Re: [Payments Architecture] A vision statement for the web payments architecture work

All true, however the architecture should assume that we will secure basic
things like message content and sensitive data and credentials and...

I think the statement "Secure by design" says enough without saying too
much don't you?

On 19 May 2015 at 11:33, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

>
>
> On 19 May 2015 at 11:08, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
>
>> Hi Melvin,
>>
>> Are you referring to this line:
>> * Secure by design
>>
>
> Yes
>
>
>>
>> I agree with what you're saying but I don't think it's necessary to strip
>> this statement out completely. I think it's important that we state that
>> the design is intended to promote security, however that ultimately
>> translates into the implementation.
>>
>> Do you have a suggestion for an alternative wording?
>>
>
> I dont.  I envision web payments ecosystem to be self healing,
> decentralized and fault tolerant.  It's quite difficult to put that into a
> vision statement, because highly connected, scale invariant systems, tend
> to be self organizing.  For example, when dealing with family members, you
> may need low security, but when buying health insurance, higher security.
>
>
>>
>>
>> On 19 May 2015 at 08:58, Melvin Carvalho <melvincarvalho@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On 18 May 2015 at 14:58, Adrian Hope-Bailie <adrian@hopebailie.com>
>>> wrote:
>>>
>>>> The IG are trying to finalize a short vision statement for the work we
>>>> are undertaking, specifically with regards to the architecture we will be
>>>> developing, for payments on the Web.
>>>>
>>>> The document is intended to express the technical principles we
>>>> consider important in the design of the architecture and I'd appreciate
>>>> some input on it's content.
>>>>
>>>> The document is also intended to be short, less than a page, and as
>>>> such not too detailed. It's purpose is to frame the design and allow all
>>>> stakeholders to agree up front that we are aligned on our vision.
>>>>
>>>> The audience should be broad, and not necessarily payments or Web
>>>> technology experts, but since this is related to the design of a technical
>>>> architecture the content will be technical.
>>>>
>>>> Please have a look at the first draft of this document and send me your
>>>> feedback.
>>>>
>>>> https://www.w3.org/Payments/IG/wiki/Payment_Agent_Task_Force/Vision
>>>>
>>>
>>> Personally I would scratch the part on security.  Not because I dont
>>> value security, but because it's quite a subjective term.  Satoshi said, "A
>>> certain per centage of fraud is accepted as unavoidable".  I prefer that
>>> kind of wording.  Also, security can come at the expense of growth and
>>> scalability.  The value proposition of the web is not as a secure system,
>>> much like the post office, telephone or email, but rather, as a highly
>>> connected self organizing system capable of unexpected reuse.  Systems like
>>> bitcoin and ripple are relatively secure but dont scale too well, systems
>>> like the web are relatively insecure but scale well.  What we have tended
>>> to notice with large systems is that security increases with scale.
>>>
>>>
>>>>
>>>> Thanks,
>>>> Adrian
>>>>
>>>> p.s. Thanks Ian Jacobs for the initial work in getting this started.
>>>>
>>>
>>>
>>
>

Received on Tuesday, 19 May 2015 09:54:18 UTC