Web Payments Community Group Telecon

Minutes for 2011-12-02

  1. Buyer Registration
  2. Identity Privacy
Manu Sporny
Jeff Sayre
Jeff Sayre, Manu Sporny, Mike Johnson, Jose 'Manny' De Loera, David I. Lehn
Audio Log
Jeff Sayre is scribing.
Manu Sporny: Any updates to agenda?
No updates to the Agenda.

Topic: Buyer Registration

Manu Sporny: IRI is used to identify identity (buyer)
Manu Sporny: IRI is used to identify financial account
Manu Sporny: Builds off of WebID work. Since system is decentralized, we need way of identifying things. IRIs are a good way to do that.
Manu Sporny: Identities may be self minted or created by a 3rd-party identity source
Mike Johnson: The language is paragraph is not too clear before the three definitions.
Mike Johnson: Why do they need an entity/identity account?
Mike Johnson: ...versus just having a financial account. Why an entity account in addition to financial account?
Jose 'Manny' De Loera: This process attempts to broaden description as why these three steps are required, correct?
Mike Johnson: Financial transaction just gives identifier, it has nothing to do with actual identity (account info)
Manu Sporny: Entity IRI was put in as the actual asset acquirer in the digital contract.
Mike Johnson: Will system be tied to financial account or to a specific identity?
Mike Johnson: The spec is not sufficiently clear why an entity IRI is needed
Manu Sporny: We should change "entity IRI" to "identity IRI", since that's what we're using internally.
Manu Sporny: We have identity IRIs because we need to be able to tie specific financial accounts to specific individuals (identities), we need to tie WordPress sessions to customer IDs (which are identity IRIs), we need to be able to manage multiple financial accounts per person, and because financial accounts may not always belong to the same person through time.
Jeff Sayre: I like the change from entity to identity
Mike Johnson: What happend when identity is transferred?
Manu Sporny: This is why we have identity IRIs: tie identity to specific account. Second, identify user who goes to each site.
Mike Johnson: We don't need to get rid of identity IRI. Instead, tie it to a financial account.
Jeff Sayre: That does away with user-centric control, does it not?
Mike Johnson: The things that owns the right to access account, is it the identity or the person behind it?
Mike Johnson: Can we simplify all that goes into transactions by limiting the amount of identifying info in each contract?
Mike Johnson: What happens when you sell/transfer an account? Is it tied to an identity?
Jeff Sayre: In my view, identity is the most atomic piece of datum that any transaction needs to store. [scribe assist by Manu Sporny]
Jeff Sayre: I think it's fundamental that identity is not only captured in an individual contract, but is also the underlying electricity in the whole transaction. [scribe assist by Manu Sporny]
Jeff Sayre: What happens when you transfer an account? An account or a series of accounts can be transferred... once it is transferred, the new identity is now the new owner. [scribe assist by Manu Sporny]
Jeff Sayre: Identity IRIs are crucial to capturing the context. [scribe assist by Manu Sporny]
Mike Johnson: In the current financial system identity is abstracted in financial transactions.
Mike Johnson: How can we facilitate anonymous accounts?
Mike Johnson: Not sure the best way to approach this, but it is important to look at info stored to protect privacy or at least more loosely tie in ID info.

Topic: Identity Privacy

Mike Johnson: Does an asset buyer have to give out ID or just associate their account?
Manu Sporny: In PaySwarm, we have a Profile (usename/password), which can contain N identities, each identity can contain M financial accounts
Manu Sporny: Some IDs can be anonymous
Manu Sporny: With an anon-ID, it would not be possible (at least not easily) traceable to a physical entity.
Jeff Sayre: When I use the word identity, I use it in a different way than many folks do - online, identity is just an identifier - that's what I mean. [scribe assist by Manu Sporny]
Manu Sporny: When we say identity we mean identifier - that identifier can refer to a person, organization, dog, cat, tree, etc.
Jeff Sayre: Yes, that makes sense - we may want to use 'identifier' instead of 'identity' - but that may raise another set of arguments/confusions. [scribe assist by Manu Sporny]
Mike Johnson: Even though our system is designed so that a given user can have a particular identity (name, address, etc.), it would be nice to allow purchases to be made that give the purchaser a level of abstraction, that gives them some anonymity.
Mike Johnson: It is a subtle difference that we may not want to support in PaySwarm 1.0, but providing the option for user anonymity is an important consideration. We may want to change the spec language to be more description of what is meant.
Jose 'Manny' De Loera: Depending on what you want to be anonymous about may be a bigger issue. How are we going to be able to deal with the consequences of questionable transactions?
David I. Lehn: Also, it's not completely anonymous. it's just the authority choosing not to share who an identity belongs to.
David I. Lehn: Though a totally anonymous authority working with bitcoins or something would be possible in theory, I think
Manu Sporny: There are limits to the kind and level of anonymity that PaySwarm will offer. The system still allows for legal authorities, when necessary, to discover true owners of anonymous accounts... however, to address Mike's question - we do deal with anonymity in the system now.
Manu Sporny: PaySwarm is not like Bitcoin that is strongly anonymous. We need to be aware of the issues with strong anonymity and make sure that a sufficiently level of protection (both for buyers and vendors and society) is offered.
Mike Johnson: I agree with these points. PaySwarm will be a much more powerful tool if we establish that questionable activity must be investigated by enforcement services and not the PaySwarm Authorities.
Mike Johnson: Although a user can have multiple online IDs, they must be tied to an actual real-world entity.
Mike Johnson: The point is that we facilitate some identity abstraction between parties.
Mike Johnson: We need to be aware of what info is captured in transactions and what is mandated.
Manu Sporny: The current spec simply mandates two IRIs without stating that it ties (captures) the specific identities of each party.
Mike Johnson: Bank transaction do not mandate an actual person be verified before a transaction is processed. All that is required is that an verifiable account is used.
Manu Sporny: We will continue discussing the registration process on our next call.
Manu Sporny: Next call December 16, 2011.

Created by the Web Payments Community Group. Shared with love under a CC-BY license.