Re: First Draft of Payment Links spec published from Manu Sporny on 2011-10-13 (public-webpayments@w3.org from October 2011)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 13 Oct 2011 00:18:00 -0400
To: Web Payments <public-webpayments@w3.org>
Message-ID: <4E966678.7070705@digitalbazaar.com>

On 10/11/2011 02:14 PM, David I. Lehn wrote:
> Click on that and your browser will go off to:
> https://payment.example.com/pay?uri=web%2Bpayment%3A%3Famount%3D10.00%26currency%3DUSD%26to%3Ddil%40lehn.org
>
> The server can parse the URI, pull out the payment link params, and
> process the payment.

Nice work, Dave!

> Obviously there would need to be some
> standards to specify how the "to" part worked and so on but the
> browser plumbing is working today in at least recent Chromium builds.
>
> [1] https://developer.mozilla.org/En/DOM/Window.navigator.registerProtocolHandler

I wonder if this would work better as a "deposit:" scheme - as that's 
kinda what the Payment Links spec is about. I think you're spot-on when 
you say that we'd need to specify a standard way of listing accounts to 
really take advantage of this feature.

So, a deposit scheme coupled with PaySwarm's universal account mechanism 
could work. It seems like the Payment Links spec, as it stands right 
now, doesn't provide the type of granularity that we'd need. This is 
because we can't define a universal account identifier in that 
specification (because that would make it difficult to implement).

We obviously can't use routing/ABA numbers because listing those online 
would enable a whole slew of attacks on ones bank accounts. Perhaps this 
is best solved by PaySwarm account IRIs like:

https://payswarm.example.com/people/davelehn/accounts/primary

We could change that to:

deposit:payswarm.example.com/people/davelehn/accounts/primary

Those can be made public, but are not susceptible to the same sort of 
attack as a routing/ABA number is. Then the "deposit:" scheme would have 
a stable protocol (PaySwarm) and a way of universally identifying accounts.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
http://manu.sporny.org/2011/payment-links/

Received on Thursday, 13 October 2011 04:18:38 UTC