W3C home > Mailing lists > Public > public-payments-wg@w3.org > August 2016

Re: CfC on publishing HTTP API and Core Messages - ACTION REQUIRED

From: Jeffrey Burdges <jeffrey.burdges@inria.fr>
Date: Mon, 22 Aug 2016 15:13:48 +0200
Message-ID: <1471871628.11550.107.camel@inria.fr>
To: public-payments-wg@w3.org
On Thu, 2016-08-11 at 09:47 +0000, Telford-Reed, Nick wrote:

> At the F2F in London there was support [1] for issuing a Call for
> Consensus (CFC) to publish two specifications:
> 
> 1. The HTTP API
> 
>     https://w3c.github.io/webpayments-http-api/
> 
> 2. The Core Messages API
> 
>     https://w3c.github.io/webpayments-core-messages/
> 

Taler and Inria supports creating an HTTP API.  There are plenty of
payment situations where Javascript should not be required.  

We remain unclear on the development process of W3C specifications.  We
support publishing these FPWD under the understanding that doing so in
necessary to focus people's energy on them, and that publishing a
working draft does not cast various questionable parts in stone.  We
find the specifications' text itself often premature.  

Some HTTP API shortcomings : 

- Needs error handling URLs for failed payments.

- We're concerned about the placement of the contract in the HTTP
request, i.e. header vs body. 

Some Core Message API shortcomings : 

- Various parts seem unclear or underspecified. 

- Repeating all of information in the payment response (2.2) seems
redundant and wastes upstream bandwidth.  We'd recommend identifying
previously seen contracts by a cryptographic hash of canonicalized
JSON. 

- Amounts being expressed as strings in the Core Message API invites
several types of overflow attacks on poorly implemented wallets.  In
Taler, we constrain values to be 53bit integers so that Javascript can
represent them correctly.

At present, I'm unable to consult Inra about intellectual obligations,
as the French take long vacations in August.  I cannot imagine anything
here being an issue though.  And our team has no conflicts obviously.

Best,
Jeff



Received on Monday, 22 August 2016 13:14:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:19 UTC