- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 13 Sep 2015 06:10:50 +0200
- To: Web Payments CG <public-webpayments@w3.org>
Hi Guys,
I'm not much into linked data but suddenly I had inadvertently (!) "reinvented" some flavor
of that anyway. My attempt to replace the (in practice) very centralized Tokenization concept
with a (Provider-wise) fully distributed system requires published "Authority" objects by
Payment providers (banks) and Card processors (aka Acquirers).
Authority objects contain the following:
- An entity signature which can be checked for correctness (like is this acquirer authentic?)
- Current entity encryption keys
- A URL for posting transaction requests
Payment providers are supposed to get the applicable Card processor's URL
through the Merchant's requests. The payment processor in turn in turn use
the encryption keys to protect card data when returning the response to the Merchant.
{
"@context": "http://xmlns.webpki.org/webpay/v1",
"@qualifier": "Authority",
"authorityUrl": "https://cardprocessor.com/webpay-acquirer/authority",
"transactionUrl": "https://cardprocessor.com/webpay-acquirer/acquire",
"encryptionParameters":
{
"dataEncryptionAlgorithm": "A128CBC-HS256",
"keyEncryptionAlgorithm": "ECDH-ES",
"publicKey":
{
"type": "EC",
"curve": "P-256",
"x": "NnHSMo1XizSBAba3pLMLwjpEHTF9E1tVAdWSoOFMI1I",
"y": "1GdQEZwRUkFy6m2uaCffDwsAWKnfEP_LqcC9ONcjBbE"
}
},
"timeStamp": "2015-09-13T03:16:59Z",
"expires": "2016-09-13T00:00:00Z",
"signature":
{
"algorithm": "ES256",
"signerCertificate":
{
"issuer": "CN=Acquirer Network Sub CA5,C=US",
"serialNumber": "1441431165234",
"subject": "CN=cardprocessor.com,2.5.4.5=#1306383039393536,C=US"
},
"certificatePath":
[
"MIIBvzCCAWOgAwIBAgIGA....V4zaPKWtOj1Cs1AJyVV0A",
"MIIDdDCCAVygAwIB....SgxJhJMBY90ltRkY4kTHWqv-"
],
"value": "nd_KH6RAavU3qDT8TQd....KpqdPbzypIULjRaAGSqvI1jxQ"
}
}
BTW, try to do this using IETF JOSE and you'll see why JOSE won't make it in payments!
WDYT?
Anders
Received on Sunday, 13 September 2015 04:11:25 UTC