Re: Payment Protected Resources -- Using HTTP 402

On Tue, May 27, 2014 at 5:30 PM, Melvin Carvalho
<melvincarvalho@gmail.com>wrote:

>
>
>
> On 27 May 2014 20:08, Andrei Sambra <andrei.sambra@gmail.com> wrote:
>
>> Hi Melvin,
>>
>>
>> On Tue, May 27, 2014 at 1:23 PM, Melvin Carvalho <
>> melvincarvalho@gmail.com> wrote:
>>
>>> Many of us are now using web ACLs on a regular basis.
>>>
>>> A rule may look like:
>>>
>>> <>
>>>     <http://www.w3.org/ns/auth/acl#accessTo> <.>, <> ;
>>>     <http://www.w3.org/ns/auth/acl#agent> <http://melvincarvalho.com/#me>
>>> ;
>>>     <http://www.w3.org/ns/auth/acl#mode> <
>>> http://www.w3.org/ns/auth/acl#Read>, <
>>> http://www.w3.org/ns/auth/acl#Write> .
>>>
>>> This essentially says that my user ID can have read and write access to
>>> the named resource.
>>>
>>> I thought it might be an interesting idea to extend this type of access
>>> control to allow payment protected resources.
>>>
>>> So each server will maintain a balance for each user, as is typical with
>>> many commercial business models these days.
>>>
>>> If the user does not have any credit the server will return a 402 HTTP
>>> response code, explaining the cost of the item and how they can top up
>>> their balance.  This could either be via a traditional payment method such
>>> as Euros, or, say, via a balance in crypto currencies, or as part of a
>>> loyalty / reward scheme that the web site issues.
>>>
>>> I'm wondering if we can extend the vocab we have to add payments?
>>>
>>> Perhaps a simple way would be to subclass #accessTo with #paidAccessTo
>>>
>>
>>  Why do you want to extend the WAC vocabulary? Why not just define that
>> relation outside WAC -- maybe in a Web payments vocabulary -- and instead
>> use it together with WAC?
>>
>
> Sure, it's not a big deal where exactly the predicate lives, more about
> what it will do.
>
> I referenced WAC because it might make sense to use owl:subClassOf
> http://www.w3.org/ns/auth/acl#accessTo
>
>
>> You also have to consider servers that do not do Web payments. How would
>> they interpret that rule if I switch from a server supporting this feature
>> to a server that does not support it?
>>
>
> Great question.
>
> So if I dropped this rule in today, it would probably be ignored by
> systems that did not support payments.  I think that's fine.
>

Yes, I was thinking along those lines myself.


>
> So if I write a system that supports payments, I think it would perhaps
> have to merge the two rules together to work out that a resource is payment
> protected?
>

Indeed, this rule only makes sense in the context of a system that knows
how to interpret it. It should and actually must not interfere with a more
generic system that implements WebACLs. I think this system should work in
most cases, since the extra rules are contextual.

-- Andrei


>
> I'm unsure the best way, so was hoping to brain storm ideas ...
>
>
>>
>> -- Andrei
>>
>>
>>>
>>> Then have in the ACL rule a simple payment amount (or rule)
>>>
>>> Then say something like:
>>>
>>> <#amount>  0.001^^BTC
>>>
>>> Anyone have any thoughts on whether this could be implemented?
>>>
>>
>>
>

Received on Wednesday, 28 May 2014 00:20:21 UTC