- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 26 Sep 2011 00:58:54 -0400
- To: Web Payments <public-webpayments@w3.org>
Hi all, Quite a bit of work has gone into the new public/private key based PaySwarm protocol over the past week. The early sections of the spec are starting to take shape. The latest Editor's Draft of the PaySwarm 1.0 Web API spec is available here: http://payswarm.com/specs/ED/web-api/2011-09-26/ A diff-marked version from the previous draft is available here: http://payswarm.com/specs/ED/web-api/2011-09-26/diff-20110920.html The latest changes include the addition of the following sections: 4. Communication 4.1 Requests and Responses 4.2 Communication Terms 4.3 Request Signature Algorithm 4.4 Request Signature Verification Algorithm 4.5 Response Encryption Algorithm http://payswarm.com/specs/ED/web-api/2011-09-26#communication These sections outline how messages are secured between sites, even if the sites do not have access to a valid security certificate (like most WordPress sites). This is a step away from the OAuth 1.0a flow that we implemented for the latest http://dev.payswarm.com/ website and allows for a simpler implementation and code-path in many cases. It turns out that OAuth 1.0a adds complexity to the process when we were attempting to remove complexity by using it. This is not OAuth's fault - we require digital signatures for most of our system so implementing OAuth along-side it is a bit redundant at times. The prose in the Registration Process has also been updated to flow a bit more nicely and a number of technical errors have been fixed. Additionally, it became apparent that the Signature Vocabulary was not going to be good enough any longer and so it morphed into the Security Vocabulary over the past week: http://payswarm.com/vocabs/security I have already submitted a request for a permanent URL for this vocabulary and the entry for the "sec" prefix has been entered in http://prefix.cc/sec. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Standardizing Payment Links - Why Online Tipping has Failed http://manu.sporny.org/2011/payment-links/
Received on Monday, 26 September 2011 04:59:24 UTC