W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2013

Re: The path forward for Web Payments

From: Mountie Lee <mountie@paygate.net>
Date: Mon, 28 Oct 2013 10:15:47 +0900
Message-ID: <CAE-+aYKYAk59mj1FdRgNiq7if1CrUXxj5yyfSR-A332BQn319Q@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
I have added my comments

On Tue, Oct 22, 2013 at 8:10 PM, Manu Sporny <msporny@digitalbazaar.com>wrote:

> Hi all,
> Discussion on this mailing list has picked up quite a bit as of late and
> we're starting to cover a very diverse set of topics. That's great, as
> it shows that this group is bringing a great deal of different
> perspectives into the work that we do here.
> The diversity of discussion is not without its drawbacks. During my
> visits with the larger tech companies and organizations on this list (in
> NYC, Silicon Valley, and Bali), it's becoming apparent that the variety
> of discussion is also creating some amount of confusion over the
> direction of the Web Payments work.
> We're also approaching a deadline, which is the creation of the charter
> for the Web Payments group. We're going to need to propose /something/
> at the February 2014 workshop on Web Payments in Paris. We're also going
> to need to start converging on some set of proposals that we think
> should be input documents into the Web Payments Working Group.
> What follows is a rough proposal based on the specifications that we
> have right now that could be input documents to the Web Payments WG.
> Keep in mind that this is just a proposal and nothing is set in stone.
> The proposal is broken into 3 broad categories: specs that are almost
> done, specs that could be drafts, and specs that we need to create.
> Specs that are almost done
> --------------------------
> In general, these specs were created out of necessity for the Web
> Payments work. There are other groups that were capable of progressing
> the work faster than we could here, so in each case, a number of us from
> this group joined the other groups to progress the work there. These
> specs would not be included in the Web Payments WG charter, but are very
> relevant to the work that this group is doing.
> RDFa 1.1 - Technically, RDFa 1.1 is done and shipped. We needed RDFa to
> express products in a decentralized way on the Web. There could be
> improvements made to RDFa, like the addition of a @graph keyword to
> support graph signing, but it's not required for any of the specs we're
> working on right now.

==> start to reading document

> JSON-LD - This spec passed the Candidate Recommendation phase at the W3C
> last week and will most likely proceed to Proposed Recommendation soon.
> It'll be another month for voting after it enters PR, but if the votes
> are good, then it'll be an official Recommendation six weeks after it
> enters PR. We use JSON-LD to express identities, products, transactions,
> contracts, and in general, all PaySwarm messages are built on top of

==> start to reading document

> HTTP Signatures - This spec is waiting on the examples to be updated. I
> just haven't found the time to do it and publish it via IETF. The
> technical stuff in the spec has been done for some time, and we have two
> implementations. HTTP Signatures are used over HTTPS for programmatic
> access to PaySwarm payment processor REST APIs.

==> please inform the link for HTTP SIgnatures.
==> what is different from JOSE format of IETF?
==> generating signature is already touched at WebCrypto API

> Specs that could be drafts
> --------------------------
> These specifications are being actively developed, either in this group
> or another group. The specs have an editor and implementations that are
> being actively developed. These would be in the set of work that the
> first generation Web Payments WG would work on.
> HTTP Keys - a secure and verifiable messaging mechanism built using
> Linked Data principles to produce a distributed Public Key
> Infrastructure for the Web. We need to update this spec to match current
> implementations, but a good enough chunk of it is there and could easily
> become a first draft of an official W3C WG.

==> what is different from JOSE + WebCrypto API combination?

> RequestAutocomplete - a mechanism of auto-filling form data with things
> like credit card information, address information, etc. Google is
> probably not going to have much of an issue putting this through W3C via
> Web Apps, but the Web Payments group could be another venue that they
> could use to publish the specification.

==> where the sensitive information stored?
==> if at UA side, how to protect it? by the key provided from server?
by the key generated at UA? who own the key?
==> if at Server side, I don't agree it.

> Web Payments - the base layer of the PaySwarm architecture; enables the
> creation of a monetary transaction between two participants on the Web.
> Again, the spec is badly out of date, but it wouldn't take that much
> work to bring it up to date with the current implementation and produce
> a first draft for an official W3C WG.

==>  I failed to catch concept of PaySwarm by reviewing web site draftly.
it seams showing use cases.
==> could you share the link for more technical details?

> Web Commerce - the electronic commerce portion of the PaySwarm
> architecture; enabling the decentralized listing of assets for sale and
> the transaction of those assets resulting in a digitally verifiable
> receipt between the buyer and the vendor. Same as above. Specs out of
> date, needs to be updated based on current implementation.

==> please inform the link for Web Commerce

> Specs that we need to create
> ----------------------------
> Payment Intents - the parameterized transactions layer of the PaySwarm
> architecture; enables decentralized crowd-funding for innovative
> initiatives and projects. We need to re-think this specification. We do
> want to support crowdfunding as a first-class function of a Web Payments
> solution. However, with the advent of Ripple, the way that we go about
> that might be different than when we wrote this specification.

==> can focus after understanding PaySwarm architecture.

> RDF Graph Normalization - At times, it becomes necessary to compare the
> differences between graphs, digitally sign graphs, or generate short
> identifiers for graphs via hashing algorithms. This spec outlines an
> algorithm for normalizing RDF graphs such that the previously described
> operations can be performed on the normalized graphs. This is necessary
> for the HTTP Keys spec to work as well as any of the digitally signed
> messages for the PaySwarm specs to work. The algorithm is horribly out
> of date and needs to be updated, and unfortunately, that's going to be
> very time consuming due to the complexity of the deterministic graph
> node/edge sorting algorithm.
> Web Identity - this specification describes how you do Know Your
> Customer using the HTTP Keys specification. It would describe how you
> read and write information to a PaySwarm identity (or any identity URL).
> It would also seamlessly integrate into Mozilla Persona such that you
> could login with Persona and then the website could request extra
> information from the identity owner such as shipping address, government
> issued ID card data, etc. It's somewhat of a competing spec to
> RequestAutocomplete, but given that it only exists in a few people's
> heads right now, it's going to take some work to get the first draft of
> it ready for consumption.
> Secure Frame - This is the direction that the MozPay specification seems
> to be taking. This approach was suggested by Kumar and would be used to
> create a whitelisted payments/secure exchange dialogue that would be
> very difficult to spoof by attackers. This dialogue could be used by
> payments companies to implement proprietary as well as open buyflows.

==> have interest for it.
==> the secure frame should be sandboxed even from internal attack when OS
was compromised.

> External Payment Initiation - We've been talking with a few
> organizations that do payments that would like a way to initiate a
> payment within the browser and then hand the transaction execution off
> to an external application. The general concept needs to be worked out,
> and we need to find editors for this specification. If we can get
> something together for this in the next 4 months, we stand a good chance
> at getting a first draft ready before the Web Payments WG is chartered.

==> the concept is similar to my suggestion (ECIS).
==> If we have more wider view, it can be deployed to more areas (payment,
identifying, delivery, currency exchange...)

> ------------------------------**------------------------------**------
> The general plan for this group would be to propose that the specs that
> could be drafts would be included in the work that the Web payments
> group does. A subset of the specs that we still need to create would be
> included in the charter as optional deliverables if we can find editors
> for those specifications and we get a good first draft done in the next
> 3-4 months.
> So, what did I miss or exclude that probably should be included? There
> is a lack of Bitcoin-related specs only because we haven't had anyone
> from the Bitcoin community step forward and propose a set of specs to
> take through W3C. The same applies for Ripple at this moment in time.
> Are there any specs that should be added? Should some be removed?
> Thoughts and general debate on the direction would be appreciated at
> this point. :)
> -- manu
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Meritora - Web payments commercial launch
> http://blog.meritora.com/**launch/ <http://blog.meritora.com/launch/>

Mountie Lee

Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

PayGate Inc.
for Korea, Japan, China, and the World
Received on Monday, 28 October 2013 01:16:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:25 UTC