- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 02 Dec 2011 16:05:20 -0500
- To: Web Payments <public-webpayments@w3.org>
The minutes for today's call are now available here, thanks to Jeff
Sayre for scribing:
http://payswarm.com/minutes/2011-12-02/
Full text of the discussion follows:
Web Payments Community Group Telecon Minutes for 2011-12-02
Agenda:
http://lists.w3.org/Archives/Public/public-webpayments/2011Dec/0005.html
Facilitator:
Manu Sporny
Scribe:
Jeff Sayre
Present:
Jeff Sayre, Manu Sporny, Mike Johnson, Jose 'Manny' De Loera,
David I. Lehn
Jeff Sayre is scribing.
Manu Sporny: Any updates to agenda?
No updates to the Agenda.
Topic: Buyer Registration
Manu Sporny:
http://payswarm.com/specs/ED/web-api/2011-09-26/#asset-acquirer-registration
Manu Sporny: IRI is used to identify identity (buyer)
Manu Sporny: https://example.com/people/jane
Manu Sporny: IRI is used to identify financial account
Manu Sporny: https://example.com/people/jane/accounts/primary
Manu Sporny: Builds off of WebID work. Since system is
decentralized, we need way of identifying things. IRIs are a good
way to do that.
Manu Sporny: Identities may be self minted or created by a
3rd-party identity source
Mike Johnson: The language is paragraph is not too clear before
the three definitions.
Mike Johnson: Why do they need an entity/identity account?
Mike Johnson: ...versus just having a financial account. Why an
entity account in addition to financial account?
Jose 'Manny' De Loera: This process attempts to broaden
description as why these three steps are required, correct?
Mike Johnson: Financial transaction just gives identifier, it
has nothing to do with actual identity (account info)
Manu Sporny: Entity IRI was put in as the actual asset acquirer
in the digital contract.
Mike Johnson: Will system be tied to financial account or to a
specific identity?
Mike Johnson: The spec is not sufficiently clear why an entity
IRI is needed
Manu Sporny: We should change "entity IRI" to "identity IRI",
since that's what we're using internally.
Manu Sporny: We have identity IRIs because we need to be able to
tie specific financial accounts to specific individuals
(identities), we need to tie WordPress sessions to customer IDs
(which are identity IRIs), we need to be able to manage multiple
financial accounts per person, and because financial accounts may
not always belong to the same person through time.
Jeff Sayre: I like the change from entity to identity
Mike Johnson: What happend when identity is transferred?
Manu Sporny: This is why we have identity IRIs: tie identity to
specific account. Second, identify user who goes to each site.
Mike Johnson: We don't need to get rid of identity IRI. Instead,
tie it to a financial account.
Jeff Sayre: That does away with user-centric control, does it
not?
Mike Johnson: The things that owns the right to access account,
is it the identity or the person behind it?
Mike Johnson: Can we simplify all that goes into transactions by
limiting the amount of identifying info in each contract?
Mike Johnson: What happens when you sell/transfer an account? Is
it tied to an identity?
Jeff Sayre: In my view, identity is the most atomic piece of
datum that any transaction needs to store. [scribe assist by Manu
Sporny]
Jeff Sayre: I think it's fundamental that identity is not only
captured in an individual contract, but is also the underlying
electricity in the whole transaction. [scribe assist by Manu
Sporny]
Jeff Sayre: What happens when you transfer an account? An
account or a series of accounts can be transferred... once it is
transferred, the new identity is now the new owner. [scribe
assist by Manu Sporny]
Jeff Sayre: Identity IRIs are crucial to capturing the context.
[scribe assist by Manu Sporny]
Mike Johnson: In the current financial system identity is
abstracted in financial transactions.
Mike Johnson: How can we facilitate anonymous accounts?
Mike Johnson: Not sure the best way to approach this, but it is
important to look at info stored to protect privacy or at least
more loosely tie in ID info.
Topic: Identity Privacy
Mike Johnson: Does an asset buyer have to give out ID or just
associate their account?
Manu Sporny: In PaySwarm, we have a Profile (usename/password),
which can contain N identities, each identity can contain M
financial accounts
Manu Sporny: Some IDs can be anonymous
Manu Sporny: With an anon-ID, it would not be possible (at least
not easily) traceable to a physical entity.
Jeff Sayre: When I use the word identity, I use it in a
different way than many folks do - online, identity is just an
identifier - that's what I mean. [scribe assist by Manu Sporny]
Manu Sporny: When we say identity we mean identifier - that
identifier can refer to a person, organization, dog, cat, tree,
etc.
Jeff Sayre: Yes, that makes sense - we may want to use
'identifier' instead of 'identity' - but that may raise another
set of arguments/confusions. [scribe assist by Manu Sporny]
Mike Johnson: Even though our system is designed so that a given
user can have a particular identity (name, address, etc.), it
would be nice to allow purchases to be made that give the
purchaser a level of abstraction, that gives them some anonymity.
Mike Johnson: It is a subtle difference that we may not want to
support in PaySwarm 1.0, but providing the option for user
anonymity is an important consideration. We may want to change
the spec language to be more description of what is meant.
Jose 'Manny' De Loera: Depending on what you want to be
anonymous about may be a bigger issue. How are we going to be
able to deal with the consequences of questionable transactions?
David I. Lehn: Also, it's not completely anonymous. it's just the
authority choosing not to share who an identity belongs to.
David I. Lehn: Though a totally anonymous authority working with
bitcoins or something would be possible in theory, I think
Manu Sporny: There are limits to the kind and level of anonymity
that PaySwarm will offer. The system still allows for legal
authorities, when necessary, to discover true owners of anonymous
accounts... however, to address Mike's question - we do deal with
anonymity in the system now.
Manu Sporny: PaySwarm is not like Bitcoin that is strongly
anonymous. We need to be aware of the issues with strong
anonymity and make sure that a sufficiently level of protection
(both for buyers and vendors and society) is offered.
Mike Johnson: I agree with these points. PaySwarm will be a much
more powerful tool if we establish that questionable activity
must be investigated by enforcement services and not the PaySwarm
Authorities.
Mike Johnson: Although a user can have multiple online IDs, they
must be tied to an actual real-world entity.
Mike Johnson: The point is that we facilitate some identity
abstraction between parties.
Mike Johnson: We need to be aware of what info is captured in
transactions and what is mandated.
Manu Sporny: The current spec simply mandates two IRIs without
stating that it ties (captures) the specific identities of each
party.
Mike Johnson: Bank transaction do not mandate an actual person
be verified before a transaction is processed. All that is
required is that an verifiable account is used.
Manu Sporny: We will continue discussing the registration
process on our next call.
Manu Sporny: Next call December 16, 2011.
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
http://manu.sporny.org/2011/payment-links/
Received on Friday, 2 December 2011 21:05:54 UTC