New PaySwarm 1.0 Web API Editor's Draft from Manu Sporny on 2011-09-26 (public-webpayments@w3.org from September 2011)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 26 Sep 2011 00:58:54 -0400
To: Web Payments <public-webpayments@w3.org>
Message-ID: <4E80068E.8070407@digitalbazaar.com>

Hi all,

Quite a bit of work has gone into the new public/private key based 
PaySwarm protocol over the past week. The early sections of the spec are 
starting to take shape. The latest Editor's Draft of the PaySwarm 1.0 
Web API spec is available here:

http://payswarm.com/specs/ED/web-api/2011-09-26/

A diff-marked version from the previous draft is available here:

http://payswarm.com/specs/ED/web-api/2011-09-26/diff-20110920.html

The latest changes include the addition of the following sections:

4. Communication
  4.1  Requests and Responses
  4.2  Communication Terms
  4.3  Request Signature Algorithm
  4.4  Request Signature Verification Algorithm
  4.5  Response Encryption Algorithm

http://payswarm.com/specs/ED/web-api/2011-09-26#communication

These sections outline how messages are secured between sites, even if 
the sites do not have access to a valid security certificate (like most 
WordPress sites). This is a step away from the OAuth 1.0a flow that we 
implemented for the latest http://dev.payswarm.com/ website and allows 
for a simpler implementation and code-path in many cases. It turns out 
that OAuth 1.0a adds complexity to the process when we were attempting 
to remove complexity by using it. This is not OAuth's fault - we require 
digital signatures for most of our system so implementing OAuth 
along-side it is a bit redundant at times.

The prose in the Registration Process has also been updated to flow a 
bit more nicely and a number of technical errors have been fixed.

Additionally, it became apparent that the Signature Vocabulary was not 
going to be good enough any longer and so it morphed into the Security 
Vocabulary over the past week:

http://payswarm.com/vocabs/security

I have already submitted a request for a permanent URL for this 
vocabulary and the entry for the "sec" prefix has been entered in 
http://prefix.cc/sec.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
http://manu.sporny.org/2011/payment-links/

Received on Monday, 26 September 2011 04:59:24 UTC