RE: Web Payments IG - Payments Agent Task Force Meeting Friday, March 27th

Hi Jörg,

I trust you are well. I am sorry for the late reply. I was away on holiday until this morning, and discussed your proposal with my colleagues before I went.
Please find enclosed their feedback according to your proposal

"The table is quite extensive but I have the following comments:


·        The product column is a mixture of technology and application - for example MIFARE could be used for access control - hence the Reader could find it different to identify the context.

·        I think the 'comms 'column should be relabelled 'Type of transaction' or transaction interaction. With the content refined - in the example below it should read 'NFC' only - but in theory this should be 'cloud/NFC'
FIDO Authenticator

NFC/ on-device

SE



·        Also the 'Sec' should be relabelled something relating to where the credentials are stored (i.e. relabelled 'Credential store location')- as the content doesn't really represent the security mechanisms. With this change values labelled 'none' could be replaced with 'any' (with the exception with reference to the GSMA VAS as this would be cloud/SE based). Using this column as 'Credential stored' entries called HCE renamed as 'cloud' and remark noting HCE etc.

·        One entry I noticed that was missing was a row for eID or ePassports / Health cards etc..

Due to the mixture of applications and technology it is not easy to identify if something is missing."

Best regards,
Istvan


From: Joerg.Heuer@telekom.de [mailto:Joerg.Heuer@telekom.de]
Sent: 27 March 2015 13:17
To: public-webpayments-ig@w3.org; David_E3@VERIFONE.com
Subject: RE: Web Payments IG - Payments Agent Task Force Meeting Friday, March 27th

Hello all,

After some discussions on the 'big picture' of the web payments architecture and the 'wallet-oriented' architecture work I am trying to contribute, David asked me to create a list of 'things that would go into the wallet' - including those outside the immediate payment context. So I did. The result is inconsistent as hell and barley structured. Contents also vary between concrete specimens and abstract  use cases. However, most of them have a very solid background - several have already been implemented in my team. I was surprised by the length... but I invite you to contribute own ideas or concretizations of individual topics, where you think this might help to illustrate things better. E.g. I added a few Germany-specific solutions because I know them best; feel free to add examples from other regions.




Potential types of wallet contents, according to 'use' (not 'provision') scenario


Category

Product

Comm

Sec

Remarks

Payment

Closed loop payments

NFC

any

for enterprises, stadiums, entertainment parks, etc.


Crypto currency

online

Software

e.g. Bitcoin


EMVCo tokenization

NFC

SE


EMVCo tokenization

NFC

HCE


German direct debit 'Pay at Match'

NFC

SE


German direct debit 'Pay at Match'

NFC

HCE

to be developed


MasterCard PayPass

NFC

SE


MasterCard MasterPay

online

SE


VISA PayWave

NFC

SE


VISA Online Pay

online

SE


Vouchers

Prepaid/ Gift cards

NFC

SE


Voucher redemption

any

SE/ online


Payment VAS

Coupons EAN-based

optical

None

QR or barcode - or even keying in the number


Coupons EAN-based

NFC

None

e.g. GSMA VAS protocol


Coupons EAN-based

Plain ID

None


Coupons open wallet based

Key-in

None

TAN-based for multiple coupons at once


Coupons SmartTap-based

NFC

SE

Isis/ Softcard solution


Loyalty - point collecting card

online

any


Loyalty - point collecting card

optical

any


Loyalty - point collecting card

NFC

any


Plain customer number etc.

Plain ID

none


Shop check-in/ check-out

NFC/ BT

any


Sponsored offers

any

any

e.g. free parking upon purchase


Viral coupons

any P2P

SE

VIRALITY product by T-Systems/ LMU Munich spin-off


Tickets

Airline tickets

optical

Software

should change once better technology is available


Event tickets

optical

Software

e.g. CTS Eventim, Ticketbox


MIFARE-based tickets

NFC

SE


MIFARE DESFire tickets

NFC

SE


OSPT-based tickets

NFC

SE


Parking tickets

NFC

any

e.g. Contipark


Public transport tickets

NFC

SE

e.g. German VDV-KA


Turnstile tickets

NFC

any

e.g. SKIDATA


Credentialing

Age verification

NFC

SE

e.g. using biometry for personal authentication


Diploma, etc.

any

any

e.g. Open Badges


User-centric profile card

online

any

User data portability in virtual card


Voting paper

any

SE


Keys

Airline lounge access on loyalty

NFC

any

to be developed


Car keys

NFC

any

e.g. Continental


Coporate building access

NFC

any


Hotel room smart cards

NFC

any

e.g VingCard, and many other brands


Housing locks and keys

NFC

SE


Rental car keys

NFC

SE


ID/ AuthN

Club card

any

any


FIDO Authenticator

NFC/ on-device

SE

to be developed


GSMA Mobile Connect

SE

implicit connection, not too useful


Kantara UMA

online

Software

A 'user-friendly' implementation for transferrable UMA access credentials


OAuth Token

online

e.g. via OpenID Connect


One-Time Password Generator

any

SE

e.g. RSA key fobs, T-Systems OTP on SIM, etc.


Privacy with attribute-based credentials

any

SE

EU project ABC4Trust


User name/ Password

online

Software


VASCO Authentication

NFC/ on-device

SE/ Chipset

options under discussion


Other

Customer service tickets

online

any


Gamer profile card

online/ on-device

any


Gamer score card

online/ on-device

any


Personalized DRM

any

SE

to be developed


Pick-up slips

any

any


Smart Home permission control

any

any

fine grained access control for families and guests


Software permission/ DRM

NFC

SE

e.g. at media player, PC, NAS, ...


WiFi access vouchers

online

Software

for businesses as well as for private use


This list is far from complete.

Often more combinations of Comm/ Sec are conceivable.

In particular, some brands are named as examples, where many competitors might exist, using other technologies.

Combinations with biometry, voice, iris, etc. are possible.



Perhaps we can spend a few minutes in our upcoming call...

Cheers,

                Jörg

From: Heuer, Jörg
Sent: Donnerstag, 26. März 2015 21:41
To: public-webpayments-ig@w3.org<mailto:public-webpayments-ig@w3.org>
Subject: Web Payments IG - Payments Agent Task Force Meeting Friday, March 27th


Hi All,



Please find the agenda for the next payment agent task force meeting for Friday March 27th below.



==========

Web Payments IG - Payments Agent Task Force Meeting Friday, March 27th

Time: 13:30 UTC / 6:30am San Francisco / 9:30am Boston / 1:30pm London / 2:30pm Paris, Berlin / 9:30pm Hong Kong / 11:30pm Brisbane

Web Payments IG Telecon Bridge Phone US: +1.617.761.6200 x9729 ("WPAY")

IRC:

http://tinyurl.com/w3c-wpay

Duration: 60 minutes

Scribes: Zakim, need to assign scribe

==========

Rough Agenda Draft



1. Agenda Bashing

2. Re-instantiating scribe cycling...?

3. Editorial Timelines and Milestones for FPWD

4. Linking Payment Agent document to Use Cases document, naming of agents and wallets

5. Discussion on how to reflect / incorporate relevant linkages to standards (Erik A.'s email from last call)

6. Loyalty Cards, Coupons discussion from Dave R.'s email and discussion on the IG call

7. Discussion on how to represent host level capabilities/services and interfaces to payment agent (ex. biometrics, camera, etc)

8. Any additional feedback on document/diagrams to be incorporated

- Note: the current document will be posted here -> https://github.com/w3c/webpayments-ig/blob/master/latest/payment-agent/index.html



Please let us know if you have any updates to the agenda, questions, concerns or comments.

Looking forward to talking to everyone on the call.



Pat & Jörg


This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.