[wbs] response to 'Call for Review: Payment Request API and Payment Method Identifiers are W3C Proposed Recommendations' from James Rosewell via WBS Mailer on 2021-10-28 (public-new-work@w3.org from October 2021)

From: James Rosewell via WBS Mailer <sysbot+wbs@w3.org>
Date: Thu, 28 Oct 2021 20:18:01 +0000
To: public-new-work@w3.org
Message-Id: <wbs-8647400ffd242be3d5df40800c7f77dd@w3.org>

The following answers have been successfully submitted to 'Call for Review:
Payment Request API and Payment Method Identifiers are W3C Proposed
Recommendations' (Advisory Committee) for 51Degrees by James Rosewell.

Regarding the "Payment Request API" specification, the reviewer suggests
the document not be published as a Recommendation [Formal Objection] (your
details below).

Additional comments about the specification:
Had we been members of the W3C at the time the Web Payments Working
Group were chartered in December 2019 we would have requested changes to
the charter so that the objective of the group narrowed to the definition
of requirements for web primitives that can be used for many use cases and
not a single sector’s use cases. We agree with the points related to
generic handlers made in post titled “The State of W3C Web Payments in
2017” and will not repeat them here [1].

If W3C charter groups to advance specific sectors such as payment we lose
much of the utility of the web. Where do we stop? Payments? Advertising?
Insurance? Travel? Education? Medical?

We believe the web should be like "lego" with the minimum number of
“brick types” so that may use cases can be solved and innovation can
flourish.

At the moment there is no defined scope limit. We advocate for the W3C to
adopt clear scope limits for its work.

We ask the Web Payments Group amend their charter to promote generic
primitives for payment use cases rather than re-submitting the existing
charter should they seek to re-charter in December 2021.

As we were not members when the group was charter we must rely now on the
Formal Objection process to express these views. For this reason we
Formally Object to the proposal and would rather the specification were
replaced with one that is generic and solves many use cases.

In addition to the policy issue outline we have the following specific
issues with the proposed document as drafted.

1. Section 1.0 states the “specification describes an API that allows
user agents (e.g., browsers) to act as an intermediary between three
parties in a transaction”. The majority of the editors past and present
are from a single user agent vendor. Given new evidence related to that
vendor [2] W3C Director should conduct a more rigorous review of the
unintended consequences of this specification before progressing to avoid
the specification being used to perpetuate disintermediation associated
with the web that detracts from the mission of the W3C or provides user
agents unwarranted influence over the web. Payment and advertising are the
two essential drivers of the web economic model.

2. Section 1.1 does not describe a problem to be solved. The first item
states “Allow the user agent to act as intermediary between a merchant,
user, and payment method provider.” This should be changed to one or more
user problems that will be solved. There should also be reference to the
author (aka publisher). Implementers needs are third in the list of
constituents.

We observe the following policy inconsistencies between this specification
and other proposals being developed in W3C at the moment. They do not form
part of the Formal Objection.

3. Section 2.6 of specification relies on iframes for the passing of
sensitive information. This appears to be inconsistent with approaches
taken in other areas such as sharing information in cookies or local
storage.

4. Section 14.4 leaves the encryption of data to the payment methods to
determine. This is inconsistent with other approaches to data sharing
between parties.

5. Section 14.7 prompts requirements around data sharing that have been
dismissed in other forums.

6. Section 15 related to accessibility seems somewhat light.

[1] http://manu.sporny.org/2017/w3c-web-payments/
[2]
https://storage.courtlistener.com/recap/gov.uscourts.nysd.564903/gov.uscourts.nysd.564903.152.0_1.pdf
- In relation to Project NERA, now Privacy Sandbox. Google documents reveal
that Google’s motive was to “successfully mimic a walled garden across
the open web [so] we can protect our margins.”

Answers to this questionnaire can be set and changed at
https://www.w3.org/2002/09/wbs/33280/payments-pr-2021/ until 2021-10-28.

Regards,

The Automatic WBS Mailer

Received on Thursday, 28 October 2021 20:18:05 UTC