Re: W3C workshop on payments and the Web? from Dave Raggett on 2012-05-11 (public-webpayments@w3.org from May 2012)

From: Dave Raggett <dsr@w3.org>
Date: Fri, 11 May 2012 19:55:26 +0100
To: Manu Sporny <msporny@digitalbazaar.com>
CC: public-webpayments@w3.org, Alan Bird <abird@w3.org>
Message-ID: <4FAD609E.1040507@w3.org>
Hi Manu,

Thanks for your feedback. We have plenty of time to collect further
input towards a workshop, and it should be practical to arrange some
form of remote participation for those who are unable to travel.

With regards to using Web Intents, study of existing and planned payment
solutions would provide material for further discussions on the
requirements for an agnostic payment interface between a web application
script and the payment solution. The CG appears to approaching this from
the perspective of new payment solutions rather than more traditional
ones. I suspect that a whitelist of services provided by the website
hosting the web app may prove practical especially for solutions built
around debit and credit cards whether physical or virtual (as in
eWallets). It is also possible to imagine trusted third parties that
bridge between services, thereby indirectly expanding the coverage of a
white list. The concept of a white list is an interesting contribution
to the discussion on Web Intents.

Do you have a rough idea of when the CG plans to issue a report? Are you
interested in covering a broad range of payment solutions such as those
in the task force wiki?  Some of these involve additional hardware such
as dongles functioning as card readers, trusted computing modules such
as SIM cards, and NFC readers. This is common for services tied to real
world locations such as restaurants.

p.s. I personally have a only a limited amount of time I can devote to
work on payments, and as such it would be difficult for me to be an
active member of the CG, although I will be happy to jump in now and then.

Best regards,

  Dave Raggett

On 11/05/12 19:15, Manu Sporny wrote:
> On 05/11/12 06:46, Dave Raggett wrote:
>> The W3C Team recently organized a task force on web payments as part
>> of our headlights process for up and coming areas, and we would like
>> to invite your comments on the information we have collected [1], and
>> your suggestions for possible next steps in regard to standardization
>> work at W3C.
> 
> Glad that you guys did this. I'm assuming that this was a first-step,
> internal W3C Team-only thing? Further discussions about this topic
> should certainly involve people that have been active on this mailing
> list - either in the past or currently.
> 
>> There are many different possible approaches to payments on the Web,
>> and we focused on the scenario where a web application is seeking a
>> payment from the user. Web Intents looks like a promising means to
>> allow for web applications to request payments, leaving the user free
>> to pick her preferred means of payment.
> 
> That's only one part of the problem - the other part is how the web
> application can trust that the response it gets from any particular
> service can be trusted (this is what PaySwarm is focused on doing).
> 
> That is... the easy part is requesting the payment via a Web Intent. The
> hard part is interoperability between the payment system and the web
> app... or between the payment systems. For example:
> 
> * Is there a white list of services that have been "verified", much
>   like the list of trusted root certificate authorities? (hard)
> * What kind of message does the payment service send to the web app?
>   (hard)
> * How does the web app specify the callback location? (easy)
> * Are digital signatures involved? (hard)
> * Who is responsible for relaying the "digital receipt" back to the
>   web app? The user agent, or the payment provider? (hard)
> * Should the payment providers be interoperable? (hard)
> 
>> This approach is agnostic with respect to the many existing or
>> planned payment solutions.
> 
> I don't think it's that simple... specifically regarding who qualifies
> as a payment provider, who maintains the white-list, how is that list
> put together, and what message should come back to the Web app
> certifying that the purchase happened successfully.
> 
> For instance, if the customer has a Google Wallet and the web app uses
> PayPal - how does the money go from Google Wallet to PayPal?
> 
>> There is also a role for standards aimed at enabling value-added
>> third party services that complement payment services.
> 
> Agreed.
> 
>> What should W3C do next?  We could organize a workshop later this
>> year or early next year,
> 
> I'd suggest early next year... I'm also concerned about a number of the
> participants in this mailing list being able to attend, as many of them
> are running small start-ups or are weekend warriors on these projects.
> Additionally, PayPal, Google, Flattr and most of the existing payment
> providers are not yet a participating and may never participate as
> interoperability is a threat to their market share.
> 
> I'm not saying that a workshop is a bad idea - I'm just saying that I
> don't know if we have a good handle on what would or should happen at
> such a workshop - other than brainstorming.
> 
> In any case, there is plenty of time to plan such a workshop - although,
> I'm a bit skeptical of it "helping" at this stage. That said, it would
> be good to get all of the companies listed in the wiki page you created
> together to have some open talks about potential collaboration points.
> 
> -- manu
> 


-- 
Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
Received on Friday, 11 May 2012 18:55:56 UTC