W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2015

Re: sketching out HTTP 402 workflow

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 26 Jul 2015 23:56:36 +0200
Message-ID: <CAKaEYhJBdR6kX+wkWkA=m9gFKHK_EyrPLdR3y6wWxsumEqQ4fg@mail.gmail.com>
To: Web Payments <public-webpayments@w3.org>
On 26 July 2015 at 01:22, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

> I'd like to sketch out a design and workflow for HTTP 402 that I think
> would be possible to implement as a proof of concept
> im trying to design a payment system using SoLiD and HTTP 402 ... I wonder
> how it would go?
> 1    Alice wishes to view resource X costing 1 bit from wallet W

This is done

> 2    resource X is ACL protected

This is done

> 3    Alice visits controller website and indicates wish to view protected
> resource

This is done

> 3    Controller website sends back HTTP 402 saying payment required and
> gives a protected location Y for Alice to send a payment

So far this is partially done, but server is sending back a 403.  I'd like
to send back a 402 with a Location: header (manu suggested to me)

As a stop gap until that's done a lookup somewhere of contentURL=URI could
be done and give back something like:

  "@context": "https://w3id.org/payments/v1",
  "id": "http://example.com/articles/1#offer",
  "type": "Offer",
  "payee": [{
    "id": "http://example.com/articles/1#offer-payee",
    "type": "Payee",
    "currency": "USD",
    "destination": "https://payswarm.example.com/i/bob/accounts/primary",
    "rate": "0.05",
    "rateType": "FlatAmount",
    "comment": "Payment for PaySwarm in Practice by Digital Bazaar."
  "payeeRule": [{
    "type": "PayeeRule",
    "destinationOwnerType": "payment processor",
    "maximumRate": "10",
    "rateType": "InclusivePercentage"
  "asset": "http://example.com/articles/1#asset",
  "assetHash": "14618b56ff597a2fed560db9aa0610fe442106a4",
  "license": "http://payswarm.example.com/licenses/blogging",
  "licenseHash": "0d8866836917f8ef58af44accb6efab9a10610ad",
  "validFrom": "2011-03-02T00:00:00+0000",
  "validUntil": "2011-03-03T00:00:00+0000"
  "signature": {
    "type": "GraphSignature2012",
    "created": "2011-03-02T00:00:00Z",
    "creator": "https://payswarm.example.com/i/bob/keys/4",
    "signatureValue": "KXtwA5kXZBJzj1rkPMJmGDROjM+fpi2cJIB+Xqf10="

Question: or should this be inline?

> 4    Controller website subscribes to location Y

Next step is to get Alice's client to parse this response and find out
where to post the payment

> 5    If Alice is verified as sending a payment she is added to ACL of X
> 6    Payment is subtracted from wallet W
> 7    Alice can view resource X

These parts TODO:

You can see a demo partly completed at:


Click on "Next Verse"

> I'll be using the SoLiD framework for this.
> Anyone see any obvious flaws in the workflow?
> [1] https://linkeddata.github.io/SoLiD/
Received on Sunday, 26 July 2015 21:57:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:41 UTC