W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2014

Re: VOTE: Revised Identity Web Payments Workshop Use Cases

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Fri, 18 Jul 2014 18:05:13 +0200
Message-ID: <CA+eFz_K9uhudmm4FocivdAvizmqGW0HwCB8y7=Q+mj+r8JAfSA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments <public-webpayments@w3.org>
General Comments:


   - Refer to "payers" and "payees" rather than "customers" and "merchants"
   unless the use case is specifically limited to these actors.
   - Be specific when talking about identities, or identity attributes
   (claims), whether the use case refers to the payer's or the payee's
   identity or both.
   - My suggestion would be to focus the first iteration on payment
   processing without a need to exchange/verify the payer identity and add
   this in iteration 2.
   In terms of discussion within the IG, I think both are appropriate.


I made some suggested edits to the use cases which I have put in quotes.

Use Case: Store basic identity credentials and payment provider
information "of payers" on the Web in a way that is easy to share with
"payees" given authorization by the payer, and that is
easy to synchronize between devices.
Notes: This includes the ability for the identity owner "(payer)" to manage
the
identity information. It does not include the ability for the identity
owner to automatically sell their identity information.
+0: Not required for first iteration. It is not ESSENTIAL for the payer to
exchange identity credentials to complete a basic transaction. Think this
should be the focus of 2nd iteration.

Use Case: A customer visits a website and authorizes the transmission of
one or more pieces of information (such as proof-of-age, shipping
address, etc.) previously stored with an identity provider to the
website to enable access or fulfilment of a transaction.
+0: Not required for first iteration. It is not ESSENTIAL for the payer to
exchange identity credentials to complete a basic transaction. Think this
should be the focus of 2nd iteration.

Use Case: Using metadata that is the result of a transaction, discover
attributes associated with the identity of participants in the transaction.
+0: Not sure that I understand the need for this use case.


Use Case: Digitally verifiable credentials such that a "payee" and
"payee’s" payment processor in a transaction can prove that they have done
due
diligence in verifying the customer's identity (KYC).
+0: Not required for first iteration. It is not ESSENTIAL for the payer to
exchange identity credentials to complete a basic transaction. Think this
should be the focus of 2nd iteration.

Use Case: A customer executes a transaction without revealing secrets
that are not vital to the transaction (i.e. identity, passwords, PINs or
other information that the merchant does not need to know).
+1

Use Case: Use an existing, widely deployed identity provider mechanism
(i.e. OpenID Connect) to integrate with the digital credentials sharing
and payments initiation process.
+1: Assuming we are referring to sharing digital credentials of the payee
for first iteration and extend this to the payer for later iterations.


Use Case: Transact with a merchant without revealing any identifying
information. Identifying information is available to the payment processor.
+1

Use Case: Enable anonymous transactions such that the identity of the
""payer" is not discoverable by "payees" or the "payees’" payment
processors.
+1


Use Case: "Payer" wants to send "payee" some money and asks "payee" for a
short,
memorable payment identifier. "Payee" sends the payment identifier to
"payer"
via an SMS message. "Payer" makes a payment using the short payment
identifier; the payment processor translates the short payment
identifier into a destination financial account for the "payee".
+1

Use Case: A "payer" pays a "payee" using a short identifier. Prior to
sending the payment, some information associated with the short
identifier indicates to them that the short identifier is a verified
short identifier for the "payee. i.e. The payee’s identity can be verified
by the payer."
+1


Design Criteria: A person sets a second identity as a backup for
accessing their first identity, should they lose the ability to use the
first identity.



On 16 July 2014 03:29, Manu Sporny <msporny@digitalbazaar.com> wrote:

> Please +1/+0/-1 each identity use case below in order to show whether or
> not you agree that we should try and attempt addressing the use case in
> the first iteration of the Web Payments work. If you +0 or -1 the use
> case, please specify why as well as changes that could be made that
> would result in you +1'ing the use case.
>
> ----------------------------------------------------------------------
>
> Use Case: Store basic identity credentials and payment provider
> information on the Web in a way that is easy to share with various
> merchants given authorization by the owner of the identity, and that is
> easy to synchronize between devices.
> Notes: This includes the ability for the identity owner to manage the
> identity information. It does not include the ability for the identity
> owner to automatically sell their identity information.
>
> Use Case: A customer visits a website and authorizes the transmission of
> one or more pieces of information (such as proof-of-age, shipping
> address, etc.) previously stored with an identity provider to the
> website to enable access or fulfillment of a transaction.
>
> Use Case: Using metadata that is the result of a transaction, discover
> attributes associated with the identity of participants in the transaction.
>
> Use Case: Digitally verifiable credentials such that a merchant and
> payment processor in a transaction can prove that they have done due
> diligence in verifying the customer's identity (KYC).
>
> Use Case: A customer executes a transaction without revealing secrets
> that are not vital to the transaction (i.e. identity, passwords, PINs or
> other information that the merchant does not need to know).
>
> Use Case: Use an existing, widely deployed identity provider mechanism
> (i.e. OpenID Connect) to integrate with the digital credentials sharing
> and payments initiation process.
>
> Use Case: Transact with a merchant without revealing any identifying
> information. Identifying information is available to the payment processor.
>
> Use Case: Enable anonymous transactions such that the identity of the
> customer is not discoverable by merchants or payment processors.
>
> Use Case: Jack wants to send Jill some money and asks Jill for a short,
> memorable payment identifier. Jill sends the payment identifier to Jack
> via an SMS message. Jack makes a payment using the short payment
> identifier; the payment processor translates the short payment
> identifier into a destination financial account for Jill.
>
> Use Case: A person pays a merchant using a short identifier. Prior to
> sending the payment, some information associated with the short
> identifier indicates to them that the short identifier is a verified
> short identifier for the merchant.
>
> Design Criteria: A person sets a second identity as a backup for
> accessing their first identity, should they lose the ability to use the
> first identity.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>
>
Received on Friday, 18 July 2014 16:05:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC