Web Payments Telecon Minutes for 2011-12-02

The minutes for today's call are now available here, thanks to Jeff 
Sayre for scribing:

http://payswarm.com/minutes/2011-12-02/

Full text of the discussion follows:

Web Payments Community Group Telecon Minutes for 2011-12-02

Agenda:
    http://lists.w3.org/Archives/Public/public-webpayments/2011Dec/0005.html
Facilitator:
    Manu Sporny
Scribe:
    Jeff Sayre
Present:
    Jeff Sayre, Manu Sporny, Mike Johnson, Jose 'Manny' De Loera,
    David I. Lehn

Jeff Sayre is scribing.
Manu Sporny:  Any updates to agenda?
No updates to the Agenda.

Topic: Buyer Registration

Manu Sporny:
 
http://payswarm.com/specs/ED/web-api/2011-09-26/#asset-acquirer-registration
Manu Sporny:  IRI is used to identify identity (buyer)
Manu Sporny: https://example.com/people/jane
Manu Sporny:  IRI is used to identify financial account
Manu Sporny: https://example.com/people/jane/accounts/primary
Manu Sporny:  Builds off of WebID work. Since system is
    decentralized, we need way of identifying things. IRIs are a good
    way to do that.
Manu Sporny:  Identities may be self minted or created by a
    3rd-party identity source
Mike Johnson:  The language is paragraph is not too clear before
    the three definitions.
Mike Johnson:  Why do they need an entity/identity account?
Mike Johnson:  ...versus just having a financial account. Why an
    entity account in addition to financial account?
Jose 'Manny' De Loera:  This process attempts to broaden
    description as why these three steps are required, correct?
Mike Johnson:  Financial transaction just gives identifier, it
    has nothing to do with actual identity (account info)
Manu Sporny:  Entity IRI was put in as the actual asset acquirer
    in the digital contract.
Mike Johnson:  Will system be tied to financial account or to a
    specific identity?
Mike Johnson:  The spec is not sufficiently clear why an entity
    IRI is needed
Manu Sporny:  We should change "entity IRI" to "identity IRI",
    since that's what we're using internally.
Manu Sporny:  We have identity IRIs because we need to be able to
    tie specific financial accounts to specific individuals
    (identities), we need to tie WordPress sessions to customer IDs
    (which are identity IRIs), we need to be able to manage multiple
    financial accounts per person, and because financial accounts may
    not always belong to the same person through time.
Jeff Sayre:  I like the change from entity to identity
Mike Johnson:  What happend when identity is transferred?
Manu Sporny:  This is why we have identity IRIs: tie identity to
    specific account. Second, identify user who goes to each site.
Mike Johnson:  We don't need to get rid of identity IRI. Instead,
    tie it to a financial account.
Jeff Sayre:  That does away with user-centric control, does it
    not?
Mike Johnson:  The things that owns the right to access account,
    is it the identity or the person behind it?
Mike Johnson:  Can we simplify all that goes into transactions by
    limiting the amount of identifying info in each contract?
Mike Johnson:  What happens when you sell/transfer an account? Is
    it tied to an identity?
Jeff Sayre:  In my view, identity is the most atomic piece of
    datum that any transaction needs to store. [scribe assist by Manu
    Sporny]
Jeff Sayre:  I think it's fundamental that identity is not only
    captured in an individual contract, but is also the underlying
    electricity in the whole transaction. [scribe assist by Manu
    Sporny]
Jeff Sayre:  What happens when you transfer an account? An
    account or a series of accounts can be transferred... once it is
    transferred, the new identity is now the new owner. [scribe
    assist by Manu Sporny]
Jeff Sayre:  Identity IRIs are crucial to capturing the context.
    [scribe assist by Manu Sporny]
Mike Johnson:  In the current financial system identity is
    abstracted in financial transactions.
Mike Johnson:  How can we facilitate anonymous accounts?
Mike Johnson:  Not sure the best way to approach this, but it is
    important to look at info stored to protect privacy or at least
    more loosely tie in ID info.

Topic: Identity Privacy

Mike Johnson:  Does an asset buyer have to give out ID or just
    associate their account?
Manu Sporny: In PaySwarm, we have a Profile (usename/password),
    which can contain N identities, each identity can contain M
    financial accounts
Manu Sporny:  Some IDs can be anonymous
Manu Sporny:  With an anon-ID, it would not be possible (at least
    not easily) traceable to a physical entity.
Jeff Sayre:  When I use the word identity, I use it in a
    different way than many folks do - online, identity is just an
    identifier - that's what I mean. [scribe assist by Manu Sporny]
Manu Sporny:  When we say identity we mean identifier - that
    identifier can refer to a person, organization, dog, cat, tree,
    etc.
Jeff Sayre:  Yes, that makes sense - we may want to use
    'identifier' instead of 'identity' - but that may raise another
    set of arguments/confusions. [scribe assist by Manu Sporny]
Mike Johnson:  Even though our system is designed so that a given
    user can have a particular identity (name, address, etc.), it
    would be nice to allow purchases to be made that give the
    purchaser a level of abstraction, that gives them some anonymity.
Mike Johnson:  It is a subtle difference that we may not want to
    support in PaySwarm 1.0, but providing the option for user
    anonymity is an important consideration. We may want to change
    the spec language to be more description of what is meant.
Jose 'Manny' De Loera:  Depending on what you want to be
    anonymous about may be a bigger issue. How are we going to be
    able to deal with the consequences of questionable transactions?
David I. Lehn: Also, it's not completely anonymous. it's just the
    authority choosing not to share who an identity belongs to.
David I. Lehn: Though a totally anonymous authority working with
    bitcoins or something would be possible in theory, I think
Manu Sporny:  There are limits to the kind and level of anonymity
    that PaySwarm will offer. The system still allows for legal
    authorities, when necessary, to discover true owners of anonymous
    accounts... however, to address Mike's question - we do deal with
    anonymity in the system now.
Manu Sporny:  PaySwarm is not like Bitcoin that is strongly
    anonymous. We need to be aware of the issues with strong
    anonymity and make sure that a sufficiently level of protection
    (both for buyers and vendors and society) is offered.
Mike Johnson:  I agree with these points. PaySwarm will be a much
    more powerful tool if we establish that questionable activity
    must be investigated by enforcement services and not the PaySwarm
    Authorities.
Mike Johnson:  Although a user can have multiple online IDs, they
    must be tied to an actual real-world entity.
Mike Johnson:  The point is that we facilitate some identity
    abstraction between parties.
Mike Johnson:  We need to be aware of what info is captured in
    transactions and what is mandated.
Manu Sporny:  The current spec simply mandates two IRIs without
    stating that it ties (captures) the specific identities of each
    party.
Mike Johnson:  Bank transaction do not mandate an actual person
    be verified before a transaction is processed. All that is
    required is that an verifiable account is used.
Manu Sporny:  We will continue discussing the registration
    process on our next call.
Manu Sporny:  Next call December 16, 2011.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
http://manu.sporny.org/2011/payment-links/

Received on Friday, 2 December 2011 21:05:54 UTC