W3C home > Mailing lists > Public > public-credentials@w3.org > November 2019

Re: Proposed work item: WebKMS

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 25 Nov 2019 18:22:40 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, Adrian Gropper <agropper@healthurl.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <4cb198b8-4184-2153-3336-a15029360e9c@gmail.com>
On 2019-11-25 17:30, Manu Sporny wrote:
> On 11/24/19 6:59 PM, Adrian Gropper wrote:
>> I'm not sure how the various payment processing standards deal with
>> this problem.
> 
> I want to highlight that identity and payments are two of the hardest
> problem spaces in standards... this discussion sounds like it's headed
> down a path where we pull in payments, or start talking about payments.

I'm not suggesting that, the discussion was more of a spinoff from the WebKMS that (among many things) powers the Open Banking Wallet.

If I may comment on your proposed work item, I'm not entirely comfortable with the name because AFAIK the term KMS usually only refers to management of keys and not to cryptographic operations like sign, wrap, etc.

> Digital Bazaar was the founding organization for the Web Payments
> Community Group and later I was the person that sat in the room with W3C
> Management and figured out how we could bring payments to W3C... and
> given the "difficulties" that have plagued the Web Payments work from
> the beginning at W3C... I cannot underscore how important it is that we
> don't cross these two work streams.

The core problem was the W3C wanted to solve an all-encompassing "UI" problem and expected the other stuff (security & privacy) to be done by somebody else.  The latter didn't happen.

In spite of that, PaymentRequest for Android and presumably its counterpart for iOS, permit writing really cool Web enabled payment authorization systems including the one I'm working on.

The lack of adoption have not spurred a major rethink; the fact that 99% of the payment providers target native mobile wallets have not had any impact on the new charter either.

SRC?  I just don't get it.

> 
> You guys are playing with fire, and I'd just like to point out how badly
> this could all go if we start pulling payments in as an area of focus or
> discussion.

I may be playing with fire but I surely do not want any of that to reach the credentials work.

Anders


> 
> -- manu
> 
Received on Monday, 25 November 2019 17:22:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:19:03 UTC