Re: [Payments Architecture] A vision statement for the web payments architecture work from Kepeng Li on 2015-05-21 (public-webpayments@w3.org from May 2015)

From: Kepeng Li <kepeng.lkp@alibaba-inc.com>
Date: Thu, 21 May 2015 13:53:20 +0800
To: Ian Jacobs <ij@w3.org>, Katie Haritos-Shea GMAIL <ryladog@gmail.com>
CC: Adrian Hope-Bailie <adrian@hopebailie.com>, David Ezell <David_E3@verifone.com>, Manu Sporny <msporny@digitalbazaar.com>, Web Payments IG <public-webpayments-ig@w3.org>, Web Payments CG <public-webpayments@w3.org>
Message-ID: <D183936F.A770%kepeng.lkp@alibaba-inc.com>

>I prefer that we focus in that bullet on Security.


+1. This bullet is mainly about security and privacy.

Kind Regards

Kepeng Li
Alibaba Group

在 20/5/15 11:45 pm， "Ian Jacobs" <ij@w3.org> 写入:

>
>> On May 20, 2015, at 10:39 AM, Katie Haritos-Shea GMAIL
>><ryladog@gmail.com> wrote:
>> 
>> I propose to add privacy in the sentence:
>> Supports a wide spectrum of security and privacy needs to meet industry
>> and regulatory expectations.
>> 
>> I would also add that the word accessibility be added to the sentence
>>as well, as it also falls under industry and regulatory expectations.
>
>I prefer that we focus in that bullet on Security. Accessibility is
>covered earlier in the doc.
>Ian
>
>> 
>> 
>> 
>> * katie *
>> 
>> Katie Haritos-Shea
>> Senior Accessibility SME (WCAG/Section 508/ADA/AODA)
>> 
>> Cell: 703-371-5545 | ryladog@gmail.com | Oakton, VA | LinkedIn Profile
>>| Office: 703-371-5545
>> 
>> From: Adrian Hope-Bailie [mailto:adrian@hopebailie.com]
>> Sent: Wednesday, May 20, 2015 10:07 AM
>> To: Kepeng Li
>> Cc: David Ezell; Ian Jacobs; Manu Sporny; Web Payments IG; Web Payments
>>CG
>> Subject: Re: [Payments Architecture] A vision statement for the web
>>payments architecture work
>> 
>> All suggestions incorporated.
>> 
>> On 20 May 2015 at 08:48, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
>>> > Supports a wide spectrum of security needs to meet industry and
>>> >regulatory expectations.
>>> 
>>> 
>>> I propose to add privacy in the sentence:
>>> Supports a wide spectrum of security and privacy needs to meet industry
>>> and regulatory expectations.
>>> 
>>> 
>>> In the use case document, we have already mentioned some privacy
>>> requirements, and we have also talked about minimizing the exposure of
>>> sensitive information in the subsequent bullets.
>>> 
>>> Thanks,
>>> 
>>> Kind Regards
>>> 
>>> Kepeng Li
>>> Alibaba Group
>>> 
>>> 
>>> 在 20/5/15 8:25 am， "David Ezell" <David_E3@VERIFONE.com> 写入:
>>> 
>>> >That's good.
>>> >
>>> >-----Original Message-----
>>> >From: Ian Jacobs [mailto:ij@w3.org]
>>> >Sent: Tuesday, May 19, 2015 8:07 PM
>>> >To: David Ezell
>>> >Cc: Manu Sporny; Web Payments IG; Web Payments CG
>>> >Subject: Re: [Payments Architecture] A vision statement for the web
>>> >payments architecture work
>>> >
>>> >* PGP Signed by an unknown key
>>> >
>>> >
>>> >> On May 19, 2015, at 3:10 PM, David Ezell <David_E3@VERIFONE.com>
>>>wrote:
>>> >>
>>> >> Hi Folks:
>>> >>
>>> >> Ian wrote:
>>> >>> * Supports a wide spectrum of security needs to meet industry and
>>> >>>regulatory expectations.
>>> >>>   To meet regulatory requirements and give people enough
>>>confidence to
>>> >>>use the Web for
>>> >>>   payments, the architecture must support a wide spectrum of
>>>security
>>> >>>requirements and
>>> >>>   solutions. This includes the ability to encrypt strongly both
>>> >>>sensitive information and the
>>> >>>   channels used to exchange the information, as well as supporting
>>>an
>>> >>>evolving variety of
>>> >>>   authentication techniques (multifactor, biometric, etc.). Trust
>>>in
>>> >>>the Web of payments
>>> >>>   is critical to its success.
>>> >>
>>> >> Yes, all good.  Gives a list of things that will be included.
>>>Somehow
>>> >>(and there's a lot there already) I think it should say what we will
>>> >>attempt >not< to require.
>>> >> Perhaps a second bullet for clarity:
>>> >> "* Minimizes (eliminates?) reliance on Personally Identifiable
>>> >>Information (PII) to fulfill any requirements.”
>>> >
>>> >How about:
>>> >
>>> >* Supports a wide spectrum of security needs to meet industry and
>>> >regulatory expectations.
>>> >   Trust in the Web of payments is critical to its success.
>>> >   To meet regulatory requirements and give people confidence to use
>>>the
>>> >Web for
>>> >   payments, the architecture must support a wide spectrum of security
>>> >requirements and
>>> >   solutions. This includes minimizing what sensitive information is
>>> >shared as well as the ability
>>> >   to encrypt that information (both in transit and when stored). The
>>> >architecture will also need
>>> >   to support an evolving variety of authentication techniques
>>> >(multifactor, biometric, etc.).
>>> >
>>> >Ian
>>> >
>>> >--
>>> >Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
>>> >Tel:                       +1 718 260 9447
>>> >
>>> >
>>> >
>>> >
>>> >* Unknown Key
>>> >* 0x0ECB09CB
>>> >________________________________
>>> >This electronic message, including attachments, is intended only for
>>>the
>>> >use of the individual or company named above or to which it is
>>>addressed.
>>> >The information contained in this message shall be considered
>>> >confidential and proprietary, and may include confidential work
>>>product.
>>> >If you are not the intended recipient, please be aware that any
>>> >unauthorized use, dissemination, distribution or copying of this
>>>message
>>> >is strictly prohibited. If you have received this email in error,
>>>please
>>> >notify the sender by replying to this message and deleting this email
>>> >immediately.
>>> 
>
>--
>Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
>Tel:                       +1 718 260 9447
>
>
>

Received on Thursday, 21 May 2015 05:54:23 UTC