Web Payments Telecon Minutes for 2014-07-15

Thanks to Dave Longley for scribing this week! The minutes
for this week's Web Payments telecon are now available:

https://web-payments.org/minutes/2014-07-15/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Web Payments Community Group Telecon Minutes for 2014-07-15

Agenda:
  http://lists.w3.org/Archives/Public/public-webpayments/2014Jul/0032.html
Topics:
  1. Web Payments IG Charter (3rd revision)
  2. Updates from Payments and Identity Meetings
  3. Plan for Documenting Use Cases
  4. 6-Month Plan for Specification Work
Chair:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Manu Sporny, Timothy Ng, David I. Lehn
Audio:
  https://web-payments.org/minutes/2014-07-15/audio.ogg

Dave Longley is scribing.
Manu describes the agenda, no changes.
Manu Sporny:  Any updates or changes to the agenda?

Topic: Web Payments IG Charter (3rd revision)

Manu Sporny: 
  http://www.w3.org/2014/04/payments/webpayments_charter.html
Manu Sporny:  The charter has gone through 3 iterations, it's a 
  very broad charter, it covers everything from creating a web 
  payments roadmap to terminology, to wallet APIs to initiating 
  payments, digital receipts, identity and authentication, that 
  doesn't mean that the web payments work will include all of those 
  things, it means that all of those things are in scope for 
  discussion for figuring out what the official group will do
Manu Sporny:  The desire is to focus fairly narrowly, we don't 
  want it to be a gigantic endeavor, we want to make progress on 
  some focused specs, good bang for our buck instead of boiling the 
  oceans (and various other idioms)
Manu Sporny:  I imagine some of the discussion in the first few 
  months will be boiling down the set of use cases we want to 
  address
Manu Sporny: 
  https://www.w3.org/community/webpayments/wiki/CategorizedWebPaymentsUseCases
Manu Sporny:  Speaking of use cases we've refined the ones from 
  the web payments work shop, we've made a basic common format, 
  removed duplicates, pushed things off to 2nd/3rd iteration of the 
  tech to help narrow the scope down
Manu Sporny:  The link in IRC is to the clean use cases, these 
  are only from the web payments workshop, we haven't integrated 
  the payswarm use cases or any of the other common, deployed use 
  cases, such as paying for something via google wallet, paypal, 
  with your mobile phone or CC as you do today
Manu Sporny:  We will work those in there
Manu Sporny:  We want to use this as input to the web payments IG
Manu Sporny:  Any questions about the IG charter?
None
Manu Sporny:  Tim, have you reviewed the charter?
Timothy Ng:  Yes, i have read through the charter and the use 
  case documents as well, i'm still feeling out and will ask 
  questions after
Manu Sporny:  The main thing we're blocked on now is getting firm 
  commitments from companies to officially join the work, we have 
  40 responses from 40 different orgs saying they want to be 
  involved in the work, we have 14 firm commitments from orgs that 
  have named engineers to include in the work, now we have to do a 
  second pass and make sure that the orgs that are already w3c 
  members have committed engineering resources and those that are 
  not w3c members are either on a path to becoming so to 
  participate or we have some kind of invited experts mechanism 
  drawn up for them
Manu Sporny:  Any other questions?
None
Manu Sporny:  Lehn, thoughts on reading through?
David I. Lehn:  I've read through partly i'm going to do a more 
  thorough read through
Manu Sporny: Mailing list for comments are here: 
  http://lists.w3.org/Archives/Public/public-webpaymentsigcharter/
Manu Sporny: Requested changes to the charter are here: 
  https://www.w3.org/community/webpaymentsigcharter/wiki/Main_Page
Manu Sporny:  We're in good shape for the steering group to start 
  its work, we're in fairly good shape in terms of recruiting orgs 
  to participate in the work

Topic: Updates from Payments and Identity Meetings

Manu Sporny:  There has been pushback on the identity aspect of 
  the web payments work, adrian, anders to a degree, and a few 
  other folks on the mailing list have questioned whether identity 
  should be part of the web payments initiative or if it should be 
  split into another initiative and those multiple working groups 
  would try and talk to one another as they progressed
Manu Sporny:  I was just at MIT last week talking with W3C and 
  their feeling is that they'd rather see the work be decoupled. 
  We'd have a web payments initiative and an identity initiative, 
  the downside is rounding up the same number of companies for the 
  identity group, we have 180 companies involved, only 40 want to 
  participate, 14 have committed resources. We're looking at a 
  similar sort of initiative for the identity stuff. There is tons 
  of overlap.
Manu Sporny:  The good news is that we've been doing the leg work 
  on that for a while now, now we have ETS, US Fed, we were just in 
  washington DC last week talking about the US Dept of Education 
  about this, they are very interested in solving the "identity 
  problem" on the web
Manu Sporny:  They want to assign IDs to students and let them 
  collect credentials, university degrees, nursing licenses, etc. 
  credentials stuff like that
Manu Sporny:  So the strategy question is, how do we run a 
  payments initiative and an identity initiative and make sure they 
  don't collapse under their own weight, it's hard to manage it 
  all, we do have a very strong interest from the US Fed, the US 
  Dept of Education, and the World Bank to solve both the identity 
  and web payments problems
Manu Sporny:  They overlap enough that orgs are feeling the pain 
  and desire to solve those issues
Dave Longley:  It might be a good idea to put out a vote from the 
  CG on this. My concern is that a certain number of people would 
  be voting for that w/o understanding that they'd be expected to 
  get these companies involved. [scribe assist by Manu Sporny]
Dave Longley:  It would be difficult to manage both of these 
  groups at the same time. It's a lot of work to do that. It would 
  be simpler to have just one group, but technically, it may be 
  good to separate the work. [scribe assist by Manu Sporny]
Dave Longley:  Both problems are solveable if they're in the same 
  group. I don't disagree that they shouldn't be technically 
  separated. You do need pieces of identity to do web payments, at 
  a minimum, you need an identifier that you can tie other 
  information to. [scribe assist by Manu Sporny]
Dave Longley:  If we separate the work entirely, it may be 
  difficult to finish the work. [scribe assist by Manu Sporny]
Dave Longley:  If we don't plan ahead, it'll be more difficult to 
  solve more complex problems in the future. [scribe assist by Manu 
  Sporny]
Dave Longley:  We don't want to end up w/ a patchwork - so 
  implementers may have to implement things in a piece meal 
  fashion. [scribe assist by Manu Sporny]
Dave Longley:  It makes sense to separate the technologies, but 
  it's a lot of work to do it that way. [scribe assist by Manu 
  Sporny]
Dave Longley:  Technologies should be decoupled, there needs to 
  be an association that needs to be maintained. [scribe assist by 
  Manu Sporny]
Manu Sporny:  The biggest worry we have at this point is that the 
  payments problem could be solved not including identity at all, 
  by say using a protocol handler, you register with your payment 
  provider and when you go to pay for something you get taken to 
  your payment processor and you pay for somethig, but the problem 
  is that you completely bypass the more complex purchase use 
  cases, like transmitting shipping address information or your 
  proof of age or whatever
Manu Sporny:  There are these other use cases that some in the 
  web payments community see as corner cases that aren't actually 
  corner cases if you want to be able to use this payments system 
  for both low and high value transactions
Manu Sporny:  Some in the group don't see transactions for $10k 
  to be worth addressing, but if we want [missed] we have to 
  support that, and for that to happen we need very strong KYC to 
  be associated with the transaction, we need verification
Dave Longley:  There is an additional problem - people will start 
  to say - in 80% of the transactions, shipping info would be 
  needed. [scribe assist by Manu Sporny]
Dave Longley:  In that case, we could throw shipping information 
  into the receipt, for instance... so you design to solve some 
  small percentage of use cases, so if you want to standardize 
  transmitting other sorts of credentials in a different way.  
  [scribe assist by Manu Sporny]
Dave Longley:  So we end up with a patchwork of information - if 
  the problem were solved more elegantly, all information 
  associated w/ your identity could be transmitted in the same way. 
  [scribe assist by Manu Sporny]
Dave Longley:  So, there is a danger in solving the use cases in 
  a way that fractures the solution. [scribe assist by Manu Sporny]
Dave Longley:  If we can solve the problem in a forward-thinking 
  way that doesn't require a lot of effort, that's fine, but we 
  need to think ahead. [scribe assist by Manu Sporny]
Dave Longley:  If we're putting all that extra design work for 
  the future, maybe we should be doing this anyway. Many ways to 
  mess this up for people in the future. [scribe assist by Manu 
  Sporny]
Dave Longley:  I'm concerned about the "let's just solve the 
  simples problems" arguments because they could design us into a 
  corner. [scribe assist by Manu Sporny]
Manu Sporny:  So these are the discussions we're having with a 
  number of identity folks, we're trying to balance things so that 
  this group that would talk about identity would be composed of 
  people from the payments industry, from identity protection 
  [missed], background checks, people from the education space, 
  we're trying to get a broad swath of people together, it's a 
  double-edged sword ... it could be that we complicate the problem 
  so much that it's unsolvable, which has happened in the past, so 
  we have to be very careful with what we choose to solve, it has 
  to be narrowly scoped, but it has to address a number of the web 
  payments use cases so we don't paint ourselves into the corner
Manu Sporny:  Have you participated in the open ID connect work?
Timothy Ng:  No, i have not looked at the papers
Timothy Ng:  It's the same kind of problem we're looking in right 
  now, the relationship between identity and payments, so there are 
  a lot of things to think through for these two areas
Manu Sporny:  I think what we're trying to do ... the focus of 
  the payments and education space is the transmission of some kind 
  of proof of information about yousrelf that's been validated by a 
  third party, digital ID card, drivers license, proof of email 
  address, proof of age, we've been able to narrow the scope down 
  to just that, so that's the breadth of the scope that we want to 
  do, we don't want to make this into solving all identity for 
  everyone over the web, because it means something different to 
  everyone and is impossible, you have site A that wants to 
  transmit digitally verifiable info about you to site B
Manu Sporny:  The question is how do you do that
Manu Sporny:  We have our contacts google [missed] OpenID Connect 
  to get involved
Manu Sporny:  The other piece of information was that we 
  participated in Mozilla's badge alliance [missed], they are 
  interested in assigning IDs/badges to students for course work, 
  if they've taken SAT prep course, calc, etc, they want to assign 
  badges to them, the outcome of that was that Mozilla was very 
  interested in that as well, so that's another org to bring in, as 
  far as the ID work is concerned we have 40-50 orgs interested, 
  the next 6 months will be capacity building, try and figure out 
  how many can get into the same room and how many will commit 
  engineers to working on the identity problem as well
Manu Sporny:  Anything else related to payments and identity and 
  the meetings we've been having? If not, we'll move on.

Topic: Plan for Documenting Use Cases

Manu Sporny: 
  https://www.w3.org/community/webpayments/wiki/CategorizedWebPaymentsUseCases
Manu Sporny:  Typically we come up with a user story around each 
  use case, there aren't a crushing amount of use cases, but there 
  are about 35-40 use cases
Manu Sporny:  We still need to rank them and say which is more 
  important than others, we need to get the community involved in 
  writing up a paragraph description of each case and the 
  requirements, etc
Manu Sporny:  The other alternative is to wait and leave them 
  simple until we take them to the IG and that group can rank them 
  and the ones that are the first 5-10 end up being put into a use 
  cases doc
Manu Sporny:  The one liner is in there, 1-2 paragraph 
  description and requirements are put in there
Manu Sporny:  It is a very herculean task to have a single person 
  write out all the descriptions for the use cases
Manu Sporny:  Hopefully someone from the web payments community 
  can volunteer to help
Manu Sporny:  Any other ideas on getting them documented?
Timothy Ng:  Do you mean to take the use cases as they exist and 
  put more meat on them?
Manu Sporny:  Yes
Timothy Ng:  Do you have an example with an appropriate level of 
  detail?
Manu Sporny: Yeah, this one: 
  https://web-payments.org/specs/source/use-cases/#recurring-payments
Manu Sporny:  So there's a simple 1 paragraph description of what 
  someone is trying to do, and then the requirements for that
Timothy Ng:  So turn those use cases into a set of requirements 
  and some scenarios, and kind of flesh it out a little bit
Timothy Ng:  I can definitely help with that
Timothy Ng:  I can take a look at the ones on the wiki
Manu Sporny:  I imagine we will just do most of the work on the 
  wiki, or make a new page and put a template at the top and let 
  people just work on it from there, if you see one that calls out 
  to you, copy the template and just fill one out
Manu Sporny:  Maybe we could just call out specific community 
  members and ask them to do 3 use cases or something
Manu Sporny:  Each of us will do 3 or so and ask others to do 3 
  each and then we only need about 10 people
Manu Sporny:  Then we can put some meat on all these use cases
Manu Sporny:  The other thing that we need to do before that is 
  that everyone agrees on the text of the use cases, as there is no 
  need to fill them out if people disagree
Manu Sporny:  I sent them out for people to vote
Manu Sporny:  So the plan for documenting the use cases is to 
  send the votes out to +1/-1, then get consensus on a use case 
  being accepted we'll ask someone specifically to write out the 
  use case text for that
Manu Sporny:  Anything else regarding this topic?
No other comments.

Topic: 6-Month Plan for Specification Work

Manu Sporny:  This is a bit premature, we have a set of specs 
  that we are releasing patent and royalty free as a starting point 
  for all these techs, many of the use cases we have are already 
  covered and the CG has signed off as them being in scope, but 
  that doesn't mean W3C member orgs have signed off
Manu Sporny:  Because we haven't had a chance to discuss them 
  with any amount of length yet
Manu Sporny:  That said, we have a good track record of proposing 
  specs and then getting them out to REC
Manu Sporny:  For example, RDFa, JSON-LD, JSON-LD API, HTML5+RDFa
Manu Sporny:  There are some specs that are fairly time critical, 
  for example, we have JSON-LD normalization and canonicalization 
  (RDF Dataset Normalization)
Manu Sporny:  We have 4-5 implementations that are interoperable 
  for that
Manu Sporny:  The issue is that the spec is so small that it 
  doesn't need its own WG, it just needs to go into a WG to adopt 
  the work, we're trying to find a home for it
Manu Sporny:  It's kind of the basis for a lot of the digital 
  signature stuff we're doing so we need a normative spec for that
Manu Sporny:  If all else fails it will go into web payments or 
  identity WGs and we don't want to wait that long to get that one 
  done
Manu Sporny:  The other one is the IC spec, we can't really do 
  anything with that spec without an official WG and there will 
  probably be one created for it, in the interim there's a concern 
  that the IC spec is a competitor to OpenID Connect when that 
  isn't the case necessarily, it's about transmitting credentials 
  digitally signed by a 3rd party, we need enough demos and 
  examples demonstrating the use of the IC spec and how to 
  integrate with OpenID Connect and OpenID connect providers
Manu Sporny:  We don't want to mislead that there's competitive 
  stuff there when there isn't
Manu Sporny:  The other time-critical thing is the 
  http-signatures spec which is a 4-5 page spec is simple, mark 
  nottingham in charge of http/2 likes the state it's in as does 
  [missed], we have the green light to push it through a more 
  formal process at IETF, problem is we've all been too busy to 
  make updates, it's been a month and a half since the last 
  revision, we really need to get it done and out there or finalize 
  it so that implementors can implement to the latest spec
Manu Sporny:  And we really need to do something about JSON-LD 
  and graph normalization stuff
Manu Sporny:  Everything else, from what i remember are things 
  that can be done in the web payments or identity WG
Manu Sporny:  Any other time critical specs?
Dave Longley:  Maybe the Secure Messaging spec
Manu Sporny:  Yeah, that's important, we have multiple 
  implementations but we haven't updated
Manu Sporny:  The spec in a while to match, it's very low level
Manu Sporny:  Both identity and payments specs build on top of it
Manu Sporny: So, most important to least important over next 6 
  months: Use Cases, HTTP Signatures, RDF Graph Normalization, 
  Secure Messaging
Manu Sporny:  Everything else is secondary, we can wait 6 months 
  for the other specs
Dave Longley:  Secure Messaging depends on RDF Graph 
  Normalization... so yeah, I agree with that ordering. [scribe 
  assist by Manu Sporny]
David I. Lehn: Sounds good.  can always adjust as needed.
Manu Sporny:  The http-signatures spec will be about a week of 
  work i think
Dave Longley:  Yeah, RDF Graph Normalization will take a lot of 
  spec work (writing to align w/ implementations) [scribe assist by 
  Manu Sporny]
Manu Sporny:  The downside is no one is paying for that work
Manu Sporny:  No orgs have stepped up to help finish off those 
  specs
Manu Sporny:  Secure Messaging hasn't changed that much
Manu Sporny:  It's wrong right now because it doesn't match the 
  implementations but it's not a very complicated spec
Manu Sporny:  Tim, do you know if Microsoft is going to be 
  submitting anything?
Timothy Ng:  We started talking about it, we are discussing it, 
  no firm plans yet, i will let you know
Manu Sporny:  I think that's it for the call this week, we'll try 
  to get the web payments CG into use case mode, discussing, 
  documenting, focusing on that stuff
Manu Sporny:  Trying to prep those docs as much as possible for 
  the Web Payments Steering Group

Received on Saturday, 19 July 2014 01:45:12 UTC