W3C home > Mailing lists > Public > public-credentials@w3.org > April 2016

Re: Update on Web Payments Working Group [The Web Browser API Incubation Anti-Pattern]

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Wed, 6 Apr 2016 10:33:18 -0700
To: Fabio Barone <holon.earth@gmail.com>
Cc: Web Payments <public-webpayments@w3.org>, Credentials CG <public-credentials@w3.org>
Message-ID: <5705485E.5040800@sunshine.net>
On 4/6/16 7:26 AM, Fabio Barone wrote:
> I believe one scenario to achieve some of the ideals behind this group:
> - A decentralized evolution of the blockchain/bitcoin protocol
> (features: fast and easy confirmation of TX, no need to download 60GB
> of data in order to participate, and more)
> - Results in obliterating current financial powers and promises more
> open interactions
> - A strong interledger protocol, as THE blockchain should not exist
> IMHO, or we have a decentralized central single point of failure
> - Money NOT designed for scarcity, with built-in rules to shrink/grow
> the money supply according to REAL (and real-time) economic data
> - With reference to a tangible value for value accounting (how much is
> a bitcoin? It only holds value in reference to something else, and it
> fluctuates too much. Could be kWh)
> - Bake these underlying protocols into the web (via browsers or the
> evolution thereof).


And add these thoughts:

The way this CG group is headed, of accommodating the current 
financial/identity regimes, is in fact being developed in parallel by 
so many (dozens) of legal, political, and private corporation bodies 
in the world [see below], that I've come to the tentative conclusion 
that this CG has little or no chance of contributing much more to that 
form of the solution. Which, as you point out Fabio, may never work 
anyway for anyone: the world may be headed for a revolutionary shift 
to interledger and blockchains that achieves this, eventually.

My strong statement in the preceding paragraph is based on this: I 
followed the link Joseph Potvin provided (in the web-payments list 
version of this thread) to UNCITRAL:

> See: "UNCITRAL Colloquium on Identity Management and Trust Services" 21-22 April 2016, Vienna
> http://www.uncitral.org/uncitral/en/commission/colloquia/identity-management-2016.html

 From that page I followed each of three links that give comprehensive 
background papers in Identity Management, and which are required 
reading for the upcoming UNCITRAL conference. All three are PDFs. 
[1,2,3]. All interesting, but only the first two are parallel to the 
work of this CG -- but they are stunning in their comprehensiveness. 
Not only is much of what's being discussed here every day being 
explained in detail, but there is much beyond what's being discussed 
here. And the huge number of bodies working on the problem is laid out.

Here are two quotes from [2], (American Bar Association "Overview of 
identity management..."'). The Introduction opens with point #1, which 
is of clear relevance to the question raised in this CG of the need 
for an identity solution before payments can be solidified:

> 1. In 2011, an OECD report noted that “digital identity management is
> fundamental to the further development of the Internet economy.”1 It is a
> foundational requirement for all substantive forms of e-commerce.

Then in point #5 of the Introduction, which is long, and which I'm 
going to paste here in its entirety because that's my whole point (how 
big it is), there's the huge number of groups working in parallel on 
an identity solution, worldwide:

> 5. The critical importance of identity management in facilitating trustworthy
> e-commerce is well-recognized. Numerous intergovernmental groups, states, private
> international groups, and commercial entities are actively exploring identity
> management issues and opportunities, developing technical standards and business
> processes, and seeking ways to implement viable identity systems. For example:

> (a) Inter-governmental groups actively working on identity management
> issues and standards include the Organization for Economic Cooperation and
> Development (OECD),8 the International Organization for Standardization (ISO)9
> and the International Telecommunications Union (ITU);10

> (b) A survey undertaken by the OECD11 identified 18 OECD countries
> actively pursuing national strategies for identity management (Australia, Austria,
> Canada, Chile, Denmark, Germany, Italy, Japan, Luxembourg, Netherlands, New
> Zealand, Portugal, Republic of Korea, Slovenia, Spain, Sweden, Turkey, and United
> States of America).12 Several other countries, such as Estonia, India, and Nigeria are
> also actively pursuing such strategies;

> (c) Several regional identity projects are underway in the European Union,
> including PrimeLife (a project of the European Commission’s Seventh Framework
> Programme),13 the Global Identity Networking of Individuals — Support Action
> (GINI-SA),14 STORK (to establish a European eID Interoperability Platform),15 and
> the European Network and Information Security Agency (ENISA);16

> (d) Private organizations working on identity standards and policy at an
> international level include the Organization for the Advancement of Structured
> Information Standards (OASIS),17 the Open Identity Exchange (OIX),18 the Kantara
> Initiative,19 the Open ID Foundation,20 tScheme,21 and The Internet Society;22

> (e) Some commercial identity systems have been established and operate on
> a global scale in limited areas. These include those operated by the Transglobal
> Secure Collaboration Program (TSCP)23 and CertiPath24 for the aerospace and
> defence industries, the SAFE-BioPharma Association25 for the biopharmaceutical
> industry, IdenTrust26 for the financial sector, the CA/Browser Forum27 for website
> EV-SSL certificates, and FiXs — Federation for Identity and Cross-Credentialing
> Systems (FiXs).28 The work of these groups is focused primarily on technical
> standards and business process issues, rather than legal issues.

There is much more of interest in both [1] and [2], both as regards 
payments/commerce and identity/credentials (including already-in-use 
legal terminology like "relying party" for the person or body that 
consumes/uses/examines a credential) and I encourage any members of 
this list to read [1] and [2] in full.

I don't mean to imply that this CG has accomplished nothing; on the 
contrary, I think there's a good chance that the gradual rise of all 
these bodies' attempts to solve identity has been driven by groups 
such as this CG which have been raising the hue and cry about the need 
for a solution. Perhaps that rise in awareness of the need will  be 
all that is accomplished here. And perhaps it's enough.

Steven Rowat

[1] A/CN.9/854 - Possible future work in the area of electronic 
commerce - legal issues related to identity management and trust services

[2] A/CN.9/WG.IV/WP.120 - Overview of identity management - Background 
paper submitted by the Identity Management Legal Task Force of the 
American Bar Association

[3] A/CN.9/WG.III/WP.136 - Online dispute resolution for cross-border 
electronic commerce transactions: Submission by the Russian Federation
Received on Wednesday, 6 April 2016 17:33:51 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:41 UTC