W3C home > Mailing lists > Public > public-webpayments@w3.org > May 2012

Web Payments Telecon Minutes for 2012-05-15

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 15 May 2012 22:56:33 -0400
Message-ID: <4FB31761.5060308@digitalbazaar.com>
To: Web Payments <public-webpayments@w3.org>
CC: David Raggett <dsr@w3.org>, Alan Bird <abird@w3.org>, Doug Schepers <schepers@w3.org>
Dave, Alan, Doug,

Pay particular attention to the Web Payments minutes from today as we
spent the telecon discussing a number of the questions that were raised
by Dave Raggett last week.

Thanks to Dave Longley for scribing! The minutes for today's telecon are
available here:


Full text of the discussion follows for archival purposes at the W3C.
Audio of the meeting is available as well (link provided below).


Web Payments Community Group Telecon Minutes for 2012-05-15

    1. Web Intents for Payment
    2. State of the Art Review of Payments
    3. Technologies Focused on in the Group
    4. W3C Next Steps for Web Payment
    Manu Sporny
    Dave Longley
    Dave Longley, Manu Sporny, David I. Lehn

Dave Longley is scribing.
Manu Sporny:  today's call is mostly about w3c's headlights
    program for 2012 and what our position is on Dave Raggett's
Manu Sporny:  both Doug Schepers and Dave Raggett have asked us
    to think about how web intents in payments would work
Manu Sporny:  the other thing they've asked is for some kind of
    review on the state of art for payments
Manu Sporny:  we may follow up on what technologies we ought to
    focus on and what the w3c should focus on over the next year on
Manu Sporny:  so we're going to discuss the direction to take,
Manu Sporny:  any updates/changes to the agenda?
Dave Longley:  nope

Topic: Web Intents for Payment

Manu Sporny:
Manu Sporny:  first, the most "dangerous" thing that dave raggett
    hinted at in his email
Manu Sporny:  this is for web intents for payment
Manu Sporny:  it seems a lot of people in the w3c think web
    intents would go a far way in handling webpayments
Manu Sporny:  without really covering interoperability
Manu Sporny:  Dave Lehn, didn't you implement some web intents
    stuff at some point?
David I. Lehn:  i made a quick demo for buying images/etc...
    stuff like that using the new scheme handler/registration stuff.
    It had more to do with payment schemes, but it would more or less
    work the same way.
Manu Sporny:  the w3c is thinking of doing a demo with
    webpayments with webintents
Manu Sporny:  the idea is you get your payment provider from web
    intents ...
Manu Sporny:  but a lot of what payswarm does isn't in there
Manu Sporny:  some of the w3c people don't seem to be aware of
    this interoperabilty issue.
Dave Longley:  A couple of thoughts - web intents are a good way
    to pick your payment provider. [scribe assist by Manu Sporny]
Dave Longley:  You visit your payment provider, and that site
    registers for 'pay' web intent - you go to another site and the
    browser's interface shows you that you can use visa, payswarm
    provider, etc. to do that. In PaySwarm, how does the client pick
    their PaySwarm provider? [scribe assist by Manu Sporny]
Dave Longley:  We chose not to address this because BrowserID and
    Web Intents were going to address it - works well for NASCAR
    problem. It's fine when the website owner doesn't have a large
    stake in what's going on... but when they want to sell a good or
    a service, they need to receive money... fundamentally different
    situation from login or photo preferences. Dealing with money
    requires far more trust and security than photos. [scribe assist
    by Manu Sporny]
David I. Lehn: The quick demo I tried was using
    registerProtocolHandler API:
Dave Longley:  There must be a greater level of trust between
    vendor and customer and payment provider - there are also two
    payment providers involved, potentially. There are four parties
    that need to trust each other, and two parties that need to
    interoperate (from a financial standpoing). [scribe assist by
    Manu Sporny]
Dave Longley:  Vendors have to know how to mark up what they have
    for sale - they need to be able to describe what they're offering
    - what's the cost? Description of good/service? They need to know
    that the customer's payment provider is going to process this in
    the correct way. [scribe assist by Manu Sporny]
Dave Longley:  Customers and payment providers need to know that
    they're doing business with the appropriate party - that the
    customer's payment provider is abiding by rules that the vendor
    wants to enforce... if the correct amount isn't paid, you're
    going to have a big problem. There needs to be some sort of
    digital agreement/contract/receipt... when you are dealing with
    those sorts of things, you need to check for authenticity.
    [scribe assist by Manu Sporny]
Dave Longley:  All of this stuff goes way beyond the simple
    concept of web intents - you also need to care about privacy and
    encryption... digital signatures. [scribe assist by Manu Sporny]
Dave Longley:  All of this leads to some sort of PKI - we end up
    introducing all of these technologies to establish trust - if we
    are going to talk about Web Intents - we need to have a way to
    list assets on a website - PaySwarm does that and we have a
    vocabulary. [scribe assist by Manu Sporny]
Dave Longley:  You need to be able to put this data on your site
    - RDFa + JSON-LD is one way to do this - this is why we have this
    in PaySwarm. Once you've done that, you need a way to encrypt and
    decrypt data - AES and RSA in PaySwarm does that. [scribe assist
    by Manu Sporny]
Dave Longley:  Then you need to check the authenticity of
    contracts/receipts - you need non-repudiation, you need to be
    able to check digital signatures - RSA... basically a PKI... you
    need all of these layers /in addition to/ Web Intents to have the
    systems be interoperable. [scribe assist by Manu Sporny]
Dave Longley:  Not only that, but the payment providers need to
    interoperate or you have a centralized system - you need some
    sort of payment provider whitelist - to ensure that payment
    provider for the buyer can get money to payment provider for the
    vendor. [scribe assist by Manu Sporny]
Dave Longley:  If you don't have all of this stuff, you end up
    with a centralized system... you have Google, PayPal, Amazon - no
    room for smaller players, no room for interoperabilty between
    bigger players. [scribe assist by Manu Sporny]
Manu Sporny:  i agree, this is a good breakdown of the problems
    that exist that aren't covered by Web Intents payments proposal.
Manu Sporny:  we can argue that you don't need some of the things
    on this list individually, but each time you do that, you take
    away something fundamental from interoperablity or competition
    ... or you require centralization,etc.
Manu Sporny:  any of these things take away from a basic
    decentralized w3c web solution
Manu Sporny:  we need to make this very clear in our response
    that web intents is just the tip of the iceberg
Manu Sporny:  to do payments correctly on the web there's more
    that has to be done
Manu Sporny:  my concern is people will come in an say "well, we
    can get something working really quickly" and do something
Manu Sporny:  but lay out a path to decentralization
Manu Sporny:  the intention for this will be good but they could
    easily be corrupted if a large company jumps in an stops that
Manu Sporny:  i'm going to point doug schepers and dave raggett
    at this discussion, perhaps they can ping the right people at
Manu Sporny:  they seem to be interested in how to do webpayments
    in the browser, which is very important, but it's really the last
    step in the whole process.
Dave Longley:  I can see how you can look at existing systems and
    shopping carts and come up with some UI that looks like it would
    work - but you'd have the same silo problem that you have today
    with payment providers - very important to solve the underlying
    problems first before coming up with the perfect UI for a
    browser. Web Intents solves the problem of popping up a UI, but
    it doesn't solve any of the more important, back-end issues.
    [scribe assist by Manu Sporny]
Manu Sporny:  anything else before moving on?
Manu Sporny:  ok, moving on

Topic: State of the Art Review of Payments

Manu Sporny:

Manu Sporny:  typically the w3c creates an exploratory group to
    see how/if they want to tackle a problem on the web and they
    review all the existing relevant technologies
Manu Sporny:  the group generates a report that indicates the
    problems the standard can address and can't address ,etc.
Manu Sporny:  so what i think dave raggett wanted is for a list
    of payment providers to be created and then we'd search for a
    common thread for standardizing between them.
Manu Sporny:  we've been looking at this area for a long time,
    maybe about 4 years, but the issue is that we haven't really
    written our findings down...
Manu Sporny:  we've done the work, we just didn't write the
    report but we don't want to distract ourselves from the technical
    work right now.
Manu Sporny:  i indicated on the mailing list that it would be a
    big distraction for us, but maybe someone else in the group could
Manu Sporny:  in any case, the biggest problem is that all of the
    payment providers listed are not interoperable, some of them only
    work with visa or only mastercard, they each have their own APIs,
    they aren't compatible with each other
Manu Sporny:  some of them are in the spirit of payswarm (using
    REST-based APIs) but they have other drawbacks - like you have to
    be a cell network operator to implement their APIs
Manu Sporny:  so there are many centralization problems here. I'm
    hesitant to sign us up for doing work for writing a report on all
    of this
David I. Lehn:  who do they expect to do this work?
Manu Sporny:  us (the community group)
Manu Sporny:  the w3c is interested in webpayments, but they
    don't have the W3C membership that would be interested in
    webpayments, particularly if some large companies aren't
    interested in interoperability
Manu Sporny:  the people that are involved in payments (apple,
    google, paypal) seem to want to have closed environments
Manu Sporny:  the people that are already out there (visa,
    mastercard, cell phone operators) and really established only
    work on their payment network (no interoperability)
Manu Sporny:  so w3c has asked "why don't these payment providers
    (or banks) want to write a report on this?"
Manu Sporny:  usually these groups don't have the technical
    expertise to do it (banks), or they don't necessarily want to do
    any work towards interoperability (large established payment
    networks like VISA, PayPal, etc.)
Manu Sporny:  so instead we have people like those in our CG that
    are focused on creating interoperability
Manu Sporny:  the w3c has an argument then that it should be easy
    for us to write a report on this because most people in the CG
    have spent a lot of time researching this already
Manu Sporny:  but it's actually quite a time consuming task to
    do, doing a table wouldn't be difficult, but a report would take
    a while
Manu Sporny:  even just doing a comparison between payswarm and
    opentransact took a week of writing.
Manu Sporny:  there are at least 30 services out there, comparing
    each one may take a year worth of writing...
Manu Sporny:  i think everyone has their plate full and we don't
    have to write a report, i'm just concerned about the
    ramifications of that
Manu Sporny:  because i can see them saying we didn't have a
    report on the basic research
Manu Sporny:  so how can we create a solution that works for
Manu Sporny:  but we're creating *the* interoperable solution
    because there isn't one out there
Manu Sporny:  i really don't think we should make this our focus
    now ... we're trying to get payswarm out there and proving the
    API in the field
Manu Sporny:  i think that's much more important than reviewing
    the current state of the art
David I. Lehn:  I agree [scribe assist by Manu Sporny]
Dave Longley:  Yeah... maybe once we show how we have an
    interoperable system - we can show how all the other systems are
    not interoperable - we don't have the bandwidth to go off and
    write those reports right now. If someone at W3C wants to write
    these reports - our CG does not have the resources to do this at
    this point in time. [scribe assist by Manu Sporny]
Manu Sporny:  moving on, the w3c also talked about 3rd party
    complementary systems
Manu Sporny:  on top of payment systems, like checking for lists
    of ingredients, checking allergies before buying things at the
    store, etc.
Manu Sporny:  all of these things are very linked-data sort of
Manu Sporny:  all interesting extensions that you could
Manu Sporny:  but, this is out of scope at present for this
Dave Longley:  I agree that the extensions are out of scope...
    but I do think that we need to understand the use cases to make
    sure PaySwarm covers those use cases. I think that's why we're
    using JSON-LD and RDFa - we want people to build on the basic,
    core Linked Data in the system. [scribe assist by Manu Sporny]
Manu Sporny:  at the bottom of the w3c report we have two use
Manu Sporny:  one is using a phone as a ticket
Manu Sporny:  we cover that in our payswarm use cases (the
    concept of a digital receipt and doing something with it)
Manu Sporny:  the one use case is monetary transfer without a
    bank account
Manu Sporny:  just using the phone as wallet
Manu Sporny:  we go a step further, we say your wallet is
    something that can't be destroyed/you can't use ...
Manu Sporny:  you either store your wallet on your own server or
    with a payment provider you trust
Manu Sporny:  we've discussed these i think and payswarm covers
Dave Longley:  Can we change the mailing list that they use? Did
    they meant to do this: public-web-payments@w3.org [scribe assist
    by Manu Sporny]
David I. Lehn:  i got the idea that they meant to have a
    different mailing list for different purposes
discussion about the mailing list issues, etc.
Manu Sporny:  i'll send an email to dave raggett about how the
    two mailing lists might cause confusion
Manu Sporny:  since the working group doesn't exist yet, etc.

Topic: Technologies Focused on in the Group

Manu Sporny:  we're focused on specifically payswarm, webcredits,
    and opentransact
Manu Sporny:  most discussion has been on payswarm
Manu Sporny:  now we also have IFEX
Manu Sporny:  which we should track because it solves an issue
    that none of the other specs cover
Manu Sporny:  which is how you do an exchange for currency and
    move physical funds
Manu Sporny:  for example, the frontend for webpayments could be
    payswarm with the backend being visa, mastercard, etc, and IFEX
Manu Sporny:  the group also asked why don't we focus on a major
    player ... the simple answer is that no one in the group works
    there or knows where they are trying to go
Manu Sporny:  we don't know what they want or how we ought to
    standardize for them
Dave Longley:  i agree
David I. Lehn:  agreed

Topic: W3C Next Steps for Web Payment

Manu Sporny:  so what do we want them to do to help webpayments
Manu Sporny:  dave raggett proposed a workshop/outreach
Manu Sporny:  one of the things w3c could do is become more
    involved in the mailing list and on the calls
Manu Sporny:  i know doug subscribes to the list but is very busy
    as is dave
Manu Sporny:  we could ask them to make w3c a priority
Manu Sporny:  i think we should push them to figure out where
    payments belongs (which group it belongs in)
Manu Sporny:  and figure out the criteria for starting a working
    group, etc.
Dave Longley:  I'd really like to see W3C be more involved on the
    list or the calls - or both. All the people that are working on
    this stuff toward interoperability are fairly involved already...
    we need them to be more involved. [scribe assist by Manu Sporny]
David I. Lehn:  I agree - I want to make sure we are addressing
    everything they want us to address. [scribe assist by Manu
David I. Lehn:  Would having a summary help them understand where
    we are from week to week. [scribe assist by Manu Sporny]
Manu Sporny:  i think the minutes are clear, we're having regular
    meetings, they could attend and give their thoughts or they could
    read the minutes and comment on the list
Manu Sporny:  we announce the meeting on twitter and the mailing
    list and the website
Manu Sporny:  i think the problem is they are lacking the
    bandwidth to keep up with this stuff
Manu Sporny:  and none of the member companies really want to get
Manu Sporny:  i don't want to create more work than we already
Manu Sporny:  we're already focused on the things we think will
    make a difference
Manu Sporny:  what the working group needs is a spec and an
    experimental implementation of that spec
Manu Sporny:  i think we need to discuss with the w3c team and
    indicate what we want out of this and what they need
Manu Sporny:  we could try reaching out to google and paypal or
    have w3c reach out to them
Manu Sporny:  flattr/IFEX/opentransact are keeping an eye on the
Manu Sporny:  Amir Taaki (bitcoin) pings us from time to time,
    watches the group
Manu Sporny:  most of the experimental providers on the w3c
    report are watching this list/know about it
Manu Sporny:  maybe it would be helpful to get the ripple on
Manu Sporny:  opentabs work is being done in this group
Dave Longley:  I really think we need to get someone from W3C
    participating in the calls, or reading the minutes - the Web
    Intents suggestion was a great example of missing the mark. We
    need the W3C folks to be more educated about the work that is
    happening in this group. [scribe assist by Manu Sporny]

-- manu

Manu Sporny (skype: msporny, twitter: manusporny)
President/CEO - Digital Bazaar, Inc.
blog: PaySwarm Website for Developers Launched
Received on Wednesday, 16 May 2012 02:57:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:21 UTC