Re: Presentation to Web Payments IG

*- What's broken:* +1    (with an emphasis on *payment initiation*)
*- Why care:* +1             (specially moral)
*- Use cases:* +1           (though I would also include microtransactions
(e.g. 1 cent payments))
*- Tech Stack:               **Digital Wallets +10*
*- Collaborators:* ?
*- WPCG-WPIG:* +1       (though I'd love to see them merge)

Before I jump into my answer to the question 'What do you need for a
digital wallet?', I must point that it will be strongly influenced by the
API specification I'm working on: https://github.com/playbanq/WebWalletAPI/.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -

In my opinion, what we need for *digital wallets to become part of the core
architecture of the Web* is basically to seize the existing Web
infrastructure and follow the architectural principles of the Web, meaning:

*- URL identification: *Just like blog posts/photos/videos, digital wallets
on the Web should be resources that can be referenced by a URL, so that if
you want to engage in a particular transaction with another party, you just
need to share a link to your wallet as if you were sharing a link to your
homepage, your social network profile or your email address (e.g. "did you
like this article/song/video? Tip/donate 1 cent to
*https://wallet.example.com/mywalletid
<https://wallet.example.com/mywalletid>* by clicking the link or the tip
button...[plus some authorization flow undoubtedly]).

*- HTTP-based interactions:* Assuming that each digital wallet is
identified by a URL, then we should be able to interact with them via *HTTP
methods*: GET balance, POST funds, PUT debit card, DELETE credit card, LOCK
wallet, UNLOCK account, and so on. Having HTTP as a means of interfacing
with wallets and carrying out transactions would certainly increase the
likelihood of achieving interoperability between different stakeholders and
the different payment methods.

*- RESTful architecture:* If the objective of the WPIG is to 'establish a
common ground for payment service providers on the Web Platform', and other
W3C Working Groups have achieved similar objectives in other areas by
agreeing on a set of APIs for vendors to implement (e.g. HTML5), maybe it
would make sense for the Web Payments initiatives to agree on a set of *RESTful
APIs* designed to expose and enable interactions with digital wallets
in a *uniform
and standardized way*. It would certainly take some time to agree on things
such as the API endpoints and response bodies, but there are several basic
interactions that we would immediately agree on such as a /balance endpoint.

Furthermore, if we would take the REST API approach for digital wallets on
the Web, there would already be a handful of proven authorization/security
technologies such as the OAuth 2.0 protocol that would be extremely useful
both for *payment initiation* using the OAuth 2.0 authorization flows
and *transaction
tokenization* using nonce/revokable/expirable tokens (e.g. JWTs).

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -

Although the 'development of technical standards is not in scope for the
Interest Group', my believe is that if we agree on some kind of Web API for
exposing and interacting with resources that represent a medium of exchange
+ a store of value + a unit of account, it will not matter which
device/technology or physical/digital context you are carrying on
transactions from, since in the background all vendors and environments
would be using *the same mechanisms to exchange value on the Web*,
regardless of how fancy or tangible their user interfaces might be.


On Fri, Oct 17, 2014 at 4:10 PM, Manu Sporny <msporny@digitalbazaar.com>
wrote:

> We have a presentation[1] to the Web Payments Interest Group at W3C TPAC
> at 11am on Monday, October 27th 2014. The goal is to introduce the new
> IG members to the work we've been doing over the past 4+ years in the
> Web Payments CG. We have 60 minutes allocated, with 20 minutes of
> presentation and 40 minutes of discussion.
>
> Please review the slides and let us know if there is anything that is in
> there that shouldn't be, or something that should be in there that isn't.
>
> https://web-payments.org/slides/2014/tpac-wpig-wpcg/
>
> -- manu
>
> [1]
>
> https://www.w3.org/Payments/IG/wiki/Draft_F2F_Agenda_-_TPAC_2014_-_27/28_October_2014#Day_1_.28October_27.29
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: High-Stakes Credentials and Web Login
> http://manu.sporny.org/2014/identity-credentials/
>
>

Received on Saturday, 18 October 2014 21:49:03 UTC