Re: sketching out HTTP 402 workflow from Melvin Carvalho on 2015-07-27 (public-webpayments@w3.org from July 2015)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 27 Jul 2015 13:04:45 +0200
To: Michael Bumann <hello@michaelbumann.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAKaEYh+MEL6h0c54QVe7dwTwhHtheRTh4XjkbybMXG3nAQ-mOQ@mail.gmail.com>

On 27 July 2015 at 12:53, Michael Bumann <hello@michaelbumann.com> wrote:

> Hej,
>
> I'm pretty new to the list and still researching all the valuable content
> that is published here.
>
> Actually I am currently also experimenting with a Bitcoin
> based/Cryptocurrency based payment flow in the browser -  built around a
> browser extension that integrates with the user's wallet. As far as I
> remember a solution that is using Bitcoin as a mechanism of value transfer
> from the client to the server has been discussed here a while ago.
>

Great!

>
>
> From what you are describing I was wondering how the "Payment would be
> subtracted from the [user's] wallet"? Which party is in charge of that?
> Does this mean there is necessarily a third-party involved that handles
> the payment from the client to the server?
>

My concept of wallet my differ slightly from others.  In a digital sense my
wallet allows one or more users to see their balance, and make payments to
other users.

First of all, wallets are decentralized, and so can live anywhere.  So
there's not an in built concept of client and server.  That's an
implementation detail, normally inherited from HTTP.

Which party can change the balances?  Well in bitcoin it's the miners that
are trusted, based on a non incentive to cheat.  In my system the balances
can be changed by any party that both users trust.  That could either be
each other, an administrator, a server, or a robot.  That level of trust
will be quantified as per TrustDavis or ripple.  And settlement can occur,
say, via the bitcoin network.

These are all configurable options depending on how the users and merchants
want to interact.  The decentralized nature of the model means the data can
live anywhere (we just prefer always on HTTP servers for convenience) ...
the controller similarly can live anywhere, but it needs access control
granted on the balances ... and the view / UI can live anywhere generally
talking to the data server via http.

Hope that makes some sense! :)

>
>
> thanks,
> Michael
>
>
>
>
> On 26 Jul 2015, at 01:22, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
> > I'd like to sketch out a design and workflow for HTTP 402 that I think
> would be possible to implement as a proof of concept
> >
> > im trying to design a payment system using SoLiD and HTTP 402 ... I
> wonder how it would go?
> >
> > 1    Alice wishes to view resource X costing 1 bit from wallet W
> > 2    resource X is ACL protected
> > 3    Alice visits controller website and indicates wish to view
> protected resource
> > 3    Controller website sends back HTTP 402 saying payment required and
> gives a protected location Y for Alice to send a payment
> > 4    Controller website subscribes to location Y
> > 5    If Alice is verified as sending a payment she is added to ACL of X
> > 6    Payment is subtracted from wallet W
> > 7    Alice can view resource X
> >
> > I'll be using the SoLiD framework for this.
> >
> > Anyone see any obvious flaws in the workflow?
> >
> > [1] https://linkeddata.github.io/SoLiD/
>
>

Received on Monday, 27 July 2015 11:05:14 UTC