- From: Joseph Potvin <jpotvin@opman.ca>
- Date: Thu, 10 Apr 2014 14:43:05 -0400
- To: Web Payments CG <public-webpayments@w3.org>
Just a link on another useful "business architecture" document from UNCITRAL that establishes parameter for cross-border commercial (business-to-business) buying/selling of goods (not services): http://cisgw3.law.pace.edu/cisg/text/treaty.html and this guide: http://www.cisg.law.pace.edu/cisg/guides.html On Wed, Apr 9, 2014 at 2:30 PM, Joseph Potvin <jpotvin@opman.ca> wrote: > Minor edit: > > Joseph Potvin: To give an example of the degree of headache: in 1978, > the Bank of Montreal was shipping dollar $5 bills and had an accident > where the truck transporting the bills burned. The legal case went to > the Supreme Court and question was whether or not the Bank of Canada > should re-issue the those $5 bills. Are these bill "money itself" or > are they "promissory notes" for the money? The result was a Supreme > Court split decision 3-3. An interesting case synopsys is here: > http://www.rdo-olr.uottawa.ca/index2.php?option=com_sobi2&sobi2Task=dd_download&fid=891&Itemid=842 > > On Wed, Apr 9, 2014 at 1:55 PM, <msporny@digitalbazaar.com> wrote: >> Thanks to Dave Longley for scribing this week! The minutes >> for this week's Web Payments telecon are now available: >> >> https://web-payments.org/minutes/2014-04-09/ >> >> Full text of the discussion follows for W3C archival purposes. >> Audio from the meeting is available as well (link provided below). >> >> ---------------------------------------------------------------- >> Web Payments Community Group Telecon Minutes for 2014-04-09 >> >> Agenda: >> http://lists.w3.org/Archives/Public/public-webpayments/2014Apr/0018.html >> Topics: >> 1. Internet Governance Forum 2014 >> 2. Getting United Nations' CITRAL Involved >> 3. Web Payments Workshop Review >> 4. Identity, Anonymity, Privacy, and Security >> 5. Current and Future Payment Systems >> 6. Initiating Payments and Digital Receipts >> Chair: >> Manu Sporny >> Scribe: >> Dave Longley >> Present: >> Dave Longley, Manu Sporny, David I. Lehn, Pindar Wong, Joseph >> Potvin, Brent Shambaugh >> Audio: >> https://web-payments.org/minutes/2014-04-09/audio.ogg >> >> Dave Longley is scribing. >> Manu Sporny: Additional to agenda, Joseph said he wanted to talk >> about UNCITRAL stuff he'll be involved in during the next few >> weeks. >> Manu Sporny: Any other updates/changes to the agenda? >> David I. Lehn: Nope >> No other updates noted. >> >> Topic: Internet Governance Forum 2014 >> >> Manu Sporny: http://www.intgovforum.org/cms/ >> Manu Sporny: If folks will remember, last year we participated >> in the IGF, as a result, a number of orgs from there came to the >> web payments workshop, specifically, the british computer >> society, they had great input on identity, the world bank came as >> well, played a very big part talking about needs of world w/web >> payments >> Manu Sporny: There were a number of other orgs as well, it was a >> very good outcome based on our participation in IGF. >> Manu Sporny: So we should think heavily about how we should >> participate, Pindar, any thoughts? >> Pindar Wong: Yeah, i'd like to speak in favor of our >> participation, if you recall last year we tried to design it so >> there were follow-on activities, so it would be more than just >> talking about policy issues involved, i'd like to also structure >> it so that any output from this years IGF and any other meetings >> can be fed into W3C this year >> Pindar Wong: One of the things that came up from last year was >> the tremendous interest in the web payments work and we'd like to >> deal with the issues more than just once a year, there's an >> interest in more than just talking about the issues, wanting to >> move forward w/actions >> Manu Sporny: Talking about where we should take what can be >> standardized is what we want to do, we have to get into consumer >> rights issues, anonimity issues things we got from talking about >> identity at the workshop, outlining the stuff that will happen at >> w3c on identity and getting input from IGF and talk about getting >> them to influence the work by discussing w3c's official group >> that will be looking at this >> Manu Sporny: We're going to be creating technical standards, if >> people at IGF want to get involved they can come to w3c and work >> with the group >> Pindar Wong: Yes, moving from the theoretical to the practical >> is very important, the deadline is 15th of april, so if we want >> to participate we have to get cracking >> Pindar Wong: I'd be very happy to work with you to get something >> put together >> Pindar Wong: I think seeing the results from last time is a >> positive indicator we should go, it would be worth while, i'd be >> happy to work with you to flesh out a proposal >> Dave Longley: I agree w/ Pindar's thoughts - getting more >> feedback on the identity work would be helpful. [scribe assist by >> Manu Sporny] >> Manu Sporny: Pindar were you thinking of focusing on web >> payments or identity+web and security implications, etc? >> Pindar Wong: Given response from last year, the interface >> between identity and web payments is the crux of the issue and >> the IGF is a really good place to have dialog about interfacing, >> the issue of identity+identifiers with respect to payments is >> where we ought to focus >> Pindar Wong: Its the interface that's important, the payment is >> the motivation. Ddealing with the interplay with identity and >> anonymity is important and vital to address, etc. >> Pindar Wong: Last year i made a mistake of not controlling >> presentation time and we can correct that this year and get a lot >> of good policy-level feedback on areas we would not normally have >> access to >> Brent Shambaugh: +1 >> Manu Sporny: The one thing we were really missing at the web >> payments workshop was that kind of policy input, so IGF is >> important to get feedback from >> Manu Sporny: So maybe Pindar and i can take this offline and >> report back to CG later >> Pindar Wong: I'll have some time to work on this for the next >> few days >> Manu Sporny: Good, let's work together on this. We'll take it >> offline and report back to the group when we have it figured out. >> Anything else on IGF? >> Nothing else on IGF. >> >> Topic: Getting United Nations' CITRAL Involved >> >> Joseph Potvin: Is anyone familiar with UNCITRAL? >> Pindar Wong: Yes, i am a bit >> Joseph Potvin: They focus on international trade law has some >> working groups for ecommerce and has a number of initiatives that >> seem to me to provide the legal environment in which the whole >> discussion w/w3c web payments seems to be situated, they way it >> works is they have delegates from numerous countries, they've >> been doing ecommerce since 80s, countries have their own legal >> positions, they produce a model/template law and that is taken >> and interpreted into the legal context of each participating >> country, as a result each country's legal tradition comes in, but >> across borders there are some common things that come into play >> because of the template, etc. >> Joseph Potvin: A fair bit of work on nitty gritty details of >> ecommerce trying to determine the specific thing that is being >> moved around with the various ecommerce payments alternatives, >> whether a digital packet of money going around or is meta data >> about money, and if meta data, what is it, is it a bill of >> exchange a promisory note, etc. when writing software you have to >> be really clear about classes and properties, etc. >> Pindar Wong: The point about terminology about promissory notes >> and negotiable instruments, and getting to know the terminology >> in this space is really important if only to avoid potential >> friction later on, the terminology is quite key >> Joseph Potvin: To give an example of the degree of headache: in >> 1978 the bank in canada in montreal was shipping dollar $5 bills >> and had an accident where the truck transporting the bills >> burned. The legal case went to the supreme court and question was >> whether or not bank could get money back by reprinting, split >> decision 3-3 >> Joseph Potvin: Even at highest court there is disagreement with >> what we're dealing with >> Joseph Potvin: In the case of w3c potential specifications, i >> don't think we want to have ambiguity about the classes we're >> dealing with, so there's a legal side and a technical side to >> this, on tech side legal stuff becomes requirements for what's >> being coded, etc. >> Joseph Potvin: Accounting entries that cause numbers to go >> up/down aren't money moving around and are at a level of systems >> architecture but it will be problematic if the community gets >> them wrong and courts start deciding that things are invalid >> Joseph Potvin: Example link on UNCITRAL: >> http://www.uncitral.org/pdf/english/workinggroups/wg_4/wp_120_e.pdf >> Manu Sporny: I definitely agree that we need to get the >> terminology right and make sure that it lines up with >> international law, my concern is that we dont' want to create >> some kind of blocking item that prevents tech work from happening >> because we're waiting for legal decision to play out >> Manu Sporny: This is the UN so it works in broad strokes, not >> low-level technical detail >> Manu Sporny: There may be a mismatch with high-level vs. >> low-level language and a speed mismatch with how quickly w3c can >> work vs. UN >> Pindar Wong: The phasing and expectations of when useful output >> from this group might interface is quite an important one, i >> think there is a phasing issue where these processes are >> deliberate and slow moving but i wouldn't actually say them >> informing our process is the right perspective, i'd look at it >> the other way around, getting them to shape their processes as >> ours evolve, the flow of the direction is a little bit back to >> front >> Manu Sporny: I think that since Joseph is volunteering to >> participate in that work and is very motivated to do so, we >> should have him reach out to that group and be the liason. >> Pindar Wong: Absolutely, i'm in full support, nothing i've said >> should imply otherwise >> Manu Sporny: I agree, joseph should reach out and liaise with >> them >> Manu Sporny: But i agree with you pindar that the faster moving >> w3c process should inform the slower moving UN proecss >> Pindar Wong: After first year they should be very aware of this >> group's existence >> Manu Sporny: So in general, if Joseph wants to interface with >> that group, we should make first contact with them, make them >> aware of the work at W3C CG and the potential upcoming IG, and we >> want faster moving group to provide input to the slower moving >> group (faster=w3c cg, slower=UN) >> Manu Sporny: And then there's a feedback loop where we get input >> from UN and put back into w3c cg >> Joseph Potvin: I was just talking to someone on phone about w3c >> having observer status with that working group and i will follow >> up >> Manu Sporny: It would be Wendy or Rigo. I'd be surprised if any >> one of them can make it, but they'd be the contact at w3c >> Joseph Potvin: I'll try and arrange for w3c to have observer >> status and see if i can be the observer >> Manu Sporny: Definitely clear that with w3c first, do not say >> that you're representing them. >> Manu Sporny: You can't use their name without their permission >> Joseph Potvin: Of course, I was going to clear it with them >> first. >> Manu Sporny: It sounds like there's al ot of positive upside as >> long as we don't tie two groups together too tightly >> Joseph Potvin: Bitcoin a good example of not getting legal stuff >> working early on then with a stroke of a pen all the tech work >> becomes bogged down by the legal ramifications. >> Joseph Potvin: My experience over past 15 years working on this >> kind of thing ... as long as lawyers are comfortable with >> concepts being straightened out then they can move pretty quickly >> Manu Sporny: Let us know if you need anything from us, otherwise >> ball is in your court, go ahead and make first contact, let us >> know how things go >> Joseph Potvin: :-) I'll leave it at that. I'll follow up with >> Wendy Selzer and keep you al l informed >> >> Topic: Web Payments Workshop Review >> >> Manu Sporny: http://www.w3.org/2013/10/payments/minutes/ >> Manu Sporny: Web payments workshop very successful, more so than >> we thought there would be, lots of problems brought up (identity, >> payments) and general feeling that w3c should do something about >> them >> Manu Sporny: We could have found out that there was no desire >> for w3c to address these problems, instead orgs thought there >> were lots of problems and w3c could and should solve them with >> relatively narrowly scoped work. >> Manu Sporny: Minutes were cleaned up by web payments cg, we've >> gotten compliments about how nice they are, etc. there are 14 >> hours of minutes there so we can't go through all of them of >> course >> Manu Sporny: We can hit 3 highlights on the call today, spending >> about 10 minutes per highlight ... any questions in general about >> workshop? >> Pindar Wong: Slides were excellent and thanks for taking such >> outstanding notes >> Brent Shambaugh: +1 >> Manu Sporny: W3c has a great history of being very open and >> transparent for these events and running them, etc. >> Manu Sporny: Half of the people coming to the workshop were new >> to w3c and chatter afterwards was that attendees were very >> impressed with the community and people were trying to solve >> problems of a technical nature and not getting stuck on policy, >> etc. and most felt that everyone was really on point for most of >> the time there >> >> Topic: Identity, Anonymity, Privacy, and Security >> >> Manu Sporny: We're kind of going out of order ... it's ordered >> by items with most about interest at workshop >> Manu Sporny: First item was somewhat tangential to payments, >> there was a big push at the workshop to try and address the >> identity problem on the web >> Manu Sporny: >> http://www.w3.org/2013/10/payments/minutes/2014-03-25-s6/ >> Manu Sporny: In order to do a payment of any sizeable amount you >> have to sort out the identities involved in the transaction, to >> establish trust and sort out know-your-customer and anti money >> laundering issues, etc. >> Manu Sporny: Identity was a huge topic at the workshop, 70% of >> the papers submitted stated that identity was a serious issue on >> the web, that we needed to figure out at a way to transmit >> personal credentials without violating privacy, even for >> incredibly low-value transactions you currently have to give otu >> too much personal data >> Manu Sporny: There was a debate, one group saying eradicating >> anonymity, another one saying eradicating that would be like 1984 >> future, etc. good debate >> Manu Sporny: Folks involved in the discussion were IETF, >> qualcomm, microsoft, w3c talking about webcrypto API and role >> played in identity space, Louise Bennett from the Chartered >> Institute for IT (British Computer Society) did a phenomenal job >> talking about balance between anonymity and privacy and security >> and balancing with the law, etc. >> Manu Sporny: End result, personal opinion here, it would be very >> difficult for w3c to ignore identity problem for much longer >> Manu Sporny: Big swell of w3c companies wanting to address the >> identity problem, 1. by itself it's a problem on the internet, 2. >> for payments use cases we have to figure identity problem out >> Manu Sporny: Any thoughts so far? >> Pindar Wong: Do you recall any specific comments bout Lucy Lynch >> from ISOC? >> Manu Sporny: She wasn't there, Karen O'Donahue was (from IETF / >> ISOC). I emailed Lucy and she said she couldn't make it ... sent >> karen on her behalf >> Manu Sporny: Karen did digital signature stuff at IETF, she >> co-chairs the JOSE working group. >> Manu Sporny: Hannes Tschofenig in charge of OAuth work at IETF >> and strong proponent for getting anonymity and privacy right, was >> speaking on behalf of privacy and identity, and wendy seltzer >> from w3c were some of the strongest voices for supporting >> anonymity and privacy from day 1 >> Pindar Wong: I value Lucy's opinion/views deeply, she's a great >> star in this area, so was curious >> Manu Sporny: She did help shape agenda for workshop, but was >> unfortunate she had a conflict and couldn't make it >> Manu Sporny: It was interesting because at w3c ... i spoke with >> some w3c staff ... and my general input was you're going to have >> to do something about identity it's clear, and w3c said they >> tried to do something about this 3 years ago, we had a workshop >> and it wasn't clear what identity was, the problem wasn't clearly >> defined, and w3c is wary about picking it up again because it >> wasn't clear what identity is on the web, and it means a wh ole >> bunch of different things to different people, but now there are >> w3c orgs that want to solve very specific identity issues, like >> transmitting credentials across the web ins a secure, private >> way, passport, license ID, citizen of a particular >> state/province, whether you have a degree from a university, an >> email address is another type of verifiable credential, etc. >> Manu Sporny: We have put out the "Identity Credentials" >> specification via the Web Payments CG, OpenID Connect also >> exists, as do things like LTI - so we're not starting from >> scratch: >> Manu Sporny: http://manu.sporny.org/2014/credential-based-login/ >> Manu Sporny: There's a blog post out there about this, it's a >> call for a credential-based login, there's a spec built someway >> off of persona, reuses best bits of web payments work, puts a >> stake in the ground to build off of, etc. >> Manu Sporny: Pindar, if you could make her aware of the Identity >> Credentials spec work in the CG that would be great >> Manu Sporny: I'll be pushing this myself in various places, >> we'll also be having a w3c plenary later where this proposal will >> be on the table in october, so this is something concrete to look >> at >> Pindar Wong: Since we have IGF 2014 in september, plenary in >> october, maybe focusing on the identity issue would be best >> Joseph Potvin: I provided a link on identity management in IRC, >> which connects in because it provides the pathway to communicate >> on all of this stuff with the ministries and departments of >> justice in these countries where this will matter where these >> things must be permitted within these jurisdictions, so once >> again it goes beyond the technical ability to resolve these >> issues, it also has to do with linkage w/justice departments, >> etc. >> Brent Shambaugh: For security, I was trying to reach out to >> OWASP. Could I drop a link? >> Manu Sporny: I agree, please get them involved and aware that >> this is going on. >> Brent Shambaugh: >> https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risk >> Manu Sporny: Security was also a big thing that went along with >> identity, just like security+payments, brent added link about >> OWASP, can you give a background? >> Brent Shambaugh: It's an open source security group that deals >> with mobile security. >> Brent Shambaugh: They have a top 10 mobile problems list - >> password, identity, securing sensitive data, things like that. >> Brent Shambaugh: I was really impressed with what they had put >> together, check out the Top Ten Mobile Risks list they have >> above. >> Manu Sporny: Maybe one of the things we could do is just invite >> some of the OWASP people onto the call and chat with them, talk >> about there's work at w3c that might start in the next year, we'd >> like their input on it, etc. >> Manu Sporny: Maybe also contact Natasha Rooney at GSMA as she >> may be in contact w/them as well. >> >> Topic: Current and Future Payment Systems >> >> Manu Sporny: >> http://www.w3.org/2013/10/payments/minutes/2014-03-24-s3/ >> Manu Sporny: This had to do with ... they got all of the big >> providers, big payment companies on stage to talk about where we >> are currently and where we need to go, there was a pretty big gap >> between what the current banks and payments companies were >> talking about and what folks like ripple labs and bitcoin >> companies and to some degree w3c were talking about >> Manu Sporny: The groups were Worldline, The World Bank, Ripple >> Labs, The US Federal Reserve, CoinApex, and many others. >> Manu Sporny: We didn't have a lot of feedback from the banks ... >> their position was mostly that nothing was so wrong that we >> couldn't make minor changes to make progress, etc. the input from >> the cryptocurrency providers was that there were fairly big >> problems that need to be addressed, international remittances, >> for example are absolutely awful, there was a lot of back and >> forth for where this w3c standard would go, the clear outcome >> from that was that there was nothing w3c could do to really >> modify current payment systems in the world, the w3c standards >> will have to apply to emerging nations w/no real banking >> infrastructure, or they will have to layer on top of existing >> payment systems today, the top layer will have to simulate the >> complex underwriting below >> Manu Sporny: So payments will look faster to the customer but >> will still use old infrastructure underneath, which we expected >> Manu Sporny: In the CG, we just need to build a shim that would >> hide complexities of the old system >> Manu Sporny: The other thing is we can't create anything that >> changes the fundamental movement of money in the first iteration >> of this technology >> Manu Sporny: So the thing we need to focus on has more to do >> with consumer facing tech ... than with back end banking systems. >> Joseph Potvin: Connie, from the US Federal Reserve, indicated >> that there were technologies in Bitcoin that could improve >> payments for ACH-based systems. >> Joseph Potvin: GIRO (spanish word, pronounced "Hero") banking is >> about moving money around but doesn't actually move money around, >> it's just a distributed accounting system >> Joseph Potvin: Here is a nice summary of how GIRO works -- see >> the diagram on pg 2 >> http://www.abs.org.sg/pdfs/Financial/GIRO/IBG_Procedures.pdf >> Joseph Potvin: One account goes up the other goes down >> Joseph Potvin: And it can handle conversions as well, ACH is >> like this system >> Joseph Potvin: The reserve bank of india is in the process of >> setting one up as well, these are different from other currency >> systems because the other ones move digital packets around >> Joseph Potvin: And this is just accounting >> Joseph Potvin: I'd like to reinforce what she said about that >> Joseph Potvin: More attention should be paid to GIRO banking as >> well >> Manu Sporny: What i'm trying to get across is that our ability >> to change ACH with a W3C spec is almost non-existent. That's >> something that the banks have control over and are probably not >> willing to change in any large way. >> Joseph Potvin: There are many GIRO banking systems >> Joseph Potvin: My recommendation is for the community to >> understand GIRO banking, and how it differs from conventional >> banking. GIRO is a business model for banking, not a brand. >> Joseph Potvin: About what would would a w3c spec be about? and >> it seems it should be able a generic GIRO spec ... and i don't >> think it would be about the kind of thing that ripple is, a GIRO >> wouldn't require anything like an XRP to (Joseph's audio becomes >> garbled and disconnects). >> Manu Sporny: I think what we was going to say was that you >> wouldn't need XRP to do transactions, it's merely based on the >> trust of the banks in the network and w3c could try and >> standardize that. We'll have to have a whole conference call to >> talk about that, the feedback I got from banks is that they >> wouldn't be all that interested in making that big of a change to >> their systems. >> Manu Sporny: It's too expensive for them, to the tune of tens of >> millions of dollars, unless it's fairly easy to make a technical >> change there, i'm a bit dubious whether w3c could accomplish >> that. >> >> Topic: Initiating Payments and Digital Receipts >> >> Manu Sporny: The key takeaway there is that we had agreement ... >> we heard that banks wouldn't be willing to do that, we heard >> instead that various people would be willing to standardize >> payments and a mechanism that's universal on all websites for >> intiating payments and a digital receipt and that dovetails into >> the discussion here ... i'm not disagreeing with Joseph just >> saying w3c may fail if we try to take a problem of that scope on. >> Manu Sporny: Definite agreement around initiating payments and >> digital receipts at the workshop. >> Joseph Potvin: There's no need to try to change or influence the >> incumbent banking solutions, but GIRO banking seems to me to be >> the model most suited to any eventual W3C spec on payments >> Manu Sporny: Standardizing initiating a payment ... and then >> once initiated, regardless of which payment system you're using >> then is up to the payment provider and what they do is generate a >> standard digital receipt (standard across the web) so that the >> merchant can verify that digital receipt, so the only three >> things are really required to standardize. A basic >> identity/credential protocol, a simple protocol to initiate >> payments, and merchant-verifiable digital receipts. >> Manu Sporny: That would open up the entire market to far more >> competition, it would mean you could plug and play payment >> providers, etc. >> Manu Sporny: Visa mastercard, paypal would all still exist, but >> banks could participate as well, they'd just run extra software >> on top of their systems, and also new payment providers could pop >> up and could operate int his space >> Manu Sporny: All using these standards >> Manu Sporny: So the first cut of the web paymetns work would >> have fairly narrow scope, measurable goals, we have use cases >> from CG, etc. it would be best way to proceed >> Pindar Wong: On the issue w/payments and digital receipts, >> that's where i thought the CG was before Paris ... and afterwards >> we're at the same place, and that sounds like a huge win for the >> CG >> Manu Sporny: Yup, people at the workshop were essentially >> playing catchup with the CG and it's great that we were in the >> right place >> Manu Sporny: There was some gnashing of teeth by fairly large >> payments players about the CG predicting this >> Manu Sporny: They wanted to say that for the first time a bunch >> of people came together and decided initiating payments and >> digital receipts was the way to go, but in reality the CG was >> there years ago. >> Manu Sporny: But we don't need to hammer that home, it's more >> important that two fairly diverse/different groups/events came >> together and both agreed on the direction, etc. >> Pindar Wong: Yup, no interest in bragging rights, just think >> it's huge win CG is in the right place >> Pindar Wong: Identity in payments is going to be a big one, good >> to get more important from outside this field from IGF, etc. >> Pindar Wong: For initiation of payments, digital receipts, this >> is a great outcome, great achievement >> Manu Sporny: To be clear, everyone thought identity was a big >> problem and is important but not a clear path forward, just that >> it needs to be addressed >> Manu Sporny: We're out of time for today >> Manu Sporny: We will probably have a follow up conversation next >> week, tons of use cases to discuss, progress on specs that have >> been happening in parallel to discuss, etc. >> Manu Sporny: I will be out in the bay area, silicon valley, next >> week April 16th-18th, in case any other Web Payments CG members >> want to meet up. >> >> >> >> > > > > -- > Joseph Potvin > Operations Manager | Gestionnaire des opérations > The Opman Company | La compagnie Opman > http://www.projectmanagementhotel.com/projects/opman-portfolio > jpotvin@opman.ca > Mobile: 819-593-5983 > LinkedIn (Google short URL): http://goo.gl/Ssp56 -- Joseph Potvin Operations Manager | Gestionnaire des opérations The Opman Company | La compagnie Opman http://www.projectmanagementhotel.com/projects/opman-portfolio jpotvin@opman.ca Mobile: 819-593-5983 LinkedIn (Google short URL): http://goo.gl/Ssp56
Received on Thursday, 10 April 2014 18:43:55 UTC