Re: Payment Protected Resources -- Using HTTP 402

On 27 May 2014 22:52, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:

> On 2014-05-27 22:42, Kingsley Idehen wrote:
>
>> On 5/27/14 3:05 PM, Anders Rundgren wrote:
>>
>>> On 2014-05-27 19:23, Melvin Carvalho wrote:
>>>
>>>> Many of us are now using web ACLs on a regular basis.
>>>>
>>>> A rule may look like:
>>>>
>>>> <>
>>>> <http://www.w3.org/ns/auth/acl#accessTo> <.>, <> ;
>>>> <http://www.w3.org/ns/auth/acl#agent> <http://melvincarvalho.com/#me> ;
>>>> <http://www.w3.org/ns/auth/acl#mode>
>>>> <http://www.w3.org/ns/auth/acl#Read>,
>>>> <http://www.w3.org/ns/auth/acl#Write> .
>>>>
>>>> This essentially says that my user ID can have read and write access
>>>> to the named resource.
>>>>
>>>> I thought it might be an interesting idea to extend this type of
>>>> access control to allow payment protected resources.
>>>>
>>>> So each server will maintain a balance for each user, as is typical
>>>> with many commercial business models these days.
>>>>
>>>> If the user does not have any credit the server will return a 402
>>>> HTTP response code, explaining the cost of the item and how they can
>>>> top up their balance.  This could either be via a traditional payment
>>>> method such as Euros, or, say, via a balance in crypto currencies, or
>>>> as part of a loyalty / reward scheme that the web site issues.
>>>>
>>>> I'm wondering if we can extend the vocab we have to add payments?
>>>>
>>>> Perhaps a simple way would be to subclass #accessTo with #paidAccessTo
>>>>
>>>> Then have in the ACL rule a simple payment amount (or rule)
>>>>
>>>> Then say something like:
>>>>
>>>> <#amount>  0.001^^BTC
>>>>
>>>> Anyone have any thoughts on whether this could be implemented?
>>>>
>>>
>>> I must confess that I understand zilch of this.
>>>
>>> If this is something happening between the browser (user) and a server
>>> in an authenticated session, it has no relevance in a standards context.
>>>
>>> If this is rather involving different servers or agents, you must
>>> describe what they are and how they get access to this information.
>>>
>>> Anders
>>>
>>
>> Instead of Turtle (a notation for encoding and decoding information in
>> the digital medium provided by the Web) here's the same question using
>> English (yet another notation for encoding and decoding information, but
>> for a different medium):
>>
>> Shouldn't I be able to use access controls (or even full blown attribute
>> based data access policies) to drive financial transactions (i.e.,
>> debits and credits) in a distributed network?
>>
>
> I only requested a reasonably clear description of the use-case including
> the actors involved.


There's no single use case.  It's a bit like asking what is the use case of
the UNIX file system, there's no single answer, but it can serve a number
of purposes.

Let me give one.

As a user Alice would like to read premium articles from her favourite
blogs.  The blog charges Alice 5 tokens to read the content.  If Alice has
credit with the server, it will debit her balance.  If not Alice is given
instructions on how to increase her balance

As a server operator, it is possible to add a meta file to an article such
that when a user tries to access it, it will either debit a fixed amount
from the account or send an HTTP 402 response (payment required) with
instructions to add credit.

If you're not familiar with the work at the W3C and RECs, such as Turtle,
Linked Data, Linked Data Platform, Access Control, Ontologies in RDF then
perhaps the implementation details may not be clear to you.  However, it
seems that we can almost implement most of what we need using *existing*
W3C standards and a tiny amount of glue.  This could allow some interesting
development to happen using existing technology.


>
>
>
>> Bitcoin is an example of open and distributed ledger that scales to the
>> Internet. It will get even more interesting when like PKI (as
>> exemplified by WebID, WebID-TLS, WebID-Profile, WebACLs) it becomes webby.
>>
>>
>