Re: [Payments Architecture] A vision statement for the web payments architecture work from Adrian Hope-Bailie on 2015-05-19 (public-webpayments@w3.org from May 2015)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Tue, 19 May 2015 20:06:15 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Web Payments CG <public-webpayments@w3.org>, Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <CA+eFz_KgXxmJgj-30UqwmYMiDGDKA_Cm3eNaHNHoeNYD3QONVQ@mail.gmail.com>
Anders,

I'm not sure what you mean by this? Apple has implemented an industry
standard and taken advantage of the biometric security they have built into
their platform to augment it.

This bar can't be reached by any platform that doesn't have hardware based
security equivalent to Apple's TouchID. That excludes almost all other
operating platforms in existence so I'm not sure the W3C are the only ones
who need to do some work to reach this bar.

Is this another one of your "not sure why you are bothering" comments or do
you have something constructive to add to the document?

On 19 May 2015 at 13:38, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> Regarding security, Apple has already set  the bar for this industry.
>
> That this bar currently can't be reached from a browser is a problem that
> W3C needs to solve since everybody else have settled on "Apps" which do not
> suffer from this limitation.
> On May 19, 2015 12:20 PM, "Melvin Carvalho" <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> On 19 May 2015 at 11:46, Adrian Hope-Bailie <adrian@hopebailie.com>
>> wrote:
>>
>>> All true, however the architecture should assume that we will secure
>>> basic things like message content and sensitive data and credentials and...
>>>
>>
>> IMHO, Not at the architectural level, no.  Tools should be provided so
>> that security can be used when necessary.   If the web had started with
>> HTTPS it may never have taken off.  It's all too common especially lately
>> for security to be over engineered creating barriers to participation. If
>> email was secure by design, it may never have taken off too.
>>
>>
>>>
>>> I think the statement "Secure by design" says enough without saying too
>>> much don't you?
>>>
>>
>> I would personally leave it out, and have security considerations inside
>> each individual spec, as is common.
>>
>>
>>>
>>> On 19 May 2015 at 11:33, Melvin Carvalho <melvincarvalho@gmail.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On 19 May 2015 at 11:08, Adrian Hope-Bailie <adrian@hopebailie.com>
>>>> wrote:
>>>>
>>>>> Hi Melvin,
>>>>>
>>>>> Are you referring to this line:
>>>>> * Secure by design
>>>>>
>>>>
>>>> Yes
>>>>
>>>>
>>>>>
>>>>> I agree with what you're saying but I don't think it's necessary to
>>>>> strip this statement out completely. I think it's important that we state
>>>>> that the design is intended to promote security, however that ultimately
>>>>> translates into the implementation.
>>>>>
>>>>> Do you have a suggestion for an alternative wording?
>>>>>
>>>>
>>>> I dont.  I envision web payments ecosystem to be self healing,
>>>> decentralized and fault tolerant.  It's quite difficult to put that into a
>>>> vision statement, because highly connected, scale invariant systems, tend
>>>> to be self organizing.  For example, when dealing with family members, you
>>>> may need low security, but when buying health insurance, higher security.
>>>>
>>>>
>>>>>
>>>>>
>>>>> On 19 May 2015 at 08:58, Melvin Carvalho <melvincarvalho@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On 18 May 2015 at 14:58, Adrian Hope-Bailie <adrian@hopebailie.com>
>>>>>> wrote:
>>>>>>
>>>>>>> The IG are trying to finalize a short vision statement for the work
>>>>>>> we are undertaking, specifically with regards to the architecture we will
>>>>>>> be developing, for payments on the Web.
>>>>>>>
>>>>>>> The document is intended to express the technical principles we
>>>>>>> consider important in the design of the architecture and I'd appreciate
>>>>>>> some input on it's content.
>>>>>>>
>>>>>>> The document is also intended to be short, less than a page, and as
>>>>>>> such not too detailed. It's purpose is to frame the design and allow all
>>>>>>> stakeholders to agree up front that we are aligned on our vision.
>>>>>>>
>>>>>>> The audience should be broad, and not necessarily payments or Web
>>>>>>> technology experts, but since this is related to the design of a technical
>>>>>>> architecture the content will be technical.
>>>>>>>
>>>>>>> Please have a look at the first draft of this document and send me
>>>>>>> your feedback.
>>>>>>>
>>>>>>> https://www.w3.org/Payments/IG/wiki/Payment_Agent_Task_Force/Vision
>>>>>>>
>>>>>>
>>>>>> Personally I would scratch the part on security.  Not because I dont
>>>>>> value security, but because it's quite a subjective term.  Satoshi said, "A
>>>>>> certain per centage of fraud is accepted as unavoidable".  I prefer that
>>>>>> kind of wording.  Also, security can come at the expense of growth and
>>>>>> scalability.  The value proposition of the web is not as a secure system,
>>>>>> much like the post office, telephone or email, but rather, as a highly
>>>>>> connected self organizing system capable of unexpected reuse.  Systems like
>>>>>> bitcoin and ripple are relatively secure but dont scale too well, systems
>>>>>> like the web are relatively insecure but scale well.  What we have tended
>>>>>> to notice with large systems is that security increases with scale.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Adrian
>>>>>>>
>>>>>>> p.s. Thanks Ian Jacobs for the initial work in getting this started.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
Received on Tuesday, 19 May 2015 18:06:44 UTC