W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > May 2015

RE: [payment arch] Credentials (was: Negotiation of payment terms)

From: <Joerg.Heuer@telekom.de>
Date: Fri, 15 May 2015 14:45:55 +0200
To: <msporny@digitalbazaar.com>
CC: <public-webpayments-ig@w3.org>
Message-ID: <FB5E170315856249A4C381355C027E450290340617B2@HE100041.emea1.cds.t-internal.com>
Hello Manu,

I guess we'll have some problem to differentiate between some sorts of credentials and sorts of payment instruments that basically don't do anything other than authenticating and identity. I'd think that a MasterCard authorization on a secure element represented in a user's payment tool doesn't constitute a credential, but a strong authentication credential might as well be the only representation of a payment instrument a user needs...

Thus, I wouldn't exclude payment from the credentials definition, but state that there are other - more complex - schemas for payment which are not credentials in this sense.

Cheers,
	Jörg

-----Original Message-----
From: Manu Sporny [mailto:msporny@digitalbazaar.com] 
Sent: Donnerstag, 14. Mai 2015 06:15
To: public-webpayments-ig@w3.org
Subject: Re: [payment arch] Credentials (was: Negotiation of payment terms)

On 05/13/2015 02:32 PM, David Jackson wrote:
> While this isn’t really part of the “payment” – I think we need to be 
> thinking of how the merchants of various types will want to handle the 
> relationship and how much “needs” to be known for the sale until trust 
> is established.  This differs for businesses which generally only do 
> one sale to the client (or very few).

Just a few thoughts on this thread, which I think is great and demonstrates that we need to think more deeply about the role that credentials play in the architecture that we'll be proposing by the end of summer.

1. Are we all using the same definition of "credential"? I suggest we re-use the definition that the Web Payments CG and the Credentials CG have painstakingly created over the last 2+ years:

https://docs.google.com/document/d/1Nq543-Am1hQUIZ2hhzAFl8KexvIEBwDDc_f3Ikz1opQ/edit


2. I don't think anyone is proposing that you need to be fully identified (give me your government-issued ID card, or you can't have this candy bar!) to make a purchase. We're talking about matching the level of trust needed to initiate a payment with the importance of the transaction. Candy bars can be purchased anonymously, liquor and other controlled substances require that the merchant and government know more about you.

3. We need to be careful about what falls into the category of a credential (coupons, proofs of age, proofs of address, government-issued ID cards, and loyalty cards that aren't also payment instruments) and things that are not credentials (payment instruments and digital receipts).

For those that are not familiar with the Credentials work that's happening in parallel to this group, make sure you read the draft executive summary:

https://docs.google.com/document/d/1Nq543-Am1hQUIZ2hhzAFl8KexvIEBwDDc_f3Ikz1opQ/edit


-- manu

--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Friday, 15 May 2015 12:46:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:35 UTC