- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 8 May 2014 23:29:43 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments <public-webpayments@w3.org>
- Message-ID: <CAKaEYhKeYkv_sUaZKUa_nDxsafTjA1dUMz3+kYDq=zqzOCYrvA@mail.gmail.com>
On 8 May 2014 23:04, Manu Sporny <msporny@digitalbazaar.com> wrote: > On 05/08/2014 01:11 PM, Anders Rundgren wrote: > > It seems that the Web Payment CG have found the holy grail, where > > linked data obviates the need for authentication in its traditional > > sense. > > Sarcasm on a mailing list is rarely helpful, it's often misinterpreted > and leads to further miscommunication, which eats into all of our > precious time. :) > +1 To be fair, it took us about 5 years to work out this separation of concerns. ie that identity is a logically different concept from verifying identity (authentication) But if you think about it, it's quite common in the real world. I may send you a letter, and tell you my name. You may be perfectly fine to read a letter (say a christmas card) from me, and not need to verify that I am who I say I am. In other cases, a letter may be signed or verified by a third party, such as the post office. The telephone and email you could argue also have this property. In this way you can get the best of all worlds, using the right technique appropriately. > > Linked Data is just a means to an end. It's not a holy grail. No one has > said that it obviates the need for authentication. > > You need both Linked Data and strong authentication (among other > technologies) to build a good Web-based payment solution. You need to be > able to express all the complexities of a commercial transaction - > expressing a product (HTTPS, Linked Data, digital signatures), > expressing an offer for sale of said product (HTTPS, Linked Data, > digital signatures), initiating payment (HTTPS, Authentication, > Authorization, Linked Data, digital signatures), and finally delivering > a digital receipt (HTTPS, Linked Data, digital signatures). > > There are other things that you need to be able to do as well, such as > clearing money between payment systems (ACH, Bitcoin, Ripple, etc.) and > ensuring that licensing is expressed and consumed by the ecosystem. > > We're actively trying to figure out where authentication, authorization, > distributed clearing, etc. fits into the overall picture. We also need > to understand if, after we put all of this stuff together, we have a > solution that is both technically sound and that is also easy for > developers to deploy. > > We have this proposal on the table to address the NASCAR login problem, > transmit payment provider details, and provide solid multi-factor > authentication: > > http://manu.sporny.org/2014/credential-based-login/ > > Outlining the problems that you see with that approach would be more > helpful. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: The Marathonic Dawn of Web Payments > http://manu.sporny.org/2014/dawn-of-web-payments/ > >
Received on Thursday, 8 May 2014 21:30:12 UTC