- From: Nick Telford-Reed <nicktr@gmail.com>
- Date: Wed, 12 Dec 2018 13:29:27 +0000
- To: lawrence.cheng@barclays.com
- Cc: Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CAMJ+GngetrdGhp6uq3gnnNT-F2te9HgEERzM3ftETLKMBhhYNQ@mail.gmail.com>
Hi Lawrence · Would it be fair to anticipate that the SRC consumer experience would be some-what similar to (say) PayPal’s or Amazon Pay’s? (e.g. login with a (SRC) credential, then select a card to pay) I'd say this feels like a fair assumption as one of the more lively user experiences/flows. In WPWG terms, this feels like a payment handler, but could also be in the payment sheet in the browser in certain implementations (where a user is "logged in" to a browser, for example) · After (say) I have login with my SRC credential (for simplicity let’s say using username and password), when the SRC Initiator queries the SRC systems with a Customer Profile Request, am I correct that each of the SRC systems would be able to “map” my SRC username to my corresponding account with each of the SRC systems (and the subsequent downstream systems), and therefore they know who I am and would be able to return the digital cards associated to me in the Customer Profile Response? My reading is that it's probably the SRC Initiator that has to do this mapping to each of the SRC systems. The question of user binding is something that some people have asked me about. I'm thinking about trying to write a second blog about user identity/assurance/verification/authentication. Would others in the group be interested in such a thing? Nick On Tue, 11 Dec 2018 at 09:59, <lawrence.cheng@barclays.com> wrote: > Hi Nick, > > > > Thanks for sharing the link, helpful info. > > > > Apologies I wasn’t on the call last week and the following topic may have > been covered already: > > · Would it be fair to anticipate that the SRC consumer experience > would be some-what similar to (say) PayPal’s or Amazon Pay’s? (e.g. login > with a (SRC) credential, then select a card to pay) > > · After (say) I have login with my SRC credential (for simplicity > let’s say using username and password), when the SRC Initiator queries > the SRC systems with a Customer Profile Request, am I correct that each of > the SRC systems would be able to “map” my SRC username to my corresponding > account with each of the SRC systems (and the subsequent downstream > systems), and therefore they know who I am and would be able to return the > digital cards associated to me in the Customer Profile Response? > > > > Thanks, > > > > Lawrence > > > > > > *From:* Nick Telford-Reed [mailto:nicktr@gmail.com] > *Sent:* 29 November 2018 07:53 > *To:* Web Payments Working Group > *Subject:* SRC blog > > > > This message originated from outside our organisation and is from web > based email - nicktr@gmail.com > > Hello all > > Folliwing my presentation to the last working group call, have written up > my thoughts on SRC and our work in WPWG and published it on my blog: > https://adventuresinpayments.blogspot.com/2018/11/secure-remote-commerce-and-wpwg-some_27.html > <https://clicktime.symantec.com/a/1/tVtKIr8PyUmBNta2-mlu9buGza5QQXzPFRrgJCNOlFE=?d=FApOPtA96shV3QLt7breE9orWGL4OaTQhN3-L_gnaCn4c5pkeL8kYJLkMUxHbEuzBtEwDkMzNmduyrz14JYDQsp2_OeD15Z7u-YbI5HmuU2SKF56ChIVBn2qntvevbDa74yBl-7AZycqYegMAUnMNVFQDHEq8EQAQjkJXhx6I74pnpZjmeTQgNsRgsWwDgcmiPdB6w2HU1Y8sj6_CrbdFmMOuaQcuGfM-agAluA-_TKm5phk5o3VxzGurET_RvxwtgLV1NzaHZ5KLJ1DRrZD4EPgEt20eldBIQ_bENOiDiYbDZdF3IYS2My8DOSnyva5IleccSOcdefYn5DGn_QX8Ek22oTRQFOiFMGjoEWpDLfqpguXIRpWKJGEWfsRSCxCe4MXUVrBr1CKxJEV0IHd5HX4YW8-EXNd6eMPelltyYE5vIzKerlzwwEgLA%3D%3D&u=https%3A%2F%2Fadventuresinpayments.blogspot.com%2F2018%2F11%2Fsecure-remote-commerce-and-wpwg-some_27.html> > > > > Please let me know what you think and feel free to weigh in - comments are > open. > > > > Thanks > > Nick > > -- > Nick Telford-Reed > e: nicktr@gmail.com > m: +447538177619 > > This e-mail is sent on behalf of Barclays Bank UK PLC and/or one or more > of its subsidiaries. This e-mail and any attachments are confidential and > intended solely for the addressee and may also be privileged or exempt from > disclosure under applicable law. If you are not the addressee, or have > received this e-mail in error, please notify the sender immediately, delete > it from your system and do not copy, disclose or otherwise act upon any > part of this e-mail or its attachments. > > Internet communications are not guaranteed to be secure or virus-free. > Barclays Bank UK PLC and its subsidiaries do not accept responsibility for > any loss arising from unauthorised access to, or interference with, any > Internet communications by any third party, or from the transmission of any > viruses. Replies to this e-mail may be monitored by Barclays Bank UK PLC, > its subsidiaries and/or Barclays Group service companies for operational or > business reasons. > > Any opinion or other information in this e-mail or its attachments that > does not relate to the business of Barclays Bank UK PLC and its > subsidiaries, is personal to the sender and is not given or endorsed by > Barclays Bank UK PLC and its subsidiaries. > > Barclays Bank UK PLC. Authorised by the Prudential Regulation Authority > and regulated by the Financial Conduct Authority and the Prudential > Regulation Authority (Financial Services Register No. 759676). Registered > in England. Registered No. 9740322. > > Barclays Insurance Services Company Limited is a subsidiary of Barclays > Bank UK PLC. Barclays Insurance Services Company Limited is authorised and > regulated by the Financial Conduct Authority (Financial Services Register > No. 312078). Registered in England. Registered No. 973765. > > Barclays Investment Solutions Limited is a subsidiary of Barclays Bank UK > PLC. Barclays Investment Solutions Limited is authorised and regulated by > the Financial Conduct Authority (Financial Services Register No. 155595). > Registered in England. Registered No. 2752982. > > Barclays Asset Management Limited is a subsidiary of Barclays Bank UK PLC. > Barclays Asset Management Limited is authorised and regulated by the > Financial Conduct Authority (Financial Services Register No. 505543). > Registered in England. Registered No. 6991560. > > The registered office for all of the above companies is 1 Churchill Place, > London, E14 5HP. > > For further information on Barclays Bank UK PLC, its subsidiaries and > trading names please refer to our website: > www.barclays.co.uk/important-information/email-disclaimer > -- m: 07538177619 e: nicktr@gmail.com or nick@telford-reed.com
Received on Wednesday, 12 December 2018 13:30:01 UTC