W3C home > Mailing lists > Public > public-rww@w3.org > May 2014

Re: Payment Protected Resources -- Using HTTP 402

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 27 May 2014 22:52:17 +0200
Message-ID: <5384FB01.4060009@gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, Melvin Carvalho <melvincarvalho@gmail.com>, Web Payments <public-webpayments@w3.org>, public-rww <public-rww@w3.org>
On 2014-05-27 22:42, Kingsley Idehen wrote:
> On 5/27/14 3:05 PM, Anders Rundgren wrote:
>> On 2014-05-27 19:23, Melvin Carvalho wrote:
>>> Many of us are now using web ACLs on a regular basis.
>>>
>>> A rule may look like:
>>>
>>> <>
>>> <http://www.w3.org/ns/auth/acl#accessTo> <.>, <> ;
>>> <http://www.w3.org/ns/auth/acl#agent> <http://melvincarvalho.com/#me> ;
>>> <http://www.w3.org/ns/auth/acl#mode>
>>> <http://www.w3.org/ns/auth/acl#Read>,
>>> <http://www.w3.org/ns/auth/acl#Write> .
>>>
>>> This essentially says that my user ID can have read and write access
>>> to the named resource.
>>>
>>> I thought it might be an interesting idea to extend this type of
>>> access control to allow payment protected resources.
>>>
>>> So each server will maintain a balance for each user, as is typical
>>> with many commercial business models these days.
>>>
>>> If the user does not have any credit the server will return a 402
>>> HTTP response code, explaining the cost of the item and how they can
>>> top up their balance.  This could either be via a traditional payment
>>> method such as Euros, or, say, via a balance in crypto currencies, or
>>> as part of a loyalty / reward scheme that the web site issues.
>>>
>>> I'm wondering if we can extend the vocab we have to add payments?
>>>
>>> Perhaps a simple way would be to subclass #accessTo with #paidAccessTo
>>>
>>> Then have in the ACL rule a simple payment amount (or rule)
>>>
>>> Then say something like:
>>>
>>> <#amount>  0.001^^BTC
>>>
>>> Anyone have any thoughts on whether this could be implemented?
>>
>> I must confess that I understand zilch of this.
>>
>> If this is something happening between the browser (user) and a server
>> in an authenticated session, it has no relevance in a standards context.
>>
>> If this is rather involving different servers or agents, you must
>> describe what they are and how they get access to this information.
>>
>> Anders
>
> Instead of Turtle (a notation for encoding and decoding information in
> the digital medium provided by the Web) here's the same question using
> English (yet another notation for encoding and decoding information, but
> for a different medium):
>
> Shouldn't I be able to use access controls (or even full blown attribute
> based data access policies) to drive financial transactions (i.e.,
> debits and credits) in a distributed network?

I only requested a reasonably clear description of the use-case including
the actors involved.

>
> Bitcoin is an example of open and distributed ledger that scales to the
> Internet. It will get even more interesting when like PKI (as
> exemplified by WebID, WebID-TLS, WebID-Profile, WebACLs) it becomes webby.
>
Received on Tuesday, 27 May 2014 20:52:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:10:46 UTC