along (from a technical standpoint, it still
needs a thorough security review and consensus to move forward).
So, what kind of new work can we expect to get started at W3C?
While nothing is certain, looking at the [23]14 pre-standards
documents that the Web Payments Community Group is working on
helps us understand where the future might take us. The
[24]payment problems of highest concern mentioned in the workshop
papers also hint at the sorts of issues that need to be addressed
for payments on the Web. Below are a few ideas of what may spin
out of the work over the next year. Keep in mind that these
predictions are mine and mine alone, they are in no way tied to
any sort of official consensus either at the W3C or in the Web
Payments Community Group.
Identity and Verified Credentials
One of the most fundamental problems that was raised at the
workshop was the idea that identity on the Web is broken. That is,
being able to prove who you are to a website, such as a bank or
merchant, is incredibly difficult. Since it’s hard for us to prove
who we are on the Web, fraud levels are much higher than they
should be and peer-to-peer payments require a network of trusted
intermediaries (which drive up the cost of the simplest
transaction).
The Web Payments Community Group is currently working on
technology called Identity Credentials that could be applied to
this problem. It’s also closely related to the website login
problem that Mozilla Persona was attempting to solve. Security and
privacy concerns abound in this area, so we have to make sure to
carefully design for those concerns. We need a privacy-conscious
identity solution for the Web, and it’s possible that a new
Working Group may need to be created to push forward initiatives
like [25]credential-based login for the Web. I personally think it
would be unwise for W3C members to put off the creation of an
Identity Working Group for much longer.
Wallets, Payment Initiation, and Digital Receipts
Another agreement that seemed to come out of the workshop was the
belief that we need to create a level playing field for payments
while also not attempting to standardize one payment solution for
the Web. The desire was to standardize on the bare minimum
necessary to make it so that websites only needed a few ways to
initiate payments and receive confirmation for them. The ideal
case was that your browser or wallet software would pick the best
payment option for you based on your needs (best protection,
fastest payment confirmation, lowest fees, etc.).
Digital wallets that hold different payment mechanisms, loyalty
cards, personal data, and receipts were discussed. Unfortunately,
the scope of a wallet’s functionality was not clear. Would a
wallet consist of a browser-based API? Would it be cloud-based?
Both? How would you sync data between wallets on different
devices? What sort of functionality would be the bare minimum?
These are questions that the upcoming W3C Payments Interest Group
should answer. The desired outcome, however seemed to be fairly
concrete: provide a way for people to do a one-click purchase on
any website without having to hand over all of their personal
information. Make it easy for Web developers to integrate this
functionality into websites using a standards-based approach.
Shifting to use some Bitcoin-like protocol seemed to be a
non-starter for most everyone in the room, however the idea that
we could create Bitcoin/USD/Euro wallets that could initiate
payment and provide a digital receipt proving that funds were
moved seemed to be one possible implementation target. This would
allow Visa, Mastercard, PayPal, Bitcoin, and banks to not have to
reinvent their entire payment networks in order to support simple
one-click purchases on the Web. The Web Payments Community Group
does have a [26]Web Commerce API specification and a [27]Web
Commerce protocol that covers this area, but it may need to be
modified or expanded based on the outcome of the “What is a
digital wallet and what does it do?” discussion.
Everything Else
The three major areas where it seemed like work could start at W3C
revolved around verified identity, payment initiation, and digital
receipts. In order to achieve those broad goals, we’re also going
to have to work on some other primitives for the Web.
For example, JSON-LD was mentioned a number of times as the
digital receipt format. If JSON-LD is going to be the digital
receipt format, we’re going to have to have a way of digitally
signing those receipts. [28]JOSE is one approach, [29]Secure
Messaging is another, and there is [30]currently a debate over
which is best suited for digitally signing JSON-LD data.
If we are going to have digital receipts, then what goes into
those receipts? How are we going to express the goods and services
that someone bought in an interoperable way? We need something
like the [31]product ontology to help us describe the supply and
demand for products and services on the Web.
If JSON-LD is going to be utilized, some work needs to be put into
Web vocabularies related to [32]commerce, [33]identity, and
[34]security. If mobile-based NFC payment is a part of the story,
we need to figure out how that’s going to fit into the bigger
picture, and so on.
Make a Difference, Join us
As you can see, even if the payments scope is very narrow, there
is still a great deal of work that needs to be done. The good news
is that the narrow scope above would focus on concrete goals and
implementations. We can measure progress for each one of those
initiatives, so it seems like what’s listed above is quite
achievable over the next few years.
There also seems to be broad support to address many of [35]the
most fundamental problems with payments on the Web. That’s why I’m
calling this a breakthrough. For the first time, we have some
broad agreement that something needs to be done and that W3C can
play a major role in this work. That’s not to say that if a W3C
Payments Interest Group is formed that they won’t self destruct
for one reason or another, but based on the sensible discussion at
the Web Payments Workshop, I wouldn’t bet on that outcome.
If the Web Payments work at W3C is successful, it means a more
privacy-conscious, secure, and semantically rich Web for everyone.
It also means it will be easier for you to make a living through
the Web because the proper primitives to do things like one-click
payments on the Web will finally be there. That said, it’s going
to take a community effort. If you are a Web developer, designer,
or technical writer, we need your help to make that happen.
If you want to become involved, or just learn more about the march
toward Web Payments, [36]join the Web Payments Community Group.
References
1. https://web-payments.org/join
2. https://www.youtube.com/watch?v=4x_xzT5eF5Q
3. http://microformats.org/
4. http://rdfa.info/
5. https://www.youtube.com/watch?v=vioCbTo3C-4
6. http://www.w3.org/TR/json-ld/
7. http://www.w3.org/Consortium/
8. https://web-payments.org/
9. https://web-payments.org/specs/
10. http://www.w3.org/2013/10/payments/
11. http://en.wikipedia.org/wiki/Paris_Bourse
12. http://www.w3.org/2013/10/payments/agenda.html#participants
13. http://www.w3.org/2013/10/payments/minutes/#subcontent
14. http://www.w3.org/2013/10/payments/minutes/2014-03-24-intro/
15. http://www.w3.org/2013/10/payments/minutes/2014-03-24-s1/
16. http://www.w3.org/2013/10/payments/minutes/2014-03-24-s2/
17. http://www.w3.org/2013/10/payments/minutes/2014-03-24-s3/
18. http://www.w3.org/2013/10/payments/minutes/2014-03-25-s4/
19. http://www.w3.org/2013/10/payments/minutes/2014-03-25-s5/
20. http://www.w3.org/2013/10/payments/minutes/2014-03-25-s6/
21. http://www.w3.org/2013/10/payments/minutes/2014-03-25-wrapup/
22. https://web-payments.org/specs/source/http-signatures/
23. https://web-payments.org/specs/
24. https://www.w3.org/2013/10/payments/wiki/WorkshopPaperSurvey
25. http://manu.sporny.org/2014/credential-based-login/
26. https://web-payments.org/specs/source/web-commerce-api/
27. https://web-payments.org/specs/source/web-commerce/
28. http://datatracker.ietf.org/wg/jose/charter/
29. https://web-payments.org/specs/source/secure-messaging/
30. http://manu.sporny.org/2013/sm-vs-jose/
31. http://www.productontology.org/
32. https://web-payments.org/specs/source/vocabs/commerce.html
33.
https://web-payments.org/specs/source/identity-credentials/#a-typical-identity
34. https://web-payments.org/specs/source/vocabs/security.html
35. https://www.w3.org/2013/10/payments/wiki/WorkshopPaperSurvey
36. https://web-payments.org/join
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
http://www.w3.org/2013/10/payments/
Received on Wednesday, 9 April 2014 21:23:05 UTC