Re: sketching out HTTP 402 workflow from Melvin Carvalho on 2015-07-26 (public-webpayments@w3.org from July 2015)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 26 Jul 2015 23:56:36 +0200
To: Web Payments <public-webpayments@w3.org>
Message-ID: <CAKaEYhJBdR6kX+wkWkA=m9gFKHK_EyrPLdR3y6wWxsumEqQ4fg@mail.gmail.com>

On 26 July 2015 at 01:22, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

> I'd like to sketch out a design and workflow for HTTP 402 that I think
> would be possible to implement as a proof of concept
>
> im trying to design a payment system using SoLiD and HTTP 402 ... I wonder
> how it would go?
>
> 1    Alice wishes to view resource X costing 1 bit from wallet W
>

This is done


> 2    resource X is ACL protected
>

This is done


> 3    Alice visits controller website and indicates wish to view protected
> resource
>

This is done


> 3    Controller website sends back HTTP 402 saying payment required and
> gives a protected location Y for Alice to send a payment
>

So far this is partially done, but server is sending back a 403.  I'd like
to send back a 402 with a Location: header (manu suggested to me)

As a stop gap until that's done a lookup somewhere of contentURL=URI could
be done and give back something like:

{
  "@context": "https://w3id.org/payments/v1",
  "id": "http://example.com/articles/1#offer",
  "type": "Offer",
  "payee": [{
    "id": "http://example.com/articles/1#offer-payee",
    "type": "Payee",
    "currency": "USD",
    "destination": "https://payswarm.example.com/i/bob/accounts/primary",
    "rate": "0.05",
    "rateType": "FlatAmount",
    "comment": "Payment for PaySwarm in Practice by Digital Bazaar."
  }],
  "payeeRule": [{
    "type": "PayeeRule",
    "destinationOwnerType": "payment processor",
    "maximumRate": "10",
    "rateType": "InclusivePercentage"
  }],
  "asset": "http://example.com/articles/1#asset",
  "assetHash": "14618b56ff597a2fed560db9aa0610fe442106a4",
  "license": "http://payswarm.example.com/licenses/blogging",
  "licenseHash": "0d8866836917f8ef58af44accb6efab9a10610ad",
  "validFrom": "2011-03-02T00:00:00+0000",
  "validUntil": "2011-03-03T00:00:00+0000"
  "signature": {
    "type": "GraphSignature2012",
    "created": "2011-03-02T00:00:00Z",
    "creator": "https://payswarm.example.com/i/bob/keys/4",
    "signatureValue": "KXtwA5kXZBJzj1rkPMJmGDROjM+fpi2cJIB+Xqf10="
  }
}


Question: or should this be inline?


> 4    Controller website subscribes to location Y
>

Next step is to get Alice's client to parse this response and find out
where to post the payment


> 5    If Alice is verified as sending a payment she is added to ACL of X
> 6    Payment is subtracted from wallet W
> 7    Alice can view resource X
>

These parts TODO:

You can see a demo partly completed at:

http://inartes.com/?contentURI=https:%2F%2Finartes.databox.me%2FPublic%2Fdante%2Finferno-02%23139

Click on "Next Verse"


>
> I'll be using the SoLiD framework for this.
>
> Anyone see any obvious flaws in the workflow?
>
> [1] https://linkeddata.github.io/SoLiD/
>

Received on Sunday, 26 July 2015 21:57:06 UTC