- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 25 Oct 2012 18:45:48 -0400
- To: Web Payments CG <public-webpayments@w3.org>
Hi all,
It's been about 2.5 months since the last release. We've been focused on
adding the last set of features that are needed for a commercial launch.
Namely:
* Bank account registration (with ACH/credit network integration)
* Security fixes for theoretical SHA-1 vulnerability
* Settings management
(credit cards, bank accounts, addresses, and access keys)
* Lots and lots of bug fixes and interface changes
The latest release can be found here:
https://dev.payswarm.com/
There is still more to do, but all of the major features are now
implemented. The messaging protocol (using JSON-LD) has stabilized, so
we'll probably do a spec update at some point in the next few months
with all of the new stuff. We have a few minor features to go, but the
commercial release is looking like it's in good shape. We will try to
make it before the holidays, but in all likelihood, it'll be in the
early part of next year (as we still want to do some burn-in testing on
the system under heavy load).
Here are the major changes:
Bank Account and Credit Card Registration
-----------------------------------------
The system now implements all the back-end calls to the US Federal
Reserve-backed Automated Clearing House banking network. This allows
people to use their bank accounts to deposit money into a PaySwarm
Authority as well as withdraw money from a PaySwarm Authority. It works
in the same way that registering a bank account in PayPal works.
You specify your banking account details, the PaySwarm Authority
deposits two amounts into your account, you check your bank balance
after a few days to view the amounts, you then type those amounts into
the PaySwarm Authority. After you have verified your bank account, you
can then pull money from your bank account into the PaySwarm Authority
(with minimal fees charged by the banking network). You can also
transfer money from any account on your PaySwarm Authority to your bank
account (with minimal fees charged by the banking network).
Credit-card-based deposit support was put in some time ago, and it has
been updated in this release to streamline the use of credit cards. The
bank rates for these deposits are higher - around 2%-4% of the deposit
amount, depending on the credit card and credit card processor.
Security Fixes
--------------
Melvin Carvalho posted an article on this mailing list pointing out a
theoretical attack on SHA-1. While we didn't believe that it was a very
likely attack, we've upgraded all algorithms to use SHA-256, which has
no known theoretical attacks at present. This change affects how all
messages on the network are digitally signed, the WordPress software,
how assets are listed, etc. It was a fairly sweeping change and the
protocol is more secure because of it.
Settings Management
-------------------
There is now a Settings page. On this page, there are screens for
managing a set of monetary sources and destinations called 'payment
tokens'. These include all the credit cards and bank accounts you have
registered with the system. These payment tokens can be used to move
money into (credit cards, bank accounts) and out of (bank accounts) the
PaySwarm Authority.
We have also added a section for managing 'Access Keys' (Public/Private
Keypairs). These keys are used to digitally sign messages on the
network. They are also used to sign assets, listings, digital contracts,
and generally verify that you are who you say you are. If a key is
compromised, it can be revoked in the settings page, which automatically
deactivates that key, rendering it useless to the person who stole it
from you. Generating a new key is easy and is typically done
automatically for you via PaySwarm-compatible software.
General Browser Interface Improvements
--------------------------------------
The web pages for the site have been improved to make the whole
experience easier. Items that were deemed too technical to show (such as
URLs and micro-transaction amounts) have been played down or removed
from the interface. Pages that resulted in JSON-LD data in the browser
now result in HTML pages (such as identities, accounts, access keys,
etc.). You can now view a human-readable version of the digital receipts
for all of your purchases.
Payment Groups
--------------
This item has to do with the technical protocol. Typically, when an item
is listed for sale on the Web, you also list a number of financial
accounts that should have money deposited into them if the sale is
successful. We called these the 'payees' of a digital contract. We had
implemented this as an 'ordered list of payees' before, which resulted
in a fairly awkward expression of the data in RDFa and JSON-LD. The
algorithm for calculating the total amount that should be paid was very
technical and hard to figure out unless you were staring at the
algorithm and knew a fair bit about how the calculations were being made.
We have since moved to 'groups of payees', which takes a great deal of
the guess work out of how the algorithm works. Certain groups are
applied before or after other groups. Vendor's can create as many groups
as they'd like and associate the groups in such a way as to make the
order of calculation explicit without having to specify a numeric order
of operations. The new mechanism is basically a dependency-based
algorithm based on how the 'groups' have been associated in the PaySwarm
listing. We'll go into more depth about this in another e-mail, but
there was a good bit of simplification that this approach provided.
---------------------------------------------------------------------
Those are the major changes, here is a high-level changelog summary for
the past 2.5 months:
* Added public key revocation features.
* Web interface fixes related to layout and fonts.
* Updates to transaction details view. Added link to
transaction detail.
* Add transaction details link icon.
* Added 'Access Keys' tab to settings page.
* Button layout changes for accounts and budgets.
* Added ability to view public financial accounts.
* Consolidated actions for budgets and accounts in dashboard.
* Allow withdrawal details to be viewed, fix transfer
destination display.
* Fixed JSON backslash-escape bug when generating window.data.
* Add withdraw modal and service to process withdrawals.
* Added ability to view public keys via a browser.
* Added view for financial account details.
* Simplified viewing account activity details/receipt details.
* Added support for promotion codes and pre-paid gift
card-like tokens.
* Use ps:Receipt to wrap digital contracts.
* Include license agreement in purchase details.
* Payswarm Authority digital signatures for deposits.
* Use sha256 for digital signatures and auto-upgrade old passwords
on login.
* New payee grouping mechanism.
* Add service to restore deleted payment tokens.
* Implement trash/recovery system for payment tokens.
* Do not display transactions voided due to insufficient funds.
* Add void reason to transactions that are voided.
* Limit number of concurrent unverified payment tokens.
* Add ability to manage bank accounts on settings page.
* Directly tie-in to credit card and banking networks.
* Address validation page improvements.
* Purchase page improvements.
* Use AngularJS for new interfaces.
* Added ability to view 3rd party public financial accounts.
* Make modals full-screen-scrollable.
* Lots of improvements to e-mails sent as a result of purchases,
signup, etc.
* Add display for withdrawals.
* Add payment token verification implementation.
* Add some basic Withdrawal support to payment gateways.
* Use 30 minute session timeout.
* Add credit card selector.
* Use card logos on settings page.
* Add simple address creation and display interface on settings page.
* Add settings page.
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny)
President/CEO - Digital Bazaar, Inc.
blog: HTML5 and RDFa 1.1
http://manu.sporny.org/2012/html5-and-rdfa/
Received on Thursday, 25 October 2012 22:46:15 UTC