- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 26 Aug 2014 21:17:18 -0400
- To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
On 08/26/2014 07:50 PM, Steven Rowat wrote: > On 8/24/14 1:08 PM, Manu Sporny wrote: >> Use Case: Given the permission of the participants (payer, payee, >> buyer, merchant) of a transaction, the transaction metadata can be >> used to discover additional attributes associated with those >> participants. For example, given the buyer's authorization, a >> merchant could query the identity URL for the buyer contained in a >> digital receipt and obtain an up-to-date email address. > > IMO, it would be best to add "opt-in" before "permission" in the > first sentence. If this isn't written into the spec then I believe > someone will abuse it and begin harvesting data about unsuspecting > users merely on the basis that they haven't opted-out, and explain it > as 'assumed permission'. Good point, done: https://www.w3.org/community/webpayments/wiki/index.php?title=UseCases&diff=905&oldid=904 > "Discover additional attributes", later in that sentence, is, after > all, the Web's current honeypot. I think there needs to be clarity > about who the owner of this honeypot is, and 'opt-in' might help nail > that down. +1 >> Use Case: Use an existing, widely deployed identity provider >> mechanism (i.e. OpenID Connect) to integrate with the digital >> credentials sharing and payments initiation process. > > As written, this could be interpreted as using *only* OpenID > Connect. Hmm, you're right, and that wasn't the intent. > Isn't that against the spirit of the open standard and W3C > expectations? Yes, it's against the spirit. > If the latter I think the wording needs to change. I've tried re-wording the text to make it more clear that we should consider a number of options. Changed the 'use case' to a 'design criteria'. Does this address your concern? https://www.w3.org/community/webpayments/wiki/index.php?title=UseCases&diff=906&oldid=905 -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Wednesday, 27 August 2014 01:17:49 UTC