Re: [Payments Architecture] A vision statement for the web payments architecture work from Ian Jacobs on 2015-05-20 (public-webpayments-ig@w3.org from May 2015)

From: Ian Jacobs <ij@w3.org>
Date: Wed, 20 May 2015 10:45:45 -0500
To: Katie Haritos-Shea GMAIL <ryladog@gmail.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, Kepeng Li <kepeng.lkp@alibaba-inc.com>, David Ezell <David_E3@verifone.com>, Manu Sporny <msporny@digitalbazaar.com>, Web Payments IG <public-webpayments-ig@w3.org>, Web Payments CG <public-webpayments@w3.org>
Message-Id: <9ACBFE63-E00A-4B4B-9A02-5FD8020A753E@w3.org>

> On May 20, 2015, at 10:39 AM, Katie Haritos-Shea GMAIL <ryladog@gmail.com> wrote:
> 
> I propose to add privacy in the sentence:
> Supports a wide spectrum of security and privacy needs to meet industry
> and regulatory expectations.
> 
> I would also add that the word accessibility be added to the sentence as well, as it also falls under industry and regulatory expectations.

I prefer that we focus in that bullet on Security. Accessibility is covered earlier in the doc.
Ian

> 
> 
> 
> * katie *
> 
> Katie Haritos-Shea
> Senior Accessibility SME (WCAG/Section 508/ADA/AODA)
> 
> Cell: 703-371-5545 | ryladog@gmail.com | Oakton, VA | LinkedIn Profile | Office: 703-371-5545
> 
> From: Adrian Hope-Bailie [mailto:adrian@hopebailie.com]
> Sent: Wednesday, May 20, 2015 10:07 AM
> To: Kepeng Li
> Cc: David Ezell; Ian Jacobs; Manu Sporny; Web Payments IG; Web Payments CG
> Subject: Re: [Payments Architecture] A vision statement for the web payments architecture work
> 
> All suggestions incorporated.
> 
> On 20 May 2015 at 08:48, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
>> > Supports a wide spectrum of security needs to meet industry and
>> >regulatory expectations.
>> 
>> 
>> I propose to add privacy in the sentence:
>> Supports a wide spectrum of security and privacy needs to meet industry
>> and regulatory expectations.
>> 
>> 
>> In the use case document, we have already mentioned some privacy
>> requirements, and we have also talked about minimizing the exposure of
>> sensitive information in the subsequent bullets.
>> 
>> Thanks,
>> 
>> Kind Regards
>> 
>> Kepeng Li
>> Alibaba Group
>> 
>> 
>> 在 20/5/15 8:25 am， "David Ezell" <David_E3@VERIFONE.com> 写入:
>> 
>> >That's good.
>> >
>> >-----Original Message-----
>> >From: Ian Jacobs [mailto:ij@w3.org]
>> >Sent: Tuesday, May 19, 2015 8:07 PM
>> >To: David Ezell
>> >Cc: Manu Sporny; Web Payments IG; Web Payments CG
>> >Subject: Re: [Payments Architecture] A vision statement for the web
>> >payments architecture work
>> >
>> >* PGP Signed by an unknown key
>> >
>> >
>> >> On May 19, 2015, at 3:10 PM, David Ezell <David_E3@VERIFONE.com> wrote:
>> >>
>> >> Hi Folks:
>> >>
>> >> Ian wrote:
>> >>> * Supports a wide spectrum of security needs to meet industry and
>> >>>regulatory expectations.
>> >>>   To meet regulatory requirements and give people enough confidence to
>> >>>use the Web for
>> >>>   payments, the architecture must support a wide spectrum of security
>> >>>requirements and
>> >>>   solutions. This includes the ability to encrypt strongly both
>> >>>sensitive information and the
>> >>>   channels used to exchange the information, as well as supporting an
>> >>>evolving variety of
>> >>>   authentication techniques (multifactor, biometric, etc.). Trust in
>> >>>the Web of payments
>> >>>   is critical to its success.
>> >>
>> >> Yes, all good.  Gives a list of things that will be included.  Somehow
>> >>(and there's a lot there already) I think it should say what we will
>> >>attempt >not< to require.
>> >> Perhaps a second bullet for clarity:
>> >> "* Minimizes (eliminates?) reliance on Personally Identifiable
>> >>Information (PII) to fulfill any requirements.”
>> >
>> >How about:
>> >
>> >* Supports a wide spectrum of security needs to meet industry and
>> >regulatory expectations.
>> >   Trust in the Web of payments is critical to its success.
>> >   To meet regulatory requirements and give people confidence to use the
>> >Web for
>> >   payments, the architecture must support a wide spectrum of security
>> >requirements and
>> >   solutions. This includes minimizing what sensitive information is
>> >shared as well as the ability
>> >   to encrypt that information (both in transit and when stored). The
>> >architecture will also need
>> >   to support an evolving variety of authentication techniques
>> >(multifactor, biometric, etc.).
>> >
>> >Ian
>> >
>> >--
>> >Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
>> >Tel:                       +1 718 260 9447
>> >
>> >
>> >
>> >
>> >* Unknown Key
>> >* 0x0ECB09CB
>> >________________________________
>> >This electronic message, including attachments, is intended only for the
>> >use of the individual or company named above or to which it is addressed.
>> >The information contained in this message shall be considered
>> >confidential and proprietary, and may include confidential work product.
>> >If you are not the intended recipient, please be aware that any
>> >unauthorized use, dissemination, distribution or copying of this message
>> >is strictly prohibited. If you have received this email in error, please
>> >notify the sender by replying to this message and deleting this email
>> >immediately.
>> 

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Wednesday, 20 May 2015 15:46:05 UTC