Re: Payment Protected Resources -- Using HTTP 402 from Anders Rundgren on 2014-05-28 (public-webpayments@w3.org from May 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 28 May 2014 07:27:17 +0200
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: Web Payments <public-webpayments@w3.org>, public-rww <public-rww@w3.org>
Message-ID: <538573B5.5050306@gmail.com>
On 2014-05-27 23:23, Melvin Carvalho wrote:
>
>
>
> On 27 May 2014 22:52, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2014-05-27 22:42, Kingsley Idehen wrote:
>
>         On 5/27/14 3:05 PM, Anders Rundgren wrote:
>
>             On 2014-05-27 19:23, Melvin Carvalho wrote:
>
>                 Many of us are now using web ACLs on a regular basis.
>
>                 A rule may look like:
>
>                 <>
>                 <http://www.w3.org/ns/auth/acl#accessTo> <.>, <> ;
>                 <http://www.w3.org/ns/auth/acl#agent> <http://melvincarvalho.com/#me> ;
>                 <http://www.w3.org/ns/auth/acl#mode>
>                 <http://www.w3.org/ns/auth/acl#Read>,
>                 <http://www.w3.org/ns/auth/acl#Write> .
>
>                 This essentially says that my user ID can have read and write access
>                 to the named resource.
>
>                 I thought it might be an interesting idea to extend this type of
>                 access control to allow payment protected resources.
>
>                 So each server will maintain a balance for each user, as is typical
>                 with many commercial business models these days.
>
>                 If the user does not have any credit the server will return a 402
>                 HTTP response code, explaining the cost of the item and how they can
>                 top up their balance.  This could either be via a traditional payment
>                 method such as Euros, or, say, via a balance in crypto currencies, or
>                 as part of a loyalty / reward scheme that the web site issues.
>
>                 I'm wondering if we can extend the vocab we have to add payments?
>
>                 Perhaps a simple way would be to subclass #accessTo with #paidAccessTo
>
>                 Then have in the ACL rule a simple payment amount (or rule)
>
>                 Then say something like:
>
>                 <#amount>  0.001^^BTC
>
>                 Anyone have any thoughts on whether this could be implemented?
>
>
>             I must confess that I understand zilch of this.
>
>             If this is something happening between the browser (user) and a server
>             in an authenticated session, it has no relevance in a standards context.
>
>             If this is rather involving different servers or agents, you must
>             describe what they are and how they get access to this information.
>
>             Anders
>
>
>         Instead of Turtle (a notation for encoding and decoding information in
>         the digital medium provided by the Web) here's the same question using
>         English (yet another notation for encoding and decoding information, but
>         for a different medium):
>
>         Shouldn't I be able to use access controls (or even full blown attribute
>         based data access policies) to drive financial transactions (i.e.,
>         debits and credits) in a distributed network?
>
>
>     I only requested a reasonably clear description of the use-case including
>     the actors involved.
>
>
> There's no single use case.  It's a bit like asking what is the use case of the UNIX file system, there's no single answer, but it can serve a number of purposes.

A UNIX file system use-case AFAIK only consists of two actors, the system itself and a process that wants to use it.


>
> Let me give one.
>
> As a user Alice would like to read premium articles from her favourite blogs.  The blog charges Alice 5 tokens to read the content.  If Alice has credit with the server, it will debit her balance.  If not Alice is given instructions on how to increase her balance

This does in no way address my questions.


>
> As a server operator, it is possible to add a meta file to an article such that when a user tries to access it, it will either debit a fixed amount from the account or send an HTTP 402 response (payment required) with instructions to add credit.
>
> If you're not familiar with the work at the W3C and RECs, such as Turtle, Linked Data, Linked Data Platform, Access Control, Ontologies in RDF then perhaps the implementation details may not be clear to you.  However, it seems that we can almost implement most of what we need using *existing* W3C standards and a tiny amount of glue. This could allow some interesting development to happen using existing technology.

The most important thing in a payment scenario are the actors and their roles.  Linked Data in not a panacea.  If there are only two actors, HTML is all you need.



>
>
>
>         Bitcoin is an example of open and distributed ledger that scales to the
>         Internet. It will get even more interesting when like PKI (as
>         exemplified by WebID, WebID-TLS, WebID-Profile, WebACLs) it becomes webby.
>
>
>
Received on Wednesday, 28 May 2014 05:27:54 UTC