- From: Pindar Wong <pindar.wong@gmail.com>
- Date: Thu, 9 Jan 2014 06:36:50 +0800
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAM7BtUr_OgBvVy3e8OorCHfKFtnnFoho3OS8kAivN0o_ZMDQEg@mail.gmail.com>
I find always finds these minutes timely and helpful, so thank you one and all for getting these out. Looking at my calendar for Q1 it looks like I will need to rely on these even more. As far as my talk on Jan 15 in HK@Asia PKI , I will continue the outreach started last year and will aim to drive relevant attendance, via submission of relevant position(s) and EOIs, to the Paris meeting via the channels described. Best, p. On Thu, Jan 9, 2014 at 5:13 AM, <msporny@digitalbazaar.com> wrote: > Thanks to Dave Longley for scribing this week! The minutes > for this week's Web Payments telecon are now available: > > https://web-payments.org/minutes/2014-01-08/ > > Full text of the discussion follows for W3C archival purposes. > Audio from the meeting is available as well (link provided below). > > ---------------------------------------------------------------- > Web Payments Community Group Telecon Minutes for 2014-01-08 > > Agenda: > http://lists.w3.org/Archives/Public/public-webpayments/2014Jan/0047.html > Topics: > 1. Update on Web Payments Workshop > 2. New web-payments.org website > 3. Web Payments Workshop Position Paper > 4. Web Identity Updates/Concerns > Action Items: > 1. Manu to suggest that the Web Payments Program Committee > publish a protocol for journalists and live bloggers at the Web > Payments Workshop. > Chair: > Manu Sporny > Scribe: > Dave Longley > Present: > Dave Longley, Manu Sporny, Evan Schwartz, Erik Anderson, Joseph > Potvin, David I. Lehn > Audio: > http://payswarm.com/minutes/2014-01-08/audio.ogg > > Dave Longley is scribing. > Manu Sporny: Any changes to the Agenda? > Evan Schwartz: None > > Topic: Update on Web Payments Workshop > > Manu Sporny: http://www.w3.org/2013/10/payments/ > Manu Sporny: The program committee is responsible for setting > the agenda for the workshop and saying which participants get to > talk on which topics, we're accepting position papers from a > variety of orgs, from them we will get a broad representation of > the topics across industries, etc. > Manu Sporny: From now until feb. 8th we can get in papers, > typically there is a mad rush at the end to get the papers in > Manu Sporny: The dates are on the landing page for the workshop > Manu Sporny: Workshop submissions are open now, we're taking two > types, first one is an expression of interest, you can attend > workshop by sending in 1-4 paragraphs with why your org wants to > attend and what you want to bring to the workshop, etc. > Manu Sporny: Low barrier of entry to the workshop > Manu Sporny: Other type is submitting a position paper, 1-5 > pages long, and should outline the set of problems you've > identified with respect to payments, or tech/policy issues > Manu Sporny: At this point, the thing that we need to do as the > web payments CG is to whip up interest about the workshop, get > orgs to at least send expression of interest (1-4 paragraphs), if > org is very involved in this space, have them submit a position > paper > Manu Sporny: We've gotten a couple of really interesting things > so far, we're trying to figure out a way to make them public if > we can sooner rather than later so people can see the types of > papers that are being submitted > Manu Sporny: Anything else on the web payments workshop? the > takeaway here is contact as many people as you can > Manu Sporny: There are only 100 spots, all orgs are limited to > sending 1 person right now, if we find out not all 100 seats are > taken up we will allow more than 1 person from an org > Manu Sporny: It can be an individual, not just an org > Manu Sporny: We just want unique ideas brought to the tables > Manu Sporny: If 3 papers have the same content, then the org > with the most influence will likely be invited > Erik Anderson: Would it behoove us to have a reporter from > someone who is active from the bitcoin community? > Manu Sporny: Usually the workshops are not very good venues for > reporters, it may cause orgs to clam up about the things they are > interested in, if the reporter wants to represent on how these > new techs might effect reporting online that would be a good idea > Manu Sporny: It's up to them, they can submit an expression of > interest and then the program committee will decide > Erik Anderson: Ok > Manu Sporny: We want the world to know this stuff is being > worked on, but we don't want to make the orgs that attend uneasy > about saying anything, so there's a balance > Joseph Potvin: Is it worth having a statement about the protocol > for reporting, etc.? > Manu Sporny: That's a good idea, it's hard to strike a balance, > we want people to talk about it, but we want them to talk about > it very accurately > Erik Anderson: The problem is that everything i do is public > record, this is a wide open standard, you can't control this > Joseph Potvin: The protocol i'm talking about is saying you can > talk about issues but not attribute them to anyone > Manu Sporny: In general we just need to discuss it a bit more > and clarify in the program committee > Manu Sporny: Personally, i agree with what eric said > Manu Sporny: I think the concern comes from a company saying > "hey that's cool" and a reporter running a line saying "google > says they are going to implement web payments" when they made no > such statement > > ACTION: Manu to suggest that the Web Payments Program Committee > publish a protocol for journalists and live bloggers at the Web > Payments Workshop. > > Topic: New web-payments.org website > > Manu Sporny: https://web-payments.org/ > Manu Sporny: Before the holiday break we raised the possibility > of rebranding payswarm to "web payments" because we didn't want > the message to be incorrect > Manu Sporny: Some people were getting the message that there's > one company that owns payswarm (inaccurate) and that it was being > promoted at the expense of other techs, when we really want the > message to be that we're working on payment solutions in general > for the web > Manu Sporny: At the same time, we can't just be a community that > talks about payment technologies instead of putting something > forward, the payswarm specs are the first set of specs that have > been submitted to the w3c under patent-free royalty-free > licenses, etc. > Manu Sporny: Following the w3c process for turning things over > to become a standard > Manu Sporny: So far it seems that people are fairly happy with > the rebranding and remessaging > Joseph Potvin: The website is excellent you did a great job on > it, it functions well, it's easy to find stuff, the text is great > Joseph Potvin: What's up with the pig? > Manu Sporny: It's meant to represent money, excesses of > humanity, etc. but if that has to be explained it's a bad logo, > other complaints have come in > Dave Longley: Manu also just loves his animal logos > Manu Sporny: I liked the universal sign for currency from joseph > Joseph Potvin: There are some questions in the communities i'm > involved in with price stabilization, etc. i'm wondering if > there's a way we can have a subgroup under web payments for that > Manu Sporny: I don't know, i imagine that's a question for the > community > Manu Sporny: My personal opinion is that if we get too far away > from technical standards people will drop off > Joseph Potvin: Maybe the web payments community group could have > sub groups for identity, technical, monetary issues (interaction > with the fed) > Manu Sporny: If we make multiple mailing lists things will > splinter and duplicates will occur, but that being said, if this > really needs to happen we can make a separate mailling list > Joseph Potvin: There are a few interests that are of great > interest to me and evidently not too many others on the list > Joseph Potvin: I'm seeing a lot of discussion outside of this > venue and this might be happening with some of the other > particular interests associated here, if there was some way to > link other activities into this sphere it may actually do the > opposite of splintering > Manu Sporny: A lot of the discussions do happen outside the > group, the identity stuff happens across about 5 different > mailing lists > Manu Sporny: Secure messaging is split across ietf and here > Manu Sporny: If you're communicating with people and just using > a big long list of email addresses, then that's a good case for > creating a subgroup > Joseph Potvin: An example: on different indices, i'm > collaborating with a few others to coordinate their work into > indices, people working on their own indexes (eg: retired from > IMF, retired from UK monetary authority). We have a common > interest in a venue for such indices and among us we talk about > how that could be used in the web payments venue; at least there > should be a way to bring others who might not be in this > discussion into the group. > Erik Anderson: You might want to talk with a contact in a large > financial industry about indexes > Manu Sporny: Do you want me to ask w3c staff to create a mailing > list for this? > Joseph Potvin: Does it make organizational sense for how you'd > like to see web payments as a CG/WG proceed ... does it make > sense to have subgroups? > Manu Sporny: W3C has had subgroups before, you can usually > identify a subgroup > Manu Sporny: Another mailing list is cheap, it's not a great > cost > Joseph Potvin: That would be good because i don't think there's > a lot of interest for what i'm working on > Joseph Potvin: In the CG, so i'd prefer to move those > discussions to a subgroup > Manu Sporny: Ok, send an email to the community about this and > we'll see what we can do > Manu Sporny: As always, anyone can submit an edit to the web > payments website, it's on github > Manu Sporny: https://github.com/web-payments/web-payments.org/ > Manu Sporny: I see that joseph has already used the github > interface to make some edits > Manu Sporny: It's a completely open website, anyone can submit > pull requests, etc. > Manu Sporny: We're fairly open about who can change what and > when > > Topic: Web Payments Workshop Position Paper > > Manu Sporny: http://www.w3.org/2013/10/payments/participate.html > Manu Sporny: In order to participate in the web payments > workshop, you have to do one of two things: submit expression of > interest or position paper > Manu Sporny: By design, we didn't mention the web payments CG in > the workshop body text, that allows us to then participate as the > CG > Manu Sporny: In order to do that i was thinking of writing a > position paper with all of the issues we've identified over the > 3+ years ... any solution for web payments on the web is going to > have to look at these things, X, Y, Z > Manu Sporny: Outlining all the specs we've worked on and the > reasons why we're working on them > Manu Sporny: We can start the discussion on what the CG has done > by submitting a position paper from the group > Manu Sporny: So the question is whether or not people think > that's a good idea, an alternative would be members submitting > their own papers > Manu Sporny: For instance, DB could submit a paper on payswarm > and Ripple on Ripple > Manu Sporny: We could do both of these things as well > Joseph Potvin: In the way that the agenda works, if it's one > position paper, does that mean it's only going to get one time > slot? > Manu Sporny: Yes, one presentation time slot, we still don't > know what the format for the workshop will be, the first half may > be presentation, the second may be an unconference format, > companies put their topics on a whiteboard and people pick what > they wnat to attend > Manu Sporny: I don't know is the short answer > Manu Sporny: There will be multiple ways to present topics at > the workshop, not just presentatino > Joseph Potvin: It might be useful if a composition paper from > the CG would have more than one section if they'd be submitted > separately > Joseph Potvin: Maybe it should be done by subject not by > individual companies > Manu Sporny: What the CG could do is present "these are what we > think the problems are" and we could have people provide more > specific information on each of those subjects > Manu Sporny: There's no strict format for how we get papers in > there > Manu Sporny: I just don't want the CG to write a paper that > makes it difficult for CG members to attend if they want to > Manu Sporny: Eg: if we submit a position paper with a section on > price indexes, then that means that you (joseph) would not be > able to submit another paper with more details > Manu Sporny: The CG paper could mention the problem but not go > into details, and then let you submit another paper > Joseph Potvin: Would the CG constitute one org? > Manu Sporny: Yes, and that's the problem > Manu Sporny: We don't want to shoot our members in the shoot > Manu Sporny: We could submit a paper as DB/CG and coordinate > with CG members to ensure we're not preventing them from > submitting their own paper > Manu Sporny: I think we we'll do is create a wiki page like we > did with the fed paper, i expect a 40% overlap with that paper > Manu Sporny: It will be targeted to the workshop, but we'll > raise the same issues about identity, using linked data, etc. > Joseph Potvin: You said the workshop is just to identify > problems not the solutions? > Manu Sporny: In general, that's the loose thought of the program > committee right now, we (the workshop) want to gather consensus > around what the pain points are with payments on the web today > and discuss how standards can address those > Manu Sporny: We might want to gloss over some of the techs that > could be standardized to address, but this isn't a sales pitch > thing, no org should try to do a sales pitch on their tech > > Topic: Web Identity Updates/Concerns > > Manu Sporny: We may just say this is a subset that we think > standardization can apply to > Manu Sporny: https://web-payments.org/specs/source/web-identity/ > Manu Sporny: So some of this started as a way to deal with KYC > for banks, so banks could do a web request and check a digital > signature on identity information and smooth the whole > transaction process > Manu Sporny: It is not trying to solve login on the web, there > are other mechanisms to do that > Manu Sporny: This should work with those other mechanisms, for > example, when you use persona, one of the pieces of information > that is transferred is your identity URL > Manu Sporny: Using that URL you can do discover on citizenship > information/age, etc. things of that nature > Manu Sporny: > > https://github.com/web-payments/web-payments.org/issues?labels=web-identity > Manu Sporny: We put the spec out in a very unfinished state > because we wanted to get those ideas out there > Manu Sporny: > https://plus.google.com/+ManuSporny/posts/94fooRHDb6T > Manu Sporny: We've got some feedback already > Manu Sporny: On google+ there has been a long discussion > involving people who work on identity on the web, and there's > concern there with overlap and reinventing the wheel, etc. > Manu Sporny: We could start going over the issues in the > identity tracker and try and figure out a general approach for > addressing those issues > Manu Sporny: The first issue that comes up with most people is > that the web identity spec doesn't distinguish itself from > existing solutions > Manu Sporny: We need to clarify that it's not a login solution > for the web, it is specifically not trying to solve that problem > Manu Sporny: It is trying to solve the problem of transferring > private information about yourself to another entity > Joseph Potvin: I worked with some people with the Canadian govt > with this, it's not about login, if people are in an agency that > gets subsumed by another one [missed], all of this becomes an > issue and a horrible mess over 5 years, etc. > Joseph Potvin: The identity issue is huge, it's not an area that > i know myself, if it's useful to have someone that has worked in > the bowels of that issue i can perhaps track someone down to get > some examples of that > Manu Sporny: Yes that would be very helpful, particularly > someone from govt, we hope to be able to let govts use this to > attach information to people's identity online > Manu Sporny: You should be able to store passport information > (encrypted) > Manu Sporny: Etc. > Manu Sporny: It would be even more helpful because if we can > talk to the right people in the canadian govt then we can talk to > them about adopting this as the way to do identity > Manu Sporny: This one integrates with banking so it might be a > different level of interest to them (vs. existing tech) > Joseph Potvin: They are the core procurement side of the govt so > they're dealing with [missed] as well as individuals [missed] > they expressed an interest in sharing what they've done > Manu Sporny: It would be great to get them on a call and make > sure the spec addresses their pain points > Manu Sporny: In general, we need more elaboration on what other > specs we looked at and why they didn't work well for the problem > in front of us > Manu Sporny: That's the first set of feedback that we've had > Manu Sporny: The other set of feedback is more of a technical > nature, dave longley, your feedback > Manu Sporny: > https://github.com/web-payments/web-payments.org/issues/14 > Manu Sporny: So the UK wants to write something to your > identity, you've logged in via persona, so they know where your > identity resides, the problem is that your identity provider will > have to say that "so and so is trying to write to your identity" > Manu Sporny: The question is, how do you ensure that the person > who is writing to your identity is who they say they are" > Dave Longley: It captures half of the concern, this is a concern > with reading or writing. [scribe assist by Manu Sporny] > Dave Longley: When some organization wants to access the > identity for reading, you need to know who you're giving that > information out to. It is a concerns with both read and write. We > need to have a way to do that. We may want to make it so that > people with identities will trust certain types of > identitifcation methods. [scribe assist by Manu Sporny] > Dave Longley: There are various ways we can approach this, maybe > HTTP Signatures only? [scribe assist by Manu Sporny] > Dave Longley: There needs to be some sort of trust network > behind it, they've said they're the UK Government, but do I know > if that's who they are? [scribe assist by Manu Sporny] > Dave Longley: We could do something similar to what WebID does, > piggyback over SSL certificates? [scribe assist by Manu Sporny] > Dave Longley: If someone wants to read/write to the URL, they > would serve the URL with SSL, if they try to read/write your > identity, you verify that the public key is from that URL and > that URL has a trusted certificate associated with it. [scribe > assist by Manu Sporny] > Dave Longley: That means that anyone that wants to read/write to > your identity must have an identity themselves. If anyone wants > to request your information, they should have some identity > information. Some trust network needs to be tapped into, maybe > the CA trust network. Some fields could be pulled from the SSL > cert so that you know you can trust them. [scribe assist by Manu > Sporny] > Dave Longley: That entire layer is missing from the spec, so > there is no way to know whether or not you should release your > information. [scribe assist by Manu Sporny] > Manu Sporny: The current state is that none of the identity > solutions verify who is doing that reading or writing > Manu Sporny: For example, when you log in via google or twitter, > it says "so and so is trying to read your information" ... the > don't verify anything they just say "are you ok with someone > reading this" > Manu Sporny: If you look at the flow that people are going > through it will likely make it ok in most cases > Manu Sporny: That's not to say it's ok, it's just that there are > varying degrees of information > Manu Sporny: In the case that something isn't verified, we > should throw up a big warning > Manu Sporny: If people don't want to see warnings then people > could associate public keys, etc. for other identities > Joseph Potvin: Is there a privacy model for this? > Manu Sporny: The openID-connect people would say "yes", but the > privacy implications of this is a piece of on going work > Manu Sporny: There is always new data that pops up > Manu Sporny: 5 Years ago we didn't worry about the NSA snooping > on everything and now we do > Manu Sporny: So some people would say "yes", but i think the > actual answer is no > Manu Sporny: We should engage with those groups working on it > Joseph Potvin: It just might be useful to point to say "our > approach to privacy comes from there" > Joseph Potvin: The whole area of ethics and expertise, etc. > Joseph Potvin: Conform the technologies with that model > Manu Sporny: There was a privacy group that was proposed but i > don't think it went anywhere... > Joseph Potvin: We can take that offline, it's a hot topic of the > year > Manu Sporny: http://www.w3.org/community/dntrack/ > Manu Sporny: http://www.w3.org/Security/ > Manu Sporny: http://www.w3.org/2011/07/security-ig-charter.html > David I. Lehn: Also, this: http://tools.ietf.org/wg/websec/ > [scribe assist by Manu Sporny] > Manu Sporny: Unfortunately, there's no one place to point to > this stuff > Manu Sporny: This became clear at the w3c technical plenary this > year, we realized 5-7 different groups were having this > discussion > Joseph Potvin: Just in terms of identifying requirements to work > towards > Manu Sporny: http://www.w3.org/community/custexpdata/ > Joseph Potvin: It could be that the privacy model is over there, > but when doing digital payments, there is no privacy, there is no > model for privacy assurance, that could be an answer, but it > would at least make a clear statement about what the model is, > etc. > > > > >
Received on Wednesday, 8 January 2014 22:37:20 UTC