Re: Strong authentication for PayPal versus WebPayments

On 2014-05-08 23:04, Manu Sporny wrote:
> On 05/08/2014 01:11 PM, Anders Rundgren wrote:
>> It seems that the Web Payment CG have found the holy grail, where 
>> linked data obviates the need for authentication in its traditional 
>> sense.
> 
> Sarcasm on a mailing list is rarely helpful, it's often misinterpreted
> and leads to further miscommunication, which eats into all of our
> precious time. :)

That wasn't my intention, I just didn't find any trace of the subject
line i Kingsley's reply.

> 
> Linked Data is just a means to an end. It's not a holy grail. No one has
> said that it obviates the need for authentication.
> 
> You need both Linked Data and strong authentication (among other
> technologies) to build a good Web-based payment solution. You need to be
> able to express all the complexities of a commercial transaction -
> expressing a product (HTTPS, Linked Data, digital signatures),
> expressing an offer for sale of said product (HTTPS, Linked Data,
> digital signatures), initiating payment (HTTPS, Authentication,
> Authorization, Linked Data, digital signatures), and finally delivering
> a digital receipt (HTTPS, Linked Data, digital signatures).
> 
> There are other things that you need to be able to do as well, such as
> clearing money between payment systems (ACH, Bitcoin, Ripple, etc.) and
> ensuring that licensing is expressed and consumed by the ecosystem.
> 
> We're actively trying to figure out where authentication, authorization,
> distributed clearing, etc. fits into the overall picture. We also need
> to understand if, after we put all of this stuff together, we have a
> solution that is both technically sound and that is also easy for
> developers to deploy.
> 
> We have this proposal on the table to address the NASCAR login problem,
> transmit payment provider details, and provide solid multi-factor
> authentication:
> 
> http://manu.sporny.org/2014/credential-based-login/
> 
> Outlining the problems that you see with that approach would be more
> helpful.

>From my point-of-view there's only problem: I don't understand how this
would be and how it could address the NASCAR login problem :-(

Anders

> 
> -- manu
> 

Received on Sunday, 11 May 2014 11:09:17 UTC