- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 15 Jun 2014 16:22:57 -0400
- To: public-webpayments@w3.org
On 06/12/2014 12:18 PM, Dave Lampton wrote: > I too am still not convinced identity is always a necessary > component either. Especially if using a trusted channel. If the > channel itself identifies the payer, the payee has enough to record > the debt as paid. I don't think what you mean by "identity" is what some of us mean by "identity". This is one of the problems related to the use of that word wrt. payments. :) The people that are proposing the Identity Credentials specification are not saying that identity (knowing exactly who a person is) is a necessary part of a transaction. What they're saying is that there are at least two participants in a transaction and we need a reliable way of identifying each one of the participants via an identifier. With the PaySwarm specifications, we have chosen the URL to be the identifier for many of the reasons that the Web has chosen the URL to identify resources. For example, here are two participants in a transaction: https://example.com/identities/78fe3 https://foo.net/ids/blerg Each one of those identifiers may have more information associated with it, such as a name, birthday, government issued identity card, shipping address, preferred payment processor, etc. Who can read that extra information and when depends on the type of transaction and agreements around the transaction. For example, a merchant selling digital goods for a game probably doesn't need to know anything about you, and it would be fine for your payment processor/software to mask the identity. For example, a temporary identifier could be used just for a single transaction. A merchant selling alcohol over the Web would need to know that you're at least of legal age in your locality to buy alcohol and your shipping address. A money transmission service handling a transaction on your behalf for $50K USD would need to know much more. Whatever identity solution we choose for payments should take each of these use cases into account. This is why we have the Identity Credentials specification: to ensure that we have a good response to these use cases above. If we do not take those use cases into account, we run the risk of falling into the same trap that the Bitcoin community did, which is a design that wasn't very well thought through wrt. how it does or does not fit in with money transmission regulations in the vast majority of industrialized nations. This isn't a theoretical problem. I sat in on a US Federal Reserve hosted round table last week with top CIOs from a number of banks and financial processors that need a standardized solution to these problems. The "identity problem" is a big reason there is so much fraud today, and a global solution to the problem will make all financial systems in the world (that adopt it) far safer and more efficient as a result. IMHO, operating without a solid understanding of how the payment technology we're designing here can identify individuals for high-stakes transactions is a recipe for failure. :) -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 15 June 2014 20:23:27 UTC