- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 9 Sep 2024 04:17:37 +0200
- To: W3C Credentials Community Group <public-credentials@w3.org>
Hi Credential Folks, As you probably know, some people have [rightly] noted that "paying for stuff" is a very important and frequent activity, making payments an obvious target for wallets, including the EU wallet. Apparently multiple efforts are in the workings for the EUIDW. Unfortunately for EU consumers, there seem to be multiple organizations involved, while none that stand out as responsible. I have not even been able to figure out what the objectives are in more practical terms, including how the designs stack up against Apple Pay. WALLET SOLUTIONS Rather than hoping on a miracle, I took my old JSON-based Saturn wallet project, and redressed it in Deterministically Encoded CBOR, as well as changing the document format from PDF to HTML. Here is an early release: https://cyberphone.github.io/wallet-core/doc Note that the revised Saturn wallet does neither build on the ARF nor on OpenID4VP. As a comparison you may take a peek at a more compliant effort: https://github.com/digitallabor-berlin/eudiw-sca/blob/main/openbanking-r2s.md#sca-based-on-openid4vp-using-openbanking It is claimed to build on https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html. However, this [quite complex] document does currently not mention the word "payments". Personally, I don't see the point mixing specifications that are related to the identity of end-users with payments, since latter rather represent the transfer of value, preferably without revealing information about the Payers (end-users) to untrusted parties like Merchants. In fact, the added complexity may prove to be detrimental to the project in its entirety! THE WALLET-2-BANK INTERFACE Although creating a wallet may be hard, this is nothing compared to the task of getting it integrated in payment backends. The EU efforts depend on that legal requirements will FORCE banks to implement support for whatever they come up with. Since there is no consensus or attempt creating a common specification, I believe we are in for a pretty major backlash. In addition, the current Open Banking concept seems way too rigid for dealing with multiple and evolving payment wallets. In spite of currently being just an empty shell, https://github.com/cyberphone/open-banking-2.0/tree/main?tab=readme-ov-file#open-banking-20 should hopefully give you an idea what I'm advocating as an alternative to single-minded, non-scalable, per-bank solutions like the Berlin Group's "Signed Payment Request". Cheers, Anders
Received on Monday, 9 September 2024 02:17:43 UTC