- From: Dennis A Smith <dennis@dennis.co.nz>
- Date: Thu, 2 May 2013 09:22:47 +1300
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments <public-webpayments@w3.org>
- Message-ID: <CAOS-hrLqaN3-uChLq6+HNjMmcBTYiwt_-1iBTMqmm2b52xBgVw@mail.gmail.com>
Thanks for the minutes. Much appreciated as I cannot attend telecons. Regards Dennis A. Smith - www.dennis.co.nz - My digital home Camp Samoa - www.campsamoa.com - Samoa on a budget! SWAP Foundation - www.swapsamoa.com - Home of Samoa voluntourism Gold Tick Services Ltd - www.goldtick.co.nz - Information facilitators: print & web WWOOF Samoa - www.wwoofsamoa.com - Volunteering on organic farms in Samoa. Samoa Limousines - www.samoalimousines.com - Limousines in Paradise Samoa Village Stays - www.samoavillagestays.com - Experience third-world rural Samoa - - - - - - - - Phone (landline): +685 22-777, Phone (mobile): +685 777-9999 Phone (limousine line): 8444-888 Phone (Digicel loaners/rentals): 777-4444, 777-2222 Phone (Bluesky mobile): 750-9999 Street: Camp Samoa, Aleisa East, Samoa Postal: P O Box 55, Apia, Samoa EMail: dennis@dennis.co.nz Club Credits Code: FX693M8 Twitter: @victusinambitus Facebook: www.facebook.com/victusinambitus Skype: victusinambitus - - - - - - - - On 2 May 2013 07:06, Manu Sporny <msporny@digitalbazaar.com> wrote: > Thanks to Dave Longley for scribing! The minutes for today's telecon > are now available here: > > http://payswarm.com/minutes/2013-05-01/ > > Full text of the discussion follows for archival purposes at the W3C. > Audio of the meeting is available as well (link provided below). > > -------------- > Web Payments Community Group Telecon Minutes for 2013-05-01 > > Agenda: > > http://lists.w3.org/Archives/Public/public-webpayments/2013Apr/0100.html > Topics: > 1. Introductions > 2. Web Payments - Collaborating Organizations > 3. Web Payments - Collaboration Timeline > 4. PaySwarm / Mozilla's Payment mozPay() API > 5. Persona / Web Keys > 6. Web Keys / IETF HTTP Signatures > 7. Next Telecon - mozPay API > Chair: > Manu Sporny > Scribe: > Dave Longley > Present: > Natasha Rooney, Manu Sporny, Dave Longley, Brent Shambaugh, > David I. Lehn, Mark Cavage, John Foliot, Ian Myles, > Pindar Wong > Audio: > http://payswarm.com/minutes/2013-05-01/audio.ogg > > Natasha Rooney: Manu, I might need to just attend on IRC - big > meeting happening here at GSMA today, but I will be paying > attention! > Manu Sporny: ok Natasha, thanks for the update - we'll be > recording the audio for the call, so you can always listen to it > later (or just read the minutes) > Dave Longley is scribing. > Manu Sporny: today is basically going to be a review of > everything that has been going on in the past month/month and a > half > Manu Sporny: and an update for each one of the projects > Brent Shambaugh: does web payments collaboration go into what's > going on in various groups, etc.? > Manu Sporny: yes, and we'll put down a timeline for what's going > on in the future > Manu Sporny: are there any updates/changes to the agenda? > David I. Lehn: if we have time we could talk about the recent > rise of crypto currencies in the public and how that fits into > this work > > Topic: Introductions > > Manu Sporny: my name is Manu Sporny. I'm currently the chair of > RDFa, JSON-LD, and web payments groups at W3C. Also CEO of > Digital Bazaar, our primary interest is in figuring out a way to > build payments into the core architecture of the Web. > Dave Longley: my name is Dave Longley - co-founder and CTO of > Digital Bazaar. Spend most of my time doing software/spec design > and implementation for PaySwarm. [scribe assist by Manu Sporny] > David I. Lehn: Work on PaySwarm specs/work and commercial > implementations of it. [scribe assist by Manu Sporny] > Mark Cavage: I'm Mark Cavage. I'm a software engineer at Joyent > and was also in charge of a group that did > identity/authentication at Amazon Web Services. I wrote the > http-signature spec we'll be discussing later. > John Foliot: Good morning, my name is John Foliot. I'm a member > of various W3C groups and task forces. I work for JP Morgan > Chase, this caught my interest, I'm looking to see what's going > on in this area. Pesonal interest, not representing my employer. > Ian Myles: Hi, my name is Ian Myles from JP Morgan Chase - John > Foliot let me know about this, here as an observer, not > representing my employer in any way. > Brent Shambaugh: i'm Brent Shambaugh. I'm looking into Web > Payments, it's kind of a long story, i began looking into this > with online web economies. Melvin Carvalho directed me here. I'm > working on the MNDF distributed economy project > http://bshambaugh.org/MNDF_Project.html . I'm interested in web > payments in a more holistic view of how it would all work > Natasha Rooney: I'm Natasha Rooney from the GSM Association. We > represent 800 mobile operators in over 220 different countries. I > run the w3c stuff from within the GSMA and we're interested in > web payments there because we like things that work with money > (joke) > Pindar Wong: Hi, this is Pindar Wong from Creative Commons / > Asia-Pacific Internet Association. Based out of Hong Kong. I've > been interested in financial topography for several years. I've > been following the group for a while, I'm interested in financial > policy, etc. and relation to taxes/banking and sales of digital > assets and intellectual property. > Manu Sporny: Mozilla, and Telefonica in the EU, send in their > regrets for today. A few other companies are waiting for > clearance from their legal departments to join us on these calls. > The next call is may 15 and they may join then. > > Topic: Web Payments - Collaborating Organizations > > Manu Sporny: There have been multiple companies that have shown > interest now in participating. Mozilla working on the mozPay() > API. Digital Bazaar working on PaySwarm. Telefonica (Mozilla's > partner for mozPay API and Firefox OS). We have the IETF HTTP 2.0 > WG, specifically the HTTP Auth Working Group. Some participants > from the WebCrypto API group at W3C and some members from the > standards body for GSM mobile devices (GSMA). > Manu Sporny: they are based out of the EU, and we also have some > other people interested from various smaller companies. > Manu Sporny: any questions about the companies/people interested > in participating in the web payments work? > Manu Sporny: the goal is to try and get more and more companies > involved, specifically more browser vendors, over the next couple > of months, and then banking and financial companies. > Manu Sporny: That's one of the reasons I'm glad you joined the > call, John (Foliot) for that reason > Manu Sporny: Let's move on to the timeline for Web Payments Work > > Topic: Web Payments - Collaboration Timeline > > Manu Sporny: the idea here is that we're trying to get the web > payments work kicked off at the w3c and we're trying to figure > out which set of specifications will be the first in the pipe at > w3c > Manu Sporny: and how to coordinate with a number of the > aforementioned companies > Manu Sporny: in may we're trying to work with mozilla to get the > mozPay API formatted into a w3c spec > Manu Sporny: right now it's on the mozilla wiki, we'll > transition that to w3c > John Foliot: Need to be 100% clear that I am here as an > interested individual, and not representing my employer. *VERY > IMPORTANT*! > Manu Sporny: in june there's a w3c advisory committee meeting, > there's currently a headlights program at w3c that is trying to > figure out if web payments should be a big part of the late > 2013-2014 big plans > Manu Sporny: if enough companies/people say web payments are a > priority, then the hope is that a working group will be created > around web payments > Manu Sporny: that's happening in june, we're trying to get > support from w3c companies to get the web payments stuff started > Brent Shambaugh: if you follow the bitcoin forums, it would be > an interesting thing to watch to see people associating urls with > payments, etc. > Manu Sporny: we want bitcoin to be able to work with the specs > we created, either via the mozPay api or via the payswarm specs, > we want to keep our eyes on that over the next year > Manu Sporny: earlier in the year we talked with some core > bitcoin developers and they were very interested in the web > payments work > Manu Sporny: we have been talking with the ietf on how to > standardize the spec that mark cavage wrote (http-signatures) > Manu Sporny: we hope to get something published very quickly (by > july) via IETF on http-signatures > Mark Cavage: i think that's great, i hope that one of the things > you get out of this call is figuring out exactly what that work > entails, i haven't done an IETF spec before, but i know that Dave > Longley has been lookign at the spec and reviewing it (and David > Lehn has been making some code changes to the implementation) > Mark Cavage: i know there are perl and python implementations as > well, we'll have to look at the deltas there (and get things > synced up) > Manu Sporny: so that's july the ietf http-signatures spec > Manu Sporny: i've been invited to speak at sibos by peter who > runs innotribe, etc. and swift and they are interested in web > payments and they'd like to be involved in that work in some way > Manu Sporny: that's happening in september > Manu Sporny: in october of this year i'm hoping to figure out > some way of going to the internet governments forum > Manu Sporny: pindar do you have anything to say about that? > Pindar Wong: a lot of these issues bring together payments, > taxation, intellectual property, and Internet Governance. I'm > hoping that you'll be able to go to Bali, Indonesia for a high > level meeting with *a number* of delegates and discuss Web > Payments. > Manu Sporny: The Internet Identity Workshop and the Internet > Governance Forum in Bali happen at the same time > Manu Sporny: so we're trying to get someone else from web > payments go to the identity work shop so i can go to bali > Manu Sporny: We plan to, in the november/december timeframe, > have a workshop on web payments via W3C. > Manu Sporny: so it's going to be a very full year related to web > payments > Manu Sporny: this year the interest is very strong > Manu Sporny: any questions about the timeline before we move on? > John Foliot: Manu, is that schedule/calendar posted anywhere? > Manu Sporny: no the schedule is not posted yet, i'll be sending > it to the web payments mailing list, does that work? > John Foliot: yes > > Topic: PaySwarm / Mozilla's Payment mozPay() API > > Manu Sporny: Introduction to the Mozilla Payments API: > > > https://hacks.mozilla.org/2013/04/introducing-navigator-mozpay-for-web-payments/ > Manu Sporny: mozilla's mozPay api was introduced in April of > this year, just last month, there's a link to a post about it in > IRC. It's about being able to do payment in the browser whilst > being agnostic to the payment network, the idea is to support > multiple payment methods all through one payment API > Manu Sporny: They are launching this on the telefonica phones > that the firefox os will be running on > Manu Sporny: PaySwarm also had a commercial release in April of > this year - http://blog.meritora.com/launch/ > Manu Sporny: we need to get that mozPay api into a w3c spec and > figure out how the various systems will integrate > Manu Sporny: there is a commercial implementation of PaySwarm > that launched in April > Manu Sporny: More details here about the identity system for > PaySwarm: > > > https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/ > Manu Sporny: Products for sale on the web via PaySwarm: > https://hacks.mozilla.org/2013/04/payswarm-part-2/ > Manu Sporny: and how to do a purchase via PaySwarm: > > > https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-purchasing-part-3-of-3/ > Manu Sporny: the specs we've been working on for the past 2 > years now have a commercial implementation behind them, the > launch is just in the US for now, and uses US dollars, but we > cover identity online and how to link payments and identity, how > to mark up products for sale on the web, and how to do an actual > purchase using PaySwarm > Manu Sporny: all of these are talked about in a 3-part series on > a mozilla hacks post > Manu Sporny: the number one goal is to make the payments API in > the browser payment-network agnostic > Manu Sporny: the idea here is that multiple different vendors > could come in and provide various different methods of payment > mechanism through the browser > Manu Sporny: and all of these things play into figuring out how > we make all of these things happen in the web payments group > Manu Sporny: any questions on mozilla's payments API at this > point? > Brent Shambaugh: there's a lot of stuff going on, we're > interested in figuring out where we come into all this > Manu Sporny: there is a lot of work in front of us so the more > people we have involved in the CG and the WG the better off we'll > be > Manu Sporny: the more people that are heavily involved in the CG > the better because when the WG starts up, we'll be able to > transition those people over to the WG and we won't have to spend > time trying to figure out who is working on what > Manu Sporny: any comments or questions on the mozPay > api/PaySwarm specs? > > Topic: Persona / Web Keys > > Manu Sporny: Persona beta 2 just launched earlier this month: > https://hacks.mozilla.org/2013/04/persona-beta-2-launch/ > Manu Sporny: the set of PaySwarm specifications specify its own > identity mechanism that overlaps slightly with Mozilla's Persona > Manu Sporny: persona is about a single sign-on mechanism for the > web > Manu Sporny: that link talks about what identity on the web > means, and is about making sign on more secure by getting rid of > passwords, etc. > Manu Sporny: PaySwarm also has an identity mechanism that > overlaps by a fairly sizeable amount: > > > https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/ > Manu Sporny: we also have an identity solution in payswarm that > is a bit different > Manu Sporny: It's based off of this public keys for the Web spec: > https://payswarm.com/specs/source/web-keys/ > Manu Sporny: we have something called a web keys specification > that turns the web into a public key infrastructure system > Manu Sporny: the idea here is to figure out a way to get web > keys and persona to work together > Manu Sporny: so we don't end up with two different identity > mechanisms > Manu Sporny: where you'd use persona to log into the web and the > web keys stuff to do payments > Manu Sporny: hopefully we can merge them > Manu Sporny: it would be a big failure to standardize if we > can't figure that out > Manu Sporny: we're in contact with ben adida, lloyd, dan calahan > in the person community > Manu Sporny: i worked closely with ben adida on rdfa, they are > interested in making web keys and persona work together > Manu Sporny: any questions about persona/web keys? > > Topic: Web Keys / IETF HTTP Signatures > > Manu Sporny: Web Keys is introduced here: > > > https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/ > Manu Sporny: The Web Keys spec is here: > https://payswarm.com/specs/source/web-keys/ > Manu Sporny: The HTTP Signatures spec is here: > > https://github.com/joyent/node-http-signature/blob/master/http_signing.md > Manu Sporny: we (Digital Bazaar) had created a Web Keys spec to > sign JSON blobs, and we also wanted the ability to sign HTTP > requests (at a lower level) but do it in a way that allowed > people publish keys anywhere on the web > Manu Sporny: so this is about allowing http requests (for > authentication) to be signed using a PKI that lives on the web > Mark Cavage: for context, i am one of the lead software > engineers at joyent and we have a slew of REST apis, before this > i was the lead engineer at the amazon web services team, so i've > been working with authenticated REST APIs for quite a while, > there really is no ope nspec that solves this problem nicely, i > think, most of what is out there was based on HMAC, and having > done things with HMAC i have no interest in doing symmetric key > management again because it's a nightmare, when i wrote this most > of the talk was coming out of the oauth spec which is basically > hmac/a cookie > Mark Cavage: so that's sort of the motivation for having written > it, to avoid HMAC and have something that works > Mark Cavage: one of the nice properties of what we did is > ultimately that we just use our customer's ssh keys > Mark Cavage: certainly technical power users are able to reuse > that key management system > Mark Cavage: longer term one of the things that we wanted with > the spec was to use smart card technology and have people > maintain their keys on that > Mark Cavage: i personally at joyent am very delighted that you > guys have picked this up > Mark Cavage: we're very interested in getting this pushed > through at IETF/W3c > Mark Cavage: that's the background for where it came from and > where it exists and right now there's no real alternative, still, > that i see > Manu Sporny: to fill in the other side of it, we came across > mark's spec (dave lehn did) and saw that it fits in really nicely > with web keys and that it belongs at the IETF, etc. and it > integrated cleanly and nicely > Manu Sporny: we're in a lot of agreement with mark w/hmac, etc. > and the approach this spec took > Manu Sporny: there was some initial push back at the IETF http > authentication group > Manu Sporny: but that's because there's a lot of other work > going on there > Manu Sporny: and some of it has to do with creating sessions > ,etc. and we're not interested in sessions for REST APIs, etc. > Manu Sporny: and the http-signature spec is clean and simple to > use and build on top of, so i think we can see some progress > getting it through > Manu Sporny: one of the questions mark had was how does the > process work to getting an RFC out > Manu Sporny: i talked to the technical lead on this at IETF and > we just need to put the http-signature spec into an RFC format > and publish it anywhere on the web > Manu Sporny: we'll probably publish it on the payswarm website > first and then through the http auth IETF working group > Manu Sporny: anyone can publish an experimental spec there > Manu Sporny: and then we'll have a long slew of arguments about > the benefits and drawbacks of http signatures over HOBA and > multifactor authentication, etc. > Manu Sporny: there are several other specs in the running and > we'll see if http signatures can stand on its own or get absorbed > into another one > Manu Sporny: i feel that a large amount of the technical work is > done at this point, unless we find some kind of security > vulnerability with it > Manu Sporny: do you agree with that general summary and > approach, Mark? > Mark Cavage: yes, i don't see any problems with that, and > wherever it ends up, as its own standalone spec, or absorbed into > another spec, anything would be better than how it is alone now > Manu Sporny: any other comments on the http-signature stuff, > etc.? > > Topic: Next Telecon > > Manu Sporny: the purpose of the q/a on the next telecon will be > about figuring out how to get persona/payswarm/mozpay to work > together, etc. and what the long term goals are to integrate, > etc. > Manu Sporny: it should be a very interesting call because it > will be about the main driver behind the web payments work > Natasha Rooney: i will be on a flight during that next call > Manu Sporny: we'll see if other people want to move the call, > but it's always difficult to get everyone together at a > particular time > Manu Sporny: we make announcements about all of these calls and > the technical discussion on the web payments mailing list > Dave Longley: I think we should also mention that there are two > public webpayments mailing lists. [scribe assist by Manu Sporny] > Manu Sporny: Yes, this group operates on > public-webpayments@w3.org - see > http://lists.w3.org/Archives/Public/public-webpayments/ > Manu Sporny: next call will be May 15th, thanks everyone! > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Meritora - Web payments commercial launch > http://blog.meritora.com/launch/ > >
Received on Wednesday, 1 May 2013 21:48:12 UTC