W3C home > Mailing lists > Public > public-webpayments@w3.org > January 2014

Re: Distinctions between Payments CG, Payments Workshop, and web-payments.org

From: Martin Hepp <martin.hepp@unibw.de>
Date: Thu, 9 Jan 2014 22:30:21 +0100
Cc: Manu Sporny <msporny@digitalbazaar.com>
Message-Id: <B8554AC6-E5E3-4CFA-8CFE-78D5A9718CC3@unibw.de>
To: Web Payments <public-webpayments@w3.org>
Hi Manu,

I think you are right in refusing his broad request - quite clearly, a leading player in the field of centralized, traditional payment services is likely to regard innovation as a potential threat.

However, I think he makes two points that we should address:

1. We need a "meta-architecture" and document that makes clear that for payment, as for any other component of the Web, there is and will always be variety and choice, i.e. that the CG is not aiming at standardizing payment per se on the Web; just providing frameworks for innovation. My impression is that the current message could be interpreted as stepping onto existing territory. That causes hefty reactions and is unnecessary for innovative approaches. Let traditional users be happy with Paypal and credit cards, and let Payswarm and Bitcoin and other approaches gradually complement the array of choices.

2. He is right that claiming to address the issues of security and identity as a whole at Web scale is way outside the abilities of a CG, WG, or even the W3C as a whole. People who work e.g. in credit card fraud detection can tell you that this is an area where standards bodies like the W3C have very little to contribute to a real solution, same as a W3C WG on "Malware Protection" would likely contribute little to protecting people from malware. This is simply because the challenge in both cases is the quality of execution and the optimization of implementations rather than the standardization of interfaces.

Of course, one could argue that this is true for Web payment in general.

So the scope should be reduced to the realistic core of the challenges addressed with the available resources, and the links to other fields should be made explicit.

Martin


On Jan 9, 2014, at 4:11 AM, Manu Sporny wrote:

> Hi Daniel,
> 
> Let me start by mentioning that we've iterated multiple times on the
> content of that site in an attempt to avoid many of the issues you
> raise. If we need to iterate further, I'm sure we can find some wording
> for each of your concerns that has consensus among the community and
> eBay/PayPal.
> 
> On 01/08/2014 07:25 PM, Austin, Daniel wrote:
>> Hi Team,
>> 
>> Internally, my colleagues here at eBay became aware of this site and 
>> are expressing some concern:
>> 
>> https://web-payments.org/
>> 
>> Let me try to list the concerns I've heard so far:
>> 
>> 1) The Payments CG is publishing sites and documents indicating they 
>> are developing payments standards at W3C.
>> 
>> The Website says:
>> 
>> "The primary output of the Web Payments Community Group are 
>> specifications that will be implemented by technology companies" [1]
>> 
>> which is different than
>> 
>> "Some (but not all) Community Group and Business Group
>> Specifications are expected to serve as input to a Working Group."
>> [2]
>> 
>> (from W3C's rules for CGs).
>> 
>> A lot of the verbiage on web-payments.org seems to be written as if 
>> the CG was developing specs and standards for payments, instead of 
>> providing a common community of fellow travelers. It also fails to 
>> clearly make the distinction around what CGs do and what WGs do. 
>> Phrases such as "technology that the Web Payments group creates" [1] 
>> could easily lead one to believe that the CG is empowered to do more 
>> than is actually permitted.
> 
> Do you have specific wording that you would like to see changed, and if
> so, what would you like to see that wording changed to?
> 
> We were already contacted by W3C about our use of the word 'standards'
> on the page. We changed all of that language to 'technologies' at the
> request of W3C Management and double-checked with them to make sure that
> the change was acceptable (it was).
> 
> To my knowledge, we're not breaking any W3C rules for Community Groups.
> It is common for CGs to work on specifications that are then picked up
> by WGs or moved to other standards bodies.
> 
> That said, please suggest some changes and we'd be happy to discuss.
> 
>> 2) The site publishes a lot of 'specifications' on this page [3].
>> 
>> All have been moved over recently from Payswarm's domain, and with 
>> one exception were written by Manu Sporny. While I appreciate Manu's 
>> contributions to the team, these documents seem to be an attempt to 
>> pre-establish the basis for future work by the (hypothetical) 
>> Payments WG.
> 
> No, that is not what these documents are attempting to do. These
> documents establish that there are proposals for a unified payment
> architecture for the Web. Their purpose is to demonstrate that there is
> /a/ way to standardize payments on the Web that would enable far more
> payment interoperability than there is on the Web today. They do not
> establish /the/ way to do it any more than any other CGs unofficial
> specs do. They're proposals, and some of those proposals have already
> been implemented by technology companies to ensure the technical merit
> of the spec.
> 
> They are not the only way to standardize payments on the Web, but to
> date, they are the only specs that have been placed under the W3C CLA
> license and have been developed in an open and transparent manner. Any
> other person or organization in the Web Payments CG is more than welcome
> to submit specifications that they feel improve the state of payments on
> the Web. This is exactly what happened with the Pricing Indices
> specification, and I hope more CG members step forward with their own
> proposals in time.
> 
>> Also, these documents don't follow the rules for specs described in 
>> [2], i.e. copyright notice, IPR notice, link to CG page, obvious 
>> verbiage saying this is a draft proposal which may not go anywhere, 
>> etc.
> 
> Every single one of the current drafts contain the following text:
> 
> Copyright  2013 the Contributors to the Web Payments XYZ Specification,
> published by the W3C Web Payments Community Group under the W3C
> Community Contributor License Agreement (CLA). A human-readable summary
> is available.
> 
> Every one of the current drafts also contain this text in the "Status of
> the Document" section:
> 
> This specification was published by the W3C Web Payments Community
> Group. It is not a W3C Standard nor is it on the W3C Standards Track.
> Please note that under the W3C Community Contributor License Agreement
> (CLA) there is a limited opt-out and other conditions apply. Learn more
> about W3C Community and Business Groups.
> 
>> These documents may reflect Payswarm's interests in this area, but 
>> they don't reflect the interests of the rest of the payments 
>> community, including eBay/PayPal. Under W3C's rules for CGs, these 
>> documents have no official status; they may be used as input to some 
>> future Working Group (or not). At the moment they don't represent a 
>> good cross-section of the community and don't follow W3C rules.
> 
> They do follow the rules as far as we know. They may not represent a
> good cross-section of the community, but the community can't force
> organizations to contribute specifications to the group under the CLA.
> If PayPal/eBay, or any other organization, would like to contribute
> specifications (especially counter-proposals) to the group under the W3C
> CLA, they'd be welcomed with open arms.
> 
> These specifications don't violate W3C rules as far as we can tell, and
> they have existed for years w/o the W3C taking issue with the content of
> the specifications. They're all released under the W3C CLA, which gives
> the W3C broad rights to the documents.
> 
>> Also the site (and presumably the documents on it) are using the 
>> CC-BY license, where the W3C clearly specifies using the W3C-CCLA 
>> [6].
> 
> The website is published under a CC-BY license. The specifications are
> each clearly marked with a copyright and CLA statement. That doesn't
> violate any W3C rules as far as we know.
> 
>> 3) There's a lot of normative language on the site that doesn't 
>> belong there.
>> 
>> "The Web can help us heal our ailing financial infrastructure and 
>> create a more equitable future for all of us." [1]
>> 
>> "...we are making it as easy and fast to send money around the world 
>> as it is to send an email..."
>> 
>> And etc. This sort of normative language does not belong in W3C 
>> documents. Is it W3C's position that our "financial infrastructure" 
>> is "ailing"? I don't think so, though some members undoubtedly do. I 
>> heard similar language at TPAC, and it's not at all helpful.
> 
> If you have suggested changes, we'd be happy to discuss them.
> 
> I'll note that the site is not a W3C website and thus isn't subject to
> the same sort of "normative language" requirements that are applied to
> specifications. We've run websites like these in the past for RDFa and
> JSON-LD, so this isn't new territory:
> 
> http://rdfa.info/
> http://json-ld.org/
> 
>> 4)  The Paris workshop is not directly related to the Payments CG.
>> 
>> This needs to be emphasized again. Companies with significant IP in 
>> this space may not be members of the CG due to IPR restrictions. 
>> PayPal is a good example - it's unlikely that we would ever join the 
>> CG for this reason. We'll be at the Workshop however, since it is not
>> bound by the IPR rules. Let's clearly separate these two things and
>> keep them separate. The Payments CG members are certainly welcome at
>> the Workshop, just like everybody else, and on exactly the same 
>> basis.
> 
> +1, agreed. What do we need to do to make this messaging more clear?
> 
>> 5) The entire site is far too broadly posed to make sense.
>> 
>> Security? Identity? These are certainly issues for Web Payments, but 
>> the CG is not in the business of solving those problems, which are 
>> far larger than just the Payments space. The CG should simply note 
>> its dependencies on the work of others in these areas, and possibly 
>> identify requirements for these other groups to take into 
>> consideration in their own work. Expanding the scope of the effort
>> to ocean-boiling levels won't help us in the future.
> 
> The scope of the CG, the scope of the Workshop, and the scope of the
> (potential) WG are different.
> 
>> From the perspective of the CG, we are engaging those other communities
> via specifications like HTTP Signatures, Secure Messaging, and Web
> Identity. It's often simpler to create a spec that developers can look
> at than try to explain what you want to achieve over a mailing list. In
> many cases the Web Payments CG re-used specifications (like HTML5, RDFa,
> JSON-LD, HTTP, JSON, etc.) where it could. In other cases, the solution
> didn't exist, or the existing solutions were so different from what we
> needed that new spec proposals were put together to try and speed the
> discussion along.
> 
> Payments touch security and identity pretty deeply, we can't talk
> about good solutions for payments without also talking about those other
> things. The CG might have to be in the business of solving /some/ of
> those problems if no other group steps up and solves them for the
> payments use cases we have to address.
> 
> We are collaborating heavily in the identity and security space. We're
> trying to work with the Persona folks on the Web Identity spec. We're
> working with the IETF HTTPbis and HTTPauth WGs on the HTTP Signatures
> specs. We've successfully worked with the RDFa working group, JSON-LD
> CG, and RDF WGs on various specifications. The requirements and specs in
> many of those cases started in the Web Payments CG and the work was then
> transferred to another group. We're definitely not trying to boil the
> oceans here, we're trying to build a fairly unified payments solution on
> top of existing standards when possible. When that's not possible, we
> kick-start the work in the CG and hand it off to another group to take
> it through a standards process. It's been working pretty well for us for
> the last few years.
> 
>> I'd like to suggest that this site be removed from public view until 
>> it can be revised in a way that represents both the spirit and the 
>> letter of the W3C's mission and the CG's charter. I'd be a lot more 
>> comfortable if it was hosted by W3C as well.
> 
> To be clear, you have stated that PayPal/eBay has no intention of
> joining the Web Payments CG due to IPR concerns. As a non-member of the
> group, you are now asking for a website that is owned and operated by
> the Web Payments CG to be taken down. Taking the audio and text minutes
> from 60+ hours of very transparent teleconferences, as well as all 18
> specification documents offline is wandering near the territory of
> censorship. That seems very aggressive.
> 
> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Worlds First Web Payments Workshop
> http://www.w3.org/2013/10/payments/
> 

--------------------------------------------------------
martin hepp
e-business & web science research group
universitaet der bundeswehr muenchen

e-mail:  hepp@ebusiness-unibw.org
phone:   +49-(0)89-6004-4217
fax:     +49-(0)89-6004-4620
www:     http://www.unibw.de/ebusiness/ (group)
        http://www.heppnetz.de/ (personal)
skype:   mfhepp 
twitter: mfhepp

Check out GoodRelations for E-Commerce on the Web of Linked Data!
=================================================================
* Project Main Page: http://purl.org/goodrelations/
Received on Thursday, 9 January 2014 21:30:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:27 UTC