Re: Linked Data for "Tokenization Elimination" from Anders Rundgren on 2015-09-15 (public-webpayments@w3.org from September 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 15 Sep 2015 04:15:13 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>, public-webpayments@w3.org
Message-ID: <55F77F31.8090905@gmail.com>

Kingsley,

1. I never said it was JSON-LD
2. That the URI didn't resolve is because it isn't published (yet)
3. The purpose of the posting was purely to get feedback on the concept for challenging tokenization which BTW is pretty much what SET did some 18 years ago modulo linked data.

Anders

On 2015-09-14 23:28, Kingsley Idehen wrote:
> On 9/13/15 12:10 AM, Anders Rundgren wrote:
>> Hi Guys,
>>
>> I'm not much into linked data but suddenly I had inadvertently (!)
>> "reinvented" some flavor
>> of that anyway.  My attempt to replace the (in practice) very
>> centralized Tokenization concept
>> with a (Provider-wise) fully distributed system requires published
>> "Authority" objects by
>> Payment providers (banks) and Card processors (aka Acquirers).
>>
>> Authority objects contain the following:
>> - An entity signature which can be checked for correctness (like is
>> this acquirer authentic?)
>> - Current entity encryption keys
>> - A URL for posting transaction requests
>>
>> Payment providers are supposed to get the applicable Card processor's URL
>> through the Merchant's requests.  The payment processor in turn in
>> turn use
>> the encryption keys to protect card data when returning the response
>> to the Merchant.
>>
>> {
>>    "@context": "http://xmlns.webpki.org/webpay/v1",
>>    "@qualifier": "Authority",
>>    "authorityUrl": "https://cardprocessor.com/webpay-acquirer/authority",
>>    "transactionUrl": "https://cardprocessor.com/webpay-acquirer/acquire",
>>    "encryptionParameters":
>>      {
>>        "dataEncryptionAlgorithm": "A128CBC-HS256",
>>        "keyEncryptionAlgorithm": "ECDH-ES",
>>        "publicKey":
>>          {
>>            "type": "EC",
>>            "curve": "P-256",
>>            "x": "NnHSMo1XizSBAba3pLMLwjpEHTF9E1tVAdWSoOFMI1I",
>>            "y": "1GdQEZwRUkFy6m2uaCffDwsAWKnfEP_LqcC9ONcjBbE"
>>          }
>>      },
>>    "timeStamp": "2015-09-13T03:16:59Z",
>>    "expires": "2016-09-13T00:00:00Z",
>>    "signature":
>>      {
>>        "algorithm": "ES256",
>>        "signerCertificate":
>>          {
>>            "issuer": "CN=Acquirer Network Sub CA5,C=US",
>>            "serialNumber": "1441431165234",
>>            "subject":
>> "CN=cardprocessor.com,2.5.4.5=#1306383039393536,C=US"
>>          },
>>        "certificatePath":
>>          [
>>            "MIIBvzCCAWOgAwIBAgIGA....V4zaPKWtOj1Cs1AJyVV0A",
>>            "MIIDdDCCAVygAwIB....SgxJhJMBY90ltRkY4kTHWqv-"
>>          ],
>>        "value": "nd_KH6RAavU3qDT8TQd....KpqdPbzypIULjRaAGSqvI1jxQ"
>>      }
>> }
>>
>> BTW, try to do this using IETF JOSE and you'll see why JOSE won't make
>> it in payments!
>>
>> WDYT?
>>
>> Anders
>
> Linked Data means HTTP URIs resolve. Your context uses a URI that
> doesn't resolve.
>
> RDF != XML (where HTTP URIs utility got utterly mangled).
>
> Best you pass your JSON-LD through some verifiers [1][2]
>
> Links:
>
> [1] http://rdf.greggkellogg.net/distiller
> [2] http://json-ld.org/playground/ .
>

Received on Tuesday, 15 September 2015 02:15:52 UTC