Re: Use of URNs for PMIs from Roy McElmurry on 2016-08-10 (public-payments-wg@w3.org from August 2016)

From: Roy McElmurry <rvm4@fb.com>
Date: Wed, 10 Aug 2016 01:36:07 +0000
To: Adam Roach <abr@mozilla.com>, Ian Jacobs <ij@w3.org>
CC: Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <F33C7152-F43F-4921-A1E1-ADBB0BDDD475@fb.com>

After this week’s meeting I can work to incorporate all these ideas into the PMI spec if that is what the group decides.

From: Adam Roach <abr@mozilla.com>
Date: Tuesday, August 9, 2016 at 12:00 PM
To: Ian Jacobs <ij@w3.org>
Cc: Web Payments Working Group <public-payments-wg@w3.org>
Subject: Re: Use of URNs for PMIs
Resent-From: <public-payments-wg@w3.org>
Resent-Date: Tuesday, August 9, 2016 at 12:01 PM

On 8/9/16 13:33, Ian Jacobs wrote:

On Aug 8, 2016, at 5:30 PM, Adam Roach <abr@mozilla.com><mailto:abr@mozilla.com> wrote:

On 8/8/16 17:26, Ian Jacobs wrote:

 1. It must be possible for the Working Group to mint a payment method identifier for any payment method.

    1a) The Working Group uses URNs with a root namespace registered with the IETF.

    1b) W3C is the only entity that can allocate names within that namespace.

    1c) Names are allocated by Working Group decision. We don’t expect to allocate many names.

    1d) We can come up with a variety of ways to publish those names

I think that works.

 2. It must be possible for the anyone to mint a payment method identifier for a payment method under their control.

    2a) Those parties can use whatever mechanism they want, other than URNs within the W3C namespace.

I would personally be happier if we limited it to (a) URLs under the control of the entity minting the payment method,

I don’t know how we enforce that.

The same way we do everything else: we state it in a spec, and people follow it or they don't.

 And I’m not sure of the need to restrict it thusly.

So you'd be okay with Paypal deciding to assign a PMI of "https://www.w3c.org/payment-type/paypal"<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.w3c.org_payment-2Dtype_paypal&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=tXBGx0tWRjAj_vRS8ntQhQ&m=JfJ6FNks1Y5Z5PM1E-z4jZblo-KhsqkQ3b-JUGUJHCc&s=8tV9grMN-I2A3YnqEHxtTaNr6CpFRPeb3r-FI_lDM4s&e=> to a "Paypal" payment type?

The overall point here is that by nominally restricting URL PMIs to be under the control of the issuing entity, that entity can ensure uniqueness. If people start grabbing URLs from domains other than their own, you're going to end up with collisions.

and (b) URNs conforming to RFC 3406 (leaving it open for other entities to register new URN namespaces for this purpose if they so desire). I'm not comfortable with an "any string you want" approach.

I think we agree that PMIs should be URNs or URLs. We have a few options, including:

 * Update the PMI spec to say URLs or URNs. (Today it says URLs)

 * Update the PMI spec to say URIs (which includes both)

What I propose above is the second thing.

--
Adam Roach
Principal Platform Engineer
Office of the CTO

Received on Wednesday, 10 August 2016 01:36:41 UTC