W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > May 2015

Re: [Payments Architecture] A vision statement for the web payments architecture work

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Wed, 20 May 2015 19:28:03 +0200
Message-ID: <CA+eFz_LRG22SNs4y=4UeUiE0cj00BwEaky5XDLmAVfmAO3Q6Gg@mail.gmail.com>
To: Joseph Potvin <jpotvin@opman.ca>
Cc: Web Payments IG <public-webpayments-ig@w3.org>, Web Payments CG <public-webpayments@w3.org>
Thanks for these. I think the first is a great improvement and I'll just
copy it verbatim.

I am not convinced that direct reference to UNCITRAL in such a high level
document is the right approach. Bear in mind that while these are "global"
model laws there is not legislation based on these models enacted in all
territories.

I think these models provide a great reference for what must be considered
but should not be the framework upon which we base legal and regulatory
compliance of this architecture.

I also don't think we should change "regulatory" to "legal" as there are
obligations that are set by regulators that must be considered. I know you
will argue that these regulators are empowered by law but in some cases
(such as a payment scheme mandate) non-compliance is not really illegal.

On 20 May 2015 at 18:13, Joseph Potvin <jpotvin@opman.ca> wrote:

> I would like to offer the follow two adjustments to the "Vision Statement"
>
> ***
>
> CURRENT TEXT:
> *Increases payers' choice of how to make payments.* We seek to enable
> people to pay with their preferred payment instruments and payment schemes
> and to increase the choice of payment instruments and payment schemes
> available to them.
>
> PROPOSED:
> *Provides payees and payers unencumbered knowledge and choice in how to
> undertake payments.* It is consistent with purpose of the Web to enable
> payees to receive payments, and payers to pay, using their preferred
> payment instruments and payment schemes. The Web payments architecture must
> not restrict these choices.
>
> ***
>
> CURRENT TEXT:
> *Facilitates compliance with regulatory obligations.* The Web is a global
> system and thus we do not believe we will conceive of a payments
> architecture that satisfies all regulatory obligations in detail. The
> group, therefore, envisions a minimal set of “hooks” that enable different
> parties to meet the regulatory requirements in their jurisdictions.
>
> PROPOSED:
> *Facilitates compliance with legal obligations.* As the Web is a global
> system, the Web payments architecture will align to current official
> interpretations of the UNCITRAL Model Law on International Credit Transfers
> [1] and the UNCITRAL Model Law on Electronic Commerce [2]. It is left to
> implementers and users to meet the legal requirements in their
> jurisdictions of operation.
>
> [1] UNCITRAL Model Law on International Credit Transfers
> http://www.uncitral.org/uncitral/en/uncitral_texts/payments.html
> [2] UNCITRAL Model Law on Electronic Commerce
> http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce.html
>
>
> --
> Joseph Potvin
> Operations Manager | Gestionnaire des opérations
> The Opman Company | La compagnie Opman
> jpotvin@opman.ca
> Mobile: 819-593-5983
>
>
> On Wed, May 20, 2015 at 11:45 AM, Ian Jacobs <ij@w3.org> wrote:
>
>>
>> > On May 20, 2015, at 10:39 AM, Katie Haritos-Shea GMAIL <
>> ryladog@gmail.com> wrote:
>> >
>> > I propose to add privacy in the sentence:
>> > Supports a wide spectrum of security and privacy needs to meet industry
>> > and regulatory expectations.
>> >
>> > I would also add that the word accessibility be added to the sentence
>> as well, as it also falls under industry and regulatory expectations.
>>
>> I prefer that we focus in that bullet on Security. Accessibility is
>> covered earlier in the doc.
>> Ian
>>
>> >
>> >
>> >
>> > * katie *
>> >
>> > Katie Haritos-Shea
>> > Senior Accessibility SME (WCAG/Section 508/ADA/AODA)
>> >
>> > Cell: 703-371-5545 | ryladog@gmail.com | Oakton, VA | LinkedIn Profile
>> | Office: 703-371-5545
>> >
>> > From: Adrian Hope-Bailie [mailto:adrian@hopebailie.com]
>> > Sent: Wednesday, May 20, 2015 10:07 AM
>> > To: Kepeng Li
>> > Cc: David Ezell; Ian Jacobs; Manu Sporny; Web Payments IG; Web Payments
>> CG
>> > Subject: Re: [Payments Architecture] A vision statement for the web
>> payments architecture work
>> >
>> > All suggestions incorporated.
>> >
>> > On 20 May 2015 at 08:48, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
>> >> > Supports a wide spectrum of security needs to meet industry and
>> >> >regulatory expectations.
>> >>
>> >>
>> >> I propose to add privacy in the sentence:
>> >> Supports a wide spectrum of security and privacy needs to meet industry
>> >> and regulatory expectations.
>> >>
>> >>
>> >> In the use case document, we have already mentioned some privacy
>> >> requirements, and we have also talked about minimizing the exposure of
>> >> sensitive information in the subsequent bullets.
>> >>
>> >> Thanks,
>> >>
>> >> Kind Regards
>> >>
>> >> Kepeng Li
>> >> Alibaba Group
>> >>
>> >>
>> >> 在 20/5/15 8:25 am, "David Ezell" <David_E3@VERIFONE.com> 写入:
>> >>
>> >> >That's good.
>> >> >
>> >> >-----Original Message-----
>> >> >From: Ian Jacobs [mailto:ij@w3.org]
>> >> >Sent: Tuesday, May 19, 2015 8:07 PM
>> >> >To: David Ezell
>> >> >Cc: Manu Sporny; Web Payments IG; Web Payments CG
>> >> >Subject: Re: [Payments Architecture] A vision statement for the web
>> >> >payments architecture work
>> >> >
>> >> >* PGP Signed by an unknown key
>> >> >
>> >> >
>> >> >> On May 19, 2015, at 3:10 PM, David Ezell <David_E3@VERIFONE.com>
>> wrote:
>> >> >>
>> >> >> Hi Folks:
>> >> >>
>> >> >> Ian wrote:
>> >> >>> * Supports a wide spectrum of security needs to meet industry and
>> >> >>>regulatory expectations.
>> >> >>>   To meet regulatory requirements and give people enough
>> confidence to
>> >> >>>use the Web for
>> >> >>>   payments, the architecture must support a wide spectrum of
>> security
>> >> >>>requirements and
>> >> >>>   solutions. This includes the ability to encrypt strongly both
>> >> >>>sensitive information and the
>> >> >>>   channels used to exchange the information, as well as supporting
>> an
>> >> >>>evolving variety of
>> >> >>>   authentication techniques (multifactor, biometric, etc.). Trust
>> in
>> >> >>>the Web of payments
>> >> >>>   is critical to its success.
>> >> >>
>> >> >> Yes, all good.  Gives a list of things that will be included.
>> Somehow
>> >> >>(and there's a lot there already) I think it should say what we will
>> >> >>attempt >not< to require.
>> >> >> Perhaps a second bullet for clarity:
>> >> >> "* Minimizes (eliminates?) reliance on Personally Identifiable
>> >> >>Information (PII) to fulfill any requirements.”
>> >> >
>> >> >How about:
>> >> >
>> >> >* Supports a wide spectrum of security needs to meet industry and
>> >> >regulatory expectations.
>> >> >   Trust in the Web of payments is critical to its success.
>> >> >   To meet regulatory requirements and give people confidence to use
>> the
>> >> >Web for
>> >> >   payments, the architecture must support a wide spectrum of security
>> >> >requirements and
>> >> >   solutions. This includes minimizing what sensitive information is
>> >> >shared as well as the ability
>> >> >   to encrypt that information (both in transit and when stored). The
>> >> >architecture will also need
>> >> >   to support an evolving variety of authentication techniques
>> >> >(multifactor, biometric, etc.).
>> >> >
>> >> >Ian
>> >> >
>> >> >--
>> >> >Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
>> >> >Tel:                       +1 718 260 9447
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >* Unknown Key
>> >> >* 0x0ECB09CB
>> >> >________________________________
>> >> >This electronic message, including attachments, is intended only for
>> the
>> >> >use of the individual or company named above or to which it is
>> addressed.
>> >> >The information contained in this message shall be considered
>> >> >confidential and proprietary, and may include confidential work
>> product.
>> >> >If you are not the intended recipient, please be aware that any
>> >> >unauthorized use, dissemination, distribution or copying of this
>> message
>> >> >is strictly prohibited. If you have received this email in error,
>> please
>> >> >notify the sender by replying to this message and deleting this email
>> >> >immediately.
>> >>
>>
>> --
>> Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
>> Tel:                       +1 718 260 9447
>>
>>
>>
>>
>
>
>
>
Received on Wednesday, 20 May 2015 17:28:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:35 UTC