Re: We from Ian Jacobs on 2015-09-23 (public-webpayments-ig@w3.org from September 2015)

From: Ian Jacobs <ij@w3.org>
Date: Wed, 23 Sep 2015 16:55:53 -0500
To: Evgeny Vinogradov <jonny@yamoney.ru>
Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
Message-Id: <0D75B482-DBE4-4366-9FE3-638FCBD37CC2@w3.org>

> On Sep 23, 2015, at 10:37 AM, Evgeny Vinogradov <jonny@yamoney.ru> wrote:
> 
> Dear Interest Group,
> 
> I’ve few comments to share about the Web Payments Charter FAQ.

Thank you, Evgeny.

(As a side note, I expect the FAQ will need to be updated as we update the charter itself. For example, I think the diagram needs
to be adjusted in light of conversations that took place earlier this week.)

Some notes inline.

Ian

> 1. It is stated there that moving from 2-factor authentification standard to 3 Factor in one of the challenges. But do we really need that challenge? Probably we should replace it with something like "the lightest authentication possible for the relevant level of security". There are cases where we need to have the strongest authentication possible (e.g. cross-border payment of large sums), but at the same time there are cases when we use very light authentication - for example a small amount for a service that was paid by same person many times in the recent past.

I'‘m fine to make a change. What about this alternative:

 “Availability of different authentication methods depending on the required level of security."

> 
> 2. Second comment is about payment flow scheme (https://www.w3.org/Payments/IG/wiki/Web_Payments_WG_Charter_FAQ#What_payment_flows_will_the_standards_support.3F).
> There is a "Prompt user to: ... Confirm terms" point before "Send payment initiation response". However, not all terms can be known at this stage since there are other steps which can influence terms (e.g. on the side of Payee Web Application) after it. So "Confirm terms" should be moved to a position just before "Payments processing" and after Payment Initiation Response. Alternatively, another "Confirm contract details" step can be added instead, but I think gets too detailed.

I’ll see if Adrian’s available to help update the diagram and take this into account.
(Also, the text before the diagram also needs to be updated.)
> 
> 3. About credit push payment example. There it is stated “The payee (via the Web application) sends a payment completion request to the browser.” But it not necessarily the payee who makes this request. In cases like ours the payer is the one who sends a payment completion request for a wallet services, with the next step being to notify a payee.

I agree we need to review all these examples in light of the discussion this week about flow.

Thanks again for the review and stay tuned for edits to align with charter changes!

Ian
--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Wednesday, 23 September 2015 21:55:56 UTC