Re: Distinctions between Payments CG, Payments Workshop, and web-payments.org from Melvin Carvalho on 2014-01-09 (public-webpayments@w3.org from January 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 10 Jan 2014 00:10:49 +0100
To: Martin Hepp <martin.hepp@unibw.de>
Cc: Web Payments <public-webpayments@w3.org>, Manu Sporny <msporny@digitalbazaar.com>
Message-ID: <CAKaEYhKic7rXV_4y-sKU9o8Uif3nuTRcr+4XsOKS4TFfstOzKw@mail.gmail.com>
On 9 January 2014 22:30, Martin Hepp <martin.hepp@unibw.de> wrote:

> Hi Manu,
>
> I think you are right in refusing his broad request - quite clearly, a
> leading player in the field of centralized, traditional payment services is
> likely to regard innovation as a potential threat.
>
> However, I think he makes two points that we should address:
>
> 1. We need a "meta-architecture" and document that makes clear that for
> payment, as for any other component of the Web, there is and will always be
> variety and choice, i.e. that the CG is not aiming at standardizing payment
> per se on the Web; just providing frameworks for innovation. My impression
> is that the current message could be interpreted as stepping onto existing
> territory. That causes hefty reactions and is unnecessary for innovative
> approaches. Let traditional users be happy with Paypal and credit cards,
> and let Payswarm and Bitcoin and other approaches gradually complement the
> array of choices.
>

+1 modularity is a key axiom of the web, so while a spec may be an example
of how to do things, it need not be a straight jacket


>
> 2. He is right that claiming to address the issues of security and
> identity as a whole at Web scale is way outside the abilities of a CG, WG,
> or even the W3C as a whole. People who work e.g. in credit card fraud
> detection can tell you that this is an area where standards bodies like the
> W3C have very little to contribute to a real solution, same as a W3C WG on
> "Malware Protection" would likely contribute little to protecting people
> from malware. This is simply because the challenge in both cases is the
> quality of execution and the optimization of implementations rather than
> the standardization of interfaces.
>

The URI is the value proposition of The Web.  And the *I* stands for
Identifier.  To the extent that an identifier can be used to denote an
identity, there needs to be a spec that addresses this.  If such a spec
exists elsewhere as a W3C REC it could be referenced, but until that point
it's in the critical path of web scale payements.


>
> Of course, one could argue that this is true for Web payment in general.
>
> So the scope should be reduced to the realistic core of the challenges
> addressed with the available resources, and the links to other fields
> should be made explicit.
>
> Martin
>
>
> On Jan 9, 2014, at 4:11 AM, Manu Sporny wrote:
>
> > Hi Daniel,
> >
> > Let me start by mentioning that we've iterated multiple times on the
> > content of that site in an attempt to avoid many of the issues you
> > raise. If we need to iterate further, I'm sure we can find some wording
> > for each of your concerns that has consensus among the community and
> > eBay/PayPal.
> >
> > On 01/08/2014 07:25 PM, Austin, Daniel wrote:
> >> Hi Team,
> >>
> >> Internally, my colleagues here at eBay became aware of this site and
> >> are expressing some concern:
> >>
> >> https://web-payments.org/
> >>
> >> Let me try to list the concerns I've heard so far:
> >>
> >> 1) The Payments CG is publishing sites and documents indicating they
> >> are developing payments standards at W3C.
> >>
> >> The Website says:
> >>
> >> "The primary output of the Web Payments Community Group are
> >> specifications that will be implemented by technology companies" [1]
> >>
> >> which is different than
> >>
> >> "Some (but not all) Community Group and Business Group
> >> Specifications are expected to serve as input to a Working Group."
> >> [2]
> >>
> >> (from W3C's rules for CGs).
> >>
> >> A lot of the verbiage on web-payments.org seems to be written as if
> >> the CG was developing specs and standards for payments, instead of
> >> providing a common community of fellow travelers. It also fails to
> >> clearly make the distinction around what CGs do and what WGs do.
> >> Phrases such as "technology that the Web Payments group creates" [1]
> >> could easily lead one to believe that the CG is empowered to do more
> >> than is actually permitted.
> >
> > Do you have specific wording that you would like to see changed, and if
> > so, what would you like to see that wording changed to?
> >
> > We were already contacted by W3C about our use of the word 'standards'
> > on the page. We changed all of that language to 'technologies' at the
> > request of W3C Management and double-checked with them to make sure that
> > the change was acceptable (it was).
> >
> > To my knowledge, we're not breaking any W3C rules for Community Groups.
> > It is common for CGs to work on specifications that are then picked up
> > by WGs or moved to other standards bodies.
> >
> > That said, please suggest some changes and we'd be happy to discuss.
> >
> >> 2) The site publishes a lot of 'specifications' on this page [3].
> >>
> >> All have been moved over recently from Payswarm's domain, and with
> >> one exception were written by Manu Sporny. While I appreciate Manu's
> >> contributions to the team, these documents seem to be an attempt to
> >> pre-establish the basis for future work by the (hypothetical)
> >> Payments WG.
> >
> > No, that is not what these documents are attempting to do. These
> > documents establish that there are proposals for a unified payment
> > architecture for the Web. Their purpose is to demonstrate that there is
> > /a/ way to standardize payments on the Web that would enable far more
> > payment interoperability than there is on the Web today. They do not
> > establish /the/ way to do it any more than any other CGs unofficial
> > specs do. They're proposals, and some of those proposals have already
> > been implemented by technology companies to ensure the technical merit
> > of the spec.
> >
> > They are not the only way to standardize payments on the Web, but to
> > date, they are the only specs that have been placed under the W3C CLA
> > license and have been developed in an open and transparent manner. Any
> > other person or organization in the Web Payments CG is more than welcome
> > to submit specifications that they feel improve the state of payments on
> > the Web. This is exactly what happened with the Pricing Indices
> > specification, and I hope more CG members step forward with their own
> > proposals in time.
> >
> >> Also, these documents don't follow the rules for specs described in
> >> [2], i.e. copyright notice, IPR notice, link to CG page, obvious
> >> verbiage saying this is a draft proposal which may not go anywhere,
> >> etc.
> >
> > Every single one of the current drafts contain the following text:
> >
> > Copyright © 2013 the Contributors to the Web Payments XYZ Specification,
> > published by the W3C Web Payments Community Group under the W3C
> > Community Contributor License Agreement (CLA). A human-readable summary
> > is available.
> >
> > Every one of the current drafts also contain this text in the "Status of
> > the Document" section:
> >
> > This specification was published by the W3C Web Payments Community
> > Group. It is not a W3C Standard nor is it on the W3C Standards Track.
> > Please note that under the W3C Community Contributor License Agreement
> > (CLA) there is a limited opt-out and other conditions apply. Learn more
> > about W3C Community and Business Groups.
> >
> >> These documents may reflect Payswarm's interests in this area, but
> >> they don't reflect the interests of the rest of the payments
> >> community, including eBay/PayPal. Under W3C's rules for CGs, these
> >> documents have no official status; they may be used as input to some
> >> future Working Group (or not). At the moment they don't represent a
> >> good cross-section of the community and don't follow W3C rules.
> >
> > They do follow the rules as far as we know. They may not represent a
> > good cross-section of the community, but the community can't force
> > organizations to contribute specifications to the group under the CLA.
> > If PayPal/eBay, or any other organization, would like to contribute
> > specifications (especially counter-proposals) to the group under the W3C
> > CLA, they'd be welcomed with open arms.
> >
> > These specifications don't violate W3C rules as far as we can tell, and
> > they have existed for years w/o the W3C taking issue with the content of
> > the specifications. They're all released under the W3C CLA, which gives
> > the W3C broad rights to the documents.
> >
> >> Also the site (and presumably the documents on it) are using the
> >> CC-BY license, where the W3C clearly specifies using the W3C-CCLA
> >> [6].
> >
> > The website is published under a CC-BY license. The specifications are
> > each clearly marked with a copyright and CLA statement. That doesn't
> > violate any W3C rules as far as we know.
> >
> >> 3) There's a lot of normative language on the site that doesn't
> >> belong there.
> >>
> >> "The Web can help us heal our ailing financial infrastructure and
> >> create a more equitable future for all of us." [1]
> >>
> >> "...we are making it as easy and fast to send money around the world
> >> as it is to send an email..."
> >>
> >> And etc. This sort of normative language does not belong in W3C
> >> documents. Is it W3C's position that our "financial infrastructure"
> >> is "ailing"? I don't think so, though some members undoubtedly do. I
> >> heard similar language at TPAC, and it's not at all helpful.
> >
> > If you have suggested changes, we'd be happy to discuss them.
> >
> > I'll note that the site is not a W3C website and thus isn't subject to
> > the same sort of "normative language" requirements that are applied to
> > specifications. We've run websites like these in the past for RDFa and
> > JSON-LD, so this isn't new territory:
> >
> > http://rdfa.info/
> > http://json-ld.org/
> >
> >> 4)  The Paris workshop is not directly related to the Payments CG.
> >>
> >> This needs to be emphasized again. Companies with significant IP in
> >> this space may not be members of the CG due to IPR restrictions.
> >> PayPal is a good example - it's unlikely that we would ever join the
> >> CG for this reason. We'll be at the Workshop however, since it is not
> >> bound by the IPR rules. Let's clearly separate these two things and
> >> keep them separate. The Payments CG members are certainly welcome at
> >> the Workshop, just like everybody else, and on exactly the same
> >> basis.
> >
> > +1, agreed. What do we need to do to make this messaging more clear?
> >
> >> 5) The entire site is far too broadly posed to make sense.
> >>
> >> Security? Identity? These are certainly issues for Web Payments, but
> >> the CG is not in the business of solving those problems, which are
> >> far larger than just the Payments space. The CG should simply note
> >> its dependencies on the work of others in these areas, and possibly
> >> identify requirements for these other groups to take into
> >> consideration in their own work. Expanding the scope of the effort
> >> to ocean-boiling levels won't help us in the future.
> >
> > The scope of the CG, the scope of the Workshop, and the scope of the
> > (potential) WG are different.
> >
> >> From the perspective of the CG, we are engaging those other communities
> > via specifications like HTTP Signatures, Secure Messaging, and Web
> > Identity. It's often simpler to create a spec that developers can look
> > at than try to explain what you want to achieve over a mailing list. In
> > many cases the Web Payments CG re-used specifications (like HTML5, RDFa,
> > JSON-LD, HTTP, JSON, etc.) where it could. In other cases, the solution
> > didn't exist, or the existing solutions were so different from what we
> > needed that new spec proposals were put together to try and speed the
> > discussion along.
> >
> > Payments touch security and identity pretty deeply, we can't talk
> > about good solutions for payments without also talking about those other
> > things. The CG might have to be in the business of solving /some/ of
> > those problems if no other group steps up and solves them for the
> > payments use cases we have to address.
> >
> > We are collaborating heavily in the identity and security space. We're
> > trying to work with the Persona folks on the Web Identity spec. We're
> > working with the IETF HTTPbis and HTTPauth WGs on the HTTP Signatures
> > specs. We've successfully worked with the RDFa working group, JSON-LD
> > CG, and RDF WGs on various specifications. The requirements and specs in
> > many of those cases started in the Web Payments CG and the work was then
> > transferred to another group. We're definitely not trying to boil the
> > oceans here, we're trying to build a fairly unified payments solution on
> > top of existing standards when possible. When that's not possible, we
> > kick-start the work in the CG and hand it off to another group to take
> > it through a standards process. It's been working pretty well for us for
> > the last few years.
> >
> >> I'd like to suggest that this site be removed from public view until
> >> it can be revised in a way that represents both the spirit and the
> >> letter of the W3C's mission and the CG's charter. I'd be a lot more
> >> comfortable if it was hosted by W3C as well.
> >
> > To be clear, you have stated that PayPal/eBay has no intention of
> > joining the Web Payments CG due to IPR concerns. As a non-member of the
> > group, you are now asking for a website that is owned and operated by
> > the Web Payments CG to be taken down. Taking the audio and text minutes
> > from 60+ hours of very transparent teleconferences, as well as all 18
> > specification documents offline is wandering near the territory of
> > censorship. That seems very aggressive.
> >
> > -- manu
> >
> > --
> > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> > Founder/CEO - Digital Bazaar, Inc.
> > blog: The Worlds First Web Payments Workshop
> > http://www.w3.org/2013/10/payments/
> >
>
> --------------------------------------------------------
> martin hepp
> e-business & web science research group
> universitaet der bundeswehr muenchen
>
> e-mail:  hepp@ebusiness-unibw.org
> phone:   +49-(0)89-6004-4217
> fax:     +49-(0)89-6004-4620
> www:     http://www.unibw.de/ebusiness/ (group)
>         http://www.heppnetz.de/ (personal)
> skype:   mfhepp
> twitter: mfhepp
>
> Check out GoodRelations for E-Commerce on the Web of Linked Data!
> =================================================================
> * Project Main Page: http://purl.org/goodrelations/
>
>
>
Received on Thursday, 9 January 2014 23:11:26 UTC