W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2013

Web Payments Telecon Minutes for 2013-10-09

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 09 Oct 2013 14:06:33 -0400
Message-ID: <52559B29.6050207@digitalbazaar.com>
To: Web Payments <public-webpayments@w3.org>
Thanks to Dave Longley for scribing today! The minutes for this
week's Web Payments telecon are now available here:

https://payswarm.com/minutes/2013-10-09/

Full text of the discussion follows for archival purposes at the W3C.
Audio of the meeting is available as well (link provided below).

--------------
Web Payments Community Group Telecon Minutes for 2013-10-09

Agenda:
   http://lists.w3.org/Archives/Public/public-webpayments/2013Oct/0026.html
Topics:
   1. Web Payments Face-to-Face meetings
   2. Identity, Payments, and Persona
   3. Web Payments Technical Specifications Strategy
Action Items:
   1. Create a Web Payments policy document that outlines the
      sort of technology that should be created by the Web Payments
      group.
Chair:
   Manu Sporny
Scribe:
   Dave Longley
Present:
   Dave Longley, Manu Sporny, Pindar Wong, David I. Lehn, Madhu Nott
Audio:
   http://payswarm.com/minutes/2013-10-09/audio.ogg

Dave Longley is scribing.
Manu Sporny:  I had a discussion with Lloyd from Mozilla Persona
   this morning about how we could leverage persona. We now have a
   way of achieving what we want through persona, he verified a
   number of things we needing him to verify, we can go over that
   discussion later on.

Topic: Web Payments Face-to-Face meetings

Manu Sporny:  we have a number of Web Payments meetings happening
   around the world
Manu Sporny: Upcoming Web Payments Face-to-Face meetings will be
   in:
Manu Sporny: Bay Area (Palo Alto, Mountain View, San Francisco)
Manu Sporny: Bali (Internet Governance Forum)
Manu Sporny: Hong Kong (Multinational Banks and Tech Sector)
Manu Sporny: Shenzen (W3C Technical Plenary)
Manu Sporny:  next week I'm traveling to the SF bay area, I'm
   doing a presentation at Google to the Chrome, Google Wallet, and
   requestautocomplete teams
Manu Sporny: https://payswarm.com/slides/2013/google-webpayments/
Manu Sporny:  that slide deck will likely change based on
   feedback from their payments team before i get there
Manu Sporny:  i'm also doing a bay area node.js meetup
Manu Sporny:  specifically, the talk i'm giving is on linked
   data, RDFa and JSON-LD
Manu Sporny:  later on in the week we're going to be talking with
   some other companies that don't want to be named publicly yet,
   fairly large tech companies
Manu Sporny:  after the bay area i'm flying out to Bali to meet
   pindar at the IGF
Manu Sporny:  and try and represent the web payments work that's
   being done here
Pindar Wong:  the objective is to raise awareness of the group
   and get others to participate where relevant, the taxation
   element is appearing a lot more in my conversations with bankers
   here in hong kong, it's more an outreach effort to make
   governments aware that this work is happening and one aspect that
   is to understand the future of mobile payments and where this
   group may fit in, and to understand how to tax how the various
   txns may occur there
Manu Sporny:  we have thought about the taxation aspects ... it's
   built into the payswarm protocol, depending on the country, etc.
   the payswarm payment processor can handle the taxes based on
   where the sender is, receiver is, etc.
Pindar Wong:  i think that's very attractive to hear and that's
   not an area that we typically harp on about but in this case it's
   a very nice feature set to mention
Manu Sporny:  you think it would be helpful to mention that in
   bali?
Pindar Wong:  absolutely
Pindar Wong:  a lot of peopel have no idea how to deal with the
   taxation aspect
Manu Sporny:  the mobile based stuff, a lot of people are saying
   there is no mobile web, it's just the web, the protocol works
   over mobile devices just like any other computer, which means the
   payswarm protocol taxation features work just the same over
   tablets, mobile devices, desktop, doesn't matter
Pindar Wong:  exactly, great
Manu Sporny:  next we'll be going to hong kong
Manu Sporny:  pindar has set up multiple meetings with banks/tech
   sector companies over 2 weeks while i'm there
Manu Sporny:  i should also point out that pindar has been
   incredibly generous with his time and resources to make sure we
   can go over to bali and hong kong to make this happen, it's
   greatly appreciated
Pindar Wong:  sure it's my pleasure, i'm trying to move the ball
   forward, to add one aspect, the HK meetings ... i sent the
   approx. time for public meetings, there will be some private
   ones, managing expectations from the financial regulators is one
   of the strategic aims and goals, dealing with money laundering,
   etc. it's early stage, it's probably a multiple year commitment,
   it's good to start off on the right foot,
Manu Sporny:  we've made a breakthrough with the KYC stuff with
   persona this morning i believe
Manu Sporny:  yes, talking to regulators is incredibly important
   and they aren't represented in the web payments group and it's
   been difficult to get meetings with them, if you can organize
   meetings for that, pindar, it would be very very helpful
Manu Sporny:  at the end of the HK visit i'm going to Shenzen to
   the W3C technical plenary
Manu Sporny:  we'll be telling everyoen about the web payments
   work and the workshop in paris in 2014
Manu Sporny:  the purpose of the workshop is to determine if the
   w3c should create a working group (made up of the w3c companies
   like bloomberg, mozilla, etc.) for web payments, ideally you get
   4 large companies that want to back the working group
Manu Sporny:  or 10 small companies
Manu Sporny:  it's clear that payments is a very interesting area
   taht these companies care about, it's just not clear what the
   exact technical work that the working group would take up,
   payswarm, identity, etc.
Manu Sporny:  this meeting will also be used to talk to all other
   groups that affect the web payments work
Manu Sporny:  for example the Web Crypto group will be working on
   tech that affects what we do, it helps making web payments easier
   to do and more secure, we have people from the sysapps group
   working on NFC and that would allow us to do like pay with your
   mobile phone through a web browser to an NFC device at a checkout
   kiosk, pay for movie ticket, groceries, etc. or just transfer
   money by tapping phones together
Manu Sporny:  so work at the technical plenary will be to join
   that group and make sure they have the web payments use cases in
   mind when they are creating these technologies
Manu Sporny:  aside from that there are other publishing groups
   there and meeting various other people, GSM association there,
   giving everynoe an update, giving a presentation on what we've
   been able to accomplish this year on web payments is all on the
   agenda, after shenzen is coming back to the states
Manu Sporny:  next is the web payments workshop which is in nov

Topic: Identity, Payments, and Persona

Manu Sporny: https://payswarm.com/minutes/2013-09-25/#topic-5
Manu Sporny:  chatted with lloyd@mozilla, head of persona team
Manu Sporny:  this morning, continuation of discussion from 2
   weeks ago, core here has to do with creating an identity
   mechanism for the web that is also useful to banks, financial,
   and govt institutions
Manu Sporny:  the idea is having an identity on the web that is
   capable of asserting that you are a citizen of a particular
   country, you are a certain age, live at a certain address, etc.
   all these things can be tacked onto this identity
Manu Sporny:  the payswarm work has a rough spec for what this
   would look like, and what we didn't know until this morning was
   if we could integrate web payments identity with mozilla persona
Manu Sporny:  for example, mozilla persona is meant to be email
   identity mechanism, simple, built into the browser
Manu Sporny:  all it does is provide website you're logging into
   with a verified email address, website doesn't have to verify
   your email address anymore, you just click to log in with your
   email address on a website and the website now knows the email
   address is valid and have an identifier for you
Manu Sporny:  the missing piece was the ability for the persona
   assertion, so when you have an identity provider like google,
   meritora, or payswarm and you can use an assertion that says this
   email address is real and belongs to the person holding this
   document
Manu Sporny:  the missing piece is being able to specify the
   payment processor for that identity or who controls that persons
   address/govt issued information/who is the gatekeeper for that
   info
Manu Sporny:  i talked with lloyd and we hammered out a rough
   plan for how to integrate with the web payments id mechanism
Manu Sporny:  the payswarm authority would become a persona
   identity provider
Manu Sporny: dave@meritora.com or dave@paypal.com
Manu Sporny:  so payswarm authority would give you an email
   address
Manu Sporny:  when you log into a website you'd select that
   identity
Manu Sporny:  when that assertion is sent to that website, it
   would not only contain your email address but also your web
   payments identity information
Manu Sporny: so, something like - paymentIdentity:
   "https://dev.payswarm.com/i/manu"
Manu Sporny:  that URL would be injected into the assertion, and
   the website can then bootstrap the rest of the process
Manu Sporny:  the website can hit that URL and retrieve the
   person's govt issue ID info, SSN, whatever that person permits
Manu Sporny:  lloyd felt that it was the best way to extend
   persona, it doesn't require much work for them, they are happy
   with us being the canary in the mine proving that this can be
   done
David I. Lehn:  what's the access control information for that?
Manu Sporny:  we'd have access control stuff that mirrors how we
   do it for payments right now
Manu Sporny:  so if a website wanted to get your shipping address
   they would make a request to the payswarm payment processor and
   then the processor would say access denied and say the user has
   to authorize you, then a pop up would show that the website wants
   certain information and the user has to say yes
Manu Sporny:  and then that information is sent to the vendor's
   website
Manu Sporny:  the vendor's request would just include what they
   want using a JSON-LD message
Manu Sporny:  does that answer your question?
David I. Lehn:  yeah, there are a lot of details there, but yeah
Manu Sporny:  yeah, the Read-Write-Web group are working on this
   problem too
Manu Sporny:  the persona people care a lot about this problem
   too but don't have spare cycles to work on it, he was very
   apologetic for not having more resources
Manu Sporny:  there are multiple other groups that care about
   this problem and are working on it as well
Manu Sporny:  so we'll have some help and coordination

Topic: Web Payments Technical Specifications Strategy

Manu Sporny:  some people haev been pinging me off line saying it
   seems like the group has been fairly scattered in its discussion,
   talking about bitcoin, philosophy of payments, DRM and
   censorship, meanwhile we have mozpay and payswarm and discussions
   around the world with banks, financial institutions and tech
   companies, to anyone who just joined the group it seems like a
   wall of information
Manu Sporny:  they are being hit with and it's raising the
   question, where is the group going to focus its time ...
Manu Sporny:  is it going to be a lot of discussions where we
   pick something out of the soup or do we have a clear technical
   path
Manu Sporny:  this is going to be an issue when we try to create
   the working group
Manu Sporny:  the question that will be asked is "what is the
   technical output of this group going to be?"
Manu Sporny:  we won't get a group until we have a clear answer
   for that
Manu Sporny:  we could start this conversation off by talking
   about the things that are more or less done or could be
   standardized soon
Manu Sporny:  so let me get some of the specs up here
Manu Sporny:  in general, there are specs that are going through
   that would go through without the web payments group, RDFa is
   already a REC, it's done, and we use RDFa to express products for
   sale on the Web, that work started in 2004 and we were done in
   2008 and a new version was published just this year 2012-2013:
   http://www.w3.org/TR/rdfa-core/
Manu Sporny:   http://www.w3.org/TR/html-rdfa/
Manu Sporny:   JSON-LD is the technology we use for the financial
   messaging: http://www.w3.org/TR/json-ld/
Manu Sporny:  we have 6 implementations with 5 that pass all
   tests
Manu Sporny:  other implementations are out there that are
   limited
Manu Sporny:  we are trying to get the spec out this year but
   some process stuff is getting in the way
Manu Sporny:  so for the payswarm and mozpay stuff we have
   prereqs out there
Manu Sporny:  at the end of the mozpay discussions it was
   sounding like they wanted to use JSON-LD
Manu Sporny:  it sounds like, for the future of the web, it looks
   like JSON-LD is the messaging format
Manu Sporny:  it seems like JSON-LD is favored
Manu Sporny:  those are things that will be done regardless of
   whether or not there's a web payments group
Manu Sporny:
   http://json-ld.org/spec/latest/rdf-graph-normalization/
Manu Sporny:  we have a number of specs that could be put into
   the web payments group
Manu Sporny:  there's somethign called RDF dataset normalizatoin
Manu Sporny:  it is used to make sure messages can be digitally
   signed and verified
Manu Sporny: https://payswarm.com/specs/source/http-keys/
Manu Sporny:  we need dataset normalization in order to have any
   of the payments stuff work out, or we have to use the JOSE spec
   and it isn't ideally suited for financial/extensible tech
Manu Sporny:  we could also include the http-keys spec, this
   allows us to do digitally signed messages, to do requests for
   transactions that are digitally signed in json-ld, we have a nice
   Web PKI that's a result of this messaging spec
Manu Sporny:  it also does KYC on the Web which ties in nicely
   with persona
Manu Sporny:  that's a pretty solid argument for the w3c for
   picking it up
Manu Sporny:  there are at least 2 specs that the web payments
   group could kick off with that are more or less done, we wouldn't
   have to do much with them
Manu Sporny:  those are foundational payment technologies, they
   are generic ... they could be used for anything, the argument
   that they should go into the web payments group is a discussion
   we'll need to have
Manu Sporny:  that brings up to the meat of the issue
Manu Sporny:  so what are we standardizing as the payment
   protocol here?
Manu Sporny:  we have bitcoin, which is being standardized at the
   bitcoin foundation, they haven't been heavily involved in the web
   payments group but there has been discussions here
Manu Sporny:  they dont' have spare bandwidth to go off and write
   bitcoin specifications, they mostly do code
Manu Sporny:  the idea that we would end up working on
   bitcoin-specific technology is probably not going to happen in
   the web payments group
Manu Sporny:  unless we get a lot more contributions from that
   community
Manu Sporny:  the other group is Ripple, we've been having good
   offline communications with them, their protocol is open and on
   the web, their source code is open, the Ripple folks have been on
   these calls before and they have wanted to figure out a way to
   work with the web payments group
Manu Sporny:  i don't think we'll have anything by 2014 to work
   on, but i am having meetings with them soon so that could change
Manu Sporny:  the third thing that could be used on the web
   payments group is a generalized payment frame that is not
   spoofable or is whitelisted and this used to be part of mozpay
   and it's something that mozilla is interested in pursuing there
   is no spec for it, just ideas floating around for what it could
   be
Manu Sporny:  the purpose of the frame was initially for web
   payments, but now they seem to be on shaky ground for what they'd
   want to standardize
Manu Sporny: https://payswarm.com/specs/source/web-payments
Manu Sporny:  that brings us to payswarm
Manu Sporny: https://payswarm.com/specs/source/web-commerce
Manu Sporny:  there's several specs for payswarm we could work on
Manu Sporny: https://payswarm.com/specs/source/payment-intents
Manu Sporny:  those specs are in a fairly rough state, but are
   certainly in a position to be picked up by a web payments working
   group
Manu Sporny: https://dev.payswarm.com/
Manu Sporny:  we have solid implementations for the specs so we
   know that they work from a technical standpoint that they work
Manu Sporny:  so the question is what should we propose to the
   w3c for standardization
Manu Sporny:  our organization, Digital Bazaar, is really pushing
   the payswarm stuff, mainly becauset here's nothing else that does
   what it does
Manu Sporny:  we don't yet have Ripple saying they want a w3c
   spec or standard, same for bitcoin, we do have the people that
   that are working on the payswarm stuff
Manu Sporny:  that stuff is improving and we are updating the
   specs and standards as we go
Manu Sporny:  as far as i see it, the only potential pitch we
   have for the w3c is that we would like to standardize the
   identity and payments stuff that payswarm has outlined and the
   RDF dataset, http-keys specs
Manu Sporny:  we would also like to standardize some kind of
   secure browser frame that mozilla is going to be working on over
   the next year
Manu Sporny:  whether or not that will fly at a group level or
   not i have no idea
Manu Sporny:  at this point we have 100 people in the group and
   it's pretty difficult to get a read on where the group wants to
   head
Dave Longley:  I suspect that the group would be okay with the
   path, we could say that's the path we think we should take and
   see what they say. [scribe assist by Manu Sporny]
Pindar Wong:  all the payswarm work you've done is very open and
   transparent and i'd agree with that
Pindar Wong:  that's very clear and consistent with what i
   understand from the list
Pindar Wong:  the intersection of policy and technology here is
   quite intricate, and i do think some of the discussions happening
   are quite important, it might be good to add some structure to
   separate between technology and policy in those discussions
Pindar Wong:  some bifurcation might be necessary
Manu Sporny:  one of the things we've tried to avoid in the past
   is to create separate mailing lists
Manu Sporny:  these things, as you said, are intricately linked,
   it's hard to talk about tech without mentioning policy
Manu Sporny:  philosophical discussions have a direct impact on
   the tech built
Manu Sporny:  it's important to separate them where we can, but
   often we come back to core philosophical discussions and they
   tend to be painful and drag out for a long time, but it's
   improtant to understand the philosophy that's underpinning the
   decisions being made in this group
Pindar Wong:  what i was suggesting then was a reference document
   or wiki that could state the status of the participants or their
   values/principles or architectural principles as a statement of
   policy because you are implementing policy through the code that
   is written, i guess get something more document driven is what
   i'm edging for
Manu Sporny:  i agree, there are fundamental things here like
   tech created by the web payments group must be usable by people
   in emerging nations, industrialized countries, people on mobile
   devices, without leaving anyone out
Manu Sporny:  tech should be accessible to all, take into account
   people with disabilities, people who don't have access to
   infrastructure like banks, outlining those things in a document
   would be very useful
Manu Sporny:  they get lost in the mailing list
Manu Sporny:  we need to have a document that ends up formalizing
   that kind of stuff
Manu Sporny:  if we can direct that energy to a document i'm very
   supportive of that, the mailing list being the history of how
   that derived is very important
Manu Sporny:  anything else on the direction/proposing it to the
   group?
Pindar Wong:  i think this is a very productive conversation to
   have this time of year, there needs to be technical discussions
   to get work done and progress made
Manu Sporny:  it's not that w3c will be inflexible about this,
   it's just about the fact that when a group gets chartered, it
   needs to have a clear list of things ... if you had things you
   have to go through a 6 month process to get rechartered
Manu Sporny:  if we say we're going to do RDF dataset
   normalization, http-keys, and payswarm
and the frame window
Manu Sporny:  and it will take 4 years to finish, but if mozilla
   wants to change something or add to it, in order to get it to
   standardization we have to recharter the group and go back to the
   w3c companies and get approval
Manu Sporny:  it ends up taking months to do
Manu Sporny:  so the only reason i'm saying that we have to
   propose something at the workshop is that we have to make sure we
   have something for the initial charter
Pindar Wong:  absolutely makes sense
Pindar Wong:  so the conversation on this list is really
   important leading up to 2014
Pindar Wong:  so everyone is in the best possible position for
   next year
Pindar Wong:  if the policy document could be done by early next
   year would be great and would see if this group will be coherent,
   etc.
Manu Sporny:  maybe we should just kick start that policy
   document this week or next
Pindar Wong:  it would be lovely to be able to farm off this
   discussion into an area where policy level inputs, regulators,
   etc could all be participating
Pindar Wong:  let's raise this at the IGF and see what comes
   forward, try to get that domain expertise participating at the
   right time at the right level
Pindar Wong:  it would be good to mention at the IGF we're at the
   process of doing this, making it document driven would be very
   useful
Manu Sporny:  ok that gives us something very concrete to work on

ACTION: Create a Web Payments policy document that outlines the sort of
technology that should be created by the Web Payments group.

Dave Longley:  If we're going to have a policy document, we may
   want to have a document to say which technologies are intended to
   implement it. [scribe assist by Manu Sporny]
Pindar Wong:  Absolutely agree with that. [scribe assist by Manu
   Sporny]
Manu Sporny: https://payswarm.com/specs/source/use-cases/
Manu Sporny:  we could probably drive it off of the payswarm use
   cases
Manu Sporny:  those use cases are kind of a pseudo policy
   document

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/
Received on Wednesday, 9 October 2013 18:06:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC