Re: Distinctions between Payments CG, Payments Workshop, and web-payments.org

On 01/09/2014 04:30 PM, Martin Hepp wrote:
> However, I think he makes two points that we should address:
> 
> 1. We need a "meta-architecture" and document that makes clear that 
> for payment, as for any other component of the Web, there is and will
> always be variety and choice, i.e. that the CG is not aiming at 
> standardizing payment per se on the Web; just providing frameworks 
> for innovation. My impression is that the current message could be 
> interpreted as stepping onto existing territory. That causes hefty 
> reactions and is unnecessary for innovative approaches. Let 
> traditional users be happy with Paypal and credit cards, and let 
> Payswarm and Bitcoin and other approaches gradually complement the 
> array of choices.

+1, that's a much better, and more accurate, way of putting it.

> 2. He is right that claiming to address the issues of security and 
> identity as a whole at Web scale is way outside the abilities of a 
> CG, WG, or even the W3C as a whole. People who work e.g. in credit 
> card fraud detection can tell you that this is an area where 
> standards bodies like the W3C have very little to contribute to a 
> real solution, same as a W3C WG on "Malware Protection" would likely
>  contribute little to protecting people from malware. This is simply
>  because the challenge in both cases is the quality of execution and
>  the optimization of implementations rather than the standardization
>  of interfaces.

+1, although I think we may be talking past each other. I agree with
everything you say above. I think it's a miscommunication that we're
working on "all things security" or "all things identity". The only
things related to security and identity that we're working on here are
the bits that are missing, that no one else is working on. The work gets
incubated here and then shoved off to another standardization group that
wants to pick the work up. That's what happened with a few of the RDFa
features. That's what happened with JSON-LD, and that's what's happening
with the HTTP Signatures specifications. For the latter two, the work
was kickstarted here because the technology was needed to solve a
specific problem.

I think what might be going on is that we have those 6 "cards" on the
landing page, and people are thinking that what we're working on is more
broad than it is. If you click on the title of each card, it'll take you
directly to the documents that we're writing. So, if you click on
"Identity", you get sent here:

https://web-payments.org/specs/#identity

The only thing under that entry is a single document, which is this one:

https://web-payments.org/specs/source/web-identity/

The title of the document is misleading (maybe we should name it "Web
Access Control"?), but it's basically a way to do read/write of Linked
Data on your personal online identifier. It doesn't try to re-invent
login, we depend on Persona to do that (and could depend on OpenId,
potentially?)... but in any case, it's a very specific spec that doesn't
exist anywhere else. So, we're not trying to tackle all of identity...
we just have a single, fairly narrow spec to deal with how you prove to
a bank, financial institution, or government that you are who you say
you are.

> So the scope should be reduced to the realistic core of the 
> challenges addressed with the available resources, and the links to 
> other fields should be made explicit.

We have the beginnings of that here:

http://www.w3.org/community/webpayments/wiki/WebPaymentsCommunityGroupCharterProposal#Dependencies_or_Liaisons

Thanks for the feedback, we're trying to wrap it into our charter and to
the landing page of the website:

https://github.com/web-payments/web-payments.org/issues/20

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
http://www.w3.org/2013/10/payments/

Received on Monday, 13 January 2014 03:45:26 UTC