Web Payments Community Group Telecon

Minutes for 2012-05-15

Agenda
http://lists.w3.org/Archives/Public/public-webpayments/2012May/0024.html
Topics
  1. Web Intents for Payment
  2. State of the Art Review of Payments
  3. Technologies Focused on in the Group
  4. W3C Next Steps for Web Payment
Chair
Manu Sporny
Scribe
Dave Longley
Present
Dave Longley, Manu Sporny, David I. Lehn
Audio Log
Dave Longley is scribing.
Manu Sporny: today's call is mostly about w3c's headlights program for 2012 and what our position is on Dave Raggett's questions
Manu Sporny: both Doug Schepers and Dave Raggett have asked us to think about how web intents in payments would work
Manu Sporny: the other thing they've asked is for some kind of review on the state of art for payments
Manu Sporny: we may follow up on what technologies we ought to focus on and what the w3c should focus on over the next year on webpayments
Manu Sporny: so we're going to discuss the direction to take, etc.
Manu Sporny: any updates/changes to the agenda?
Dave Longley: nope

Topic: Web Intents for Payment

Manu Sporny: first, the most "dangerous" thing that dave raggett hinted at in his email
Manu Sporny: this is for web intents for payment
Manu Sporny: it seems a lot of people in the w3c think web intents would go a far way in handling webpayments
Manu Sporny: without really covering interoperability
Manu Sporny: Dave Lehn, didn't you implement some web intents stuff at some point?
David I. Lehn: i made a quick demo for buying images/etc... stuff like that using the new scheme handler/registration stuff. It had more to do with payment schemes, but it would more or less work the same way.
Manu Sporny: the w3c is thinking of doing a demo with webpayments with webintents
Manu Sporny: the idea is you get your payment provider from web intents ...
Manu Sporny: but a lot of what payswarm does isn't in there
Manu Sporny: some of the w3c people don't seem to be aware of this interoperabilty issue.
Dave Longley: A couple of thoughts - web intents are a good way to pick your payment provider. [scribe assist by Manu Sporny]
Dave Longley: You visit your payment provider, and that site registers for 'pay' web intent - you go to another site and the browser's interface shows you that you can use visa, payswarm provider, etc. to do that. In PaySwarm, how does the client pick their PaySwarm provider? [scribe assist by Manu Sporny]
Dave Longley: We chose not to address this because BrowserID and Web Intents were going to address it - works well for NASCAR problem. It's fine when the website owner doesn't have a large stake in what's going on... but when they want to sell a good or a service, they need to receive money... fundamentally different situation from login or photo preferences. Dealing with money requires far more trust and security than photos. [scribe assist by Manu Sporny]
David I. Lehn: The quick demo I tried was using registerProtocolHandler API: http://lists.w3.org/Archives/Public/public-webpayments/2011Oct/0013.html
Dave Longley: There must be a greater level of trust between vendor and customer and payment provider - there are also two payment providers involved, potentially. There are four parties that need to trust each other, and two parties that need to interoperate (from a financial standpoing). [scribe assist by Manu Sporny]
Dave Longley: Vendors have to know how to mark up what they have for sale - they need to be able to describe what they're offering - what's the cost? Description of good/service? They need to know that the customer's payment provider is going to process this in the correct way. [scribe assist by Manu Sporny]
Dave Longley: Customers and payment providers need to know that they're doing business with the appropriate party - that the customer's payment provider is abiding by rules that the vendor wants to enforce... if the correct amount isn't paid, you're going to have a big problem. There needs to be some sort of digital agreement/contract/receipt... when you are dealing with those sorts of things, you need to check for authenticity. [scribe assist by Manu Sporny]
Dave Longley: All of this stuff goes way beyond the simple concept of web intents - you also need to care about privacy and encryption... digital signatures. [scribe assist by Manu Sporny]
Dave Longley: All of this leads to some sort of PKI - we end up introducing all of these technologies to establish trust - if we are going to talk about Web Intents - we need to have a way to list assets on a website - PaySwarm does that and we have a vocabulary. [scribe assist by Manu Sporny]
Dave Longley: You need to be able to put this data on your site - RDFa + JSON-LD is one way to do this - this is why we have this in PaySwarm. Once you've done that, you need a way to encrypt and decrypt data - AES and RSA in PaySwarm does that. [scribe assist by Manu Sporny]
Dave Longley: Then you need to check the authenticity of contracts/receipts - you need non-repudiation, you need to be able to check digital signatures - RSA... basically a PKI... you need all of these layers /in addition to/ Web Intents to have the systems be interoperable. [scribe assist by Manu Sporny]
Dave Longley: Not only that, but the payment providers need to interoperate or you have a centralized system - you need some sort of payment provider whitelist - to ensure that payment provider for the buyer can get money to payment provider for the vendor. [scribe assist by Manu Sporny]
Dave Longley: If you don't have all of this stuff, you end up with a centralized system... you have Google, PayPal, Amazon - no room for smaller players, no room for interoperabilty between bigger players. [scribe assist by Manu Sporny]
Manu Sporny: i agree, this is a good breakdown of the problems that exist that aren't covered by Web Intents payments proposal.
Manu Sporny: we can argue that you don't need some of the things on this list individually, but each time you do that, you take away something fundamental from interoperablity or competition ... or you require centralization,etc.
Manu Sporny: any of these things take away from a basic decentralized w3c web solution
Manu Sporny: we need to make this very clear in our response that web intents is just the tip of the iceberg
Manu Sporny: to do payments correctly on the web there's more that has to be done
Manu Sporny: my concern is people will come in an say "well, we can get something working really quickly" and do something centralized
Manu Sporny: but lay out a path to decentralization
Manu Sporny: the intention for this will be good but they could easily be corrupted if a large company jumps in an stops that process
Manu Sporny: i'm going to point doug schepers and dave raggett at this discussion, perhaps they can ping the right people at W3C.
Manu Sporny: they seem to be interested in how to do webpayments in the browser, which is very important, but it's really the last step in the whole process.
Dave Longley: I can see how you can look at existing systems and shopping carts and come up with some UI that looks like it would work - but you'd have the same silo problem that you have today with payment providers - very important to solve the underlying problems first before coming up with the perfect UI for a browser. Web Intents solves the problem of popping up a UI, but it doesn't solve any of the more important, back-end issues. [scribe assist by Manu Sporny]
Manu Sporny: anything else before moving on?
Manu Sporny: ok, moving on

Topic: State of the Art Review of Payments

Manu Sporny: typically the w3c creates an exploratory group to see how/if they want to tackle a problem on the web and they review all the existing relevant technologies
Manu Sporny: the group generates a report that indicates the problems the standard can address and can't address ,etc.
Manu Sporny: so what i think dave raggett wanted is for a list of payment providers to be created and then we'd search for a common thread for standardizing between them.
Manu Sporny: we've been looking at this area for a long time, maybe about 4 years, but the issue is that we haven't really written our findings down...
Manu Sporny: we've done the work, we just didn't write the report but we don't want to distract ourselves from the technical work right now.
Manu Sporny: i indicated on the mailing list that it would be a big distraction for us, but maybe someone else in the group could volunteer.
Manu Sporny: in any case, the biggest problem is that all of the payment providers listed are not interoperable, some of them only work with visa or only mastercard, they each have their own APIs, they aren't compatible with each other
Manu Sporny: some of them are in the spirit of payswarm (using REST-based APIs) but they have other drawbacks - like you have to be a cell network operator to implement their APIs
Manu Sporny: so there are many centralization problems here. I'm hesitant to sign us up for doing work for writing a report on all of this
David I. Lehn: who do they expect to do this work?
Manu Sporny: us (the community group)
Manu Sporny: the w3c is interested in webpayments, but they don't have the W3C membership that would be interested in webpayments, particularly if some large companies aren't interested in interoperability
Manu Sporny: the people that are involved in payments (apple, google, paypal) seem to want to have closed environments
Manu Sporny: the people that are already out there (visa, mastercard, cell phone operators) and really established only work on their payment network (no interoperability)
Manu Sporny: so w3c has asked "why don't these payment providers (or banks) want to write a report on this?"
Manu Sporny: usually these groups don't have the technical expertise to do it (banks), or they don't necessarily want to do any work towards interoperability (large established payment networks like VISA, PayPal, etc.)
Manu Sporny: so instead we have people like those in our CG that are focused on creating interoperability
Manu Sporny: the w3c has an argument then that it should be easy for us to write a report on this because most people in the CG have spent a lot of time researching this already
Manu Sporny: but it's actually quite a time consuming task to do, doing a table wouldn't be difficult, but a report would take a while
Manu Sporny: even just doing a comparison between payswarm and opentransact took a week of writing.
Manu Sporny: there are at least 30 services out there, comparing each one may take a year worth of writing...
Manu Sporny: i think everyone has their plate full and we don't have to write a report, i'm just concerned about the ramifications of that
Manu Sporny: because i can see them saying we didn't have a report on the basic research
Manu Sporny: so how can we create a solution that works for everyone?
Manu Sporny: but we're creating *the* interoperable solution because there isn't one out there
Manu Sporny: i really don't think we should make this our focus now ... we're trying to get payswarm out there and proving the API in the field
Manu Sporny: i think that's much more important than reviewing the current state of the art
David I. Lehn: I agree [scribe assist by Manu Sporny]
Dave Longley: Yeah... maybe once we show how we have an interoperable system - we can show how all the other systems are not interoperable - we don't have the bandwidth to go off and write those reports right now. If someone at W3C wants to write these reports - our CG does not have the resources to do this at this point in time. [scribe assist by Manu Sporny]
Manu Sporny: moving on, the w3c also talked about 3rd party complementary systems
Manu Sporny: on top of payment systems, like checking for lists of ingredients, checking allergies before buying things at the store, etc.
Manu Sporny: all of these things are very linked-data sort of things
Manu Sporny: all interesting extensions that you could investigate
Manu Sporny: but, this is out of scope at present for this group.
Dave Longley: I agree that the extensions are out of scope... but I do think that we need to understand the use cases to make sure PaySwarm covers those use cases. I think that's why we're using JSON-LD and RDFa - we want people to build on the basic, core Linked Data in the system. [scribe assist by Manu Sporny]
Manu Sporny: at the bottom of the w3c report we have two use cases
Manu Sporny: one is using a phone as a ticket
Manu Sporny: we cover that in our payswarm use cases (the concept of a digital receipt and doing something with it)
Manu Sporny: the one use case is monetary transfer without a bank account
Manu Sporny: just using the phone as wallet
Manu Sporny: we go a step further, we say your wallet is something that can't be destroyed/you can't use ...
Manu Sporny: you either store your wallet on your own server or with a payment provider you trust
Manu Sporny: we've discussed these i think and payswarm covers them
Dave Longley: Can we change the mailing list that they use? Did they meant to do this: public-web-payments@w3.org [scribe assist by Manu Sporny]
David I. Lehn: i got the idea that they meant to have a different mailing list for different purposes
discussion about the mailing list issues, etc.
Manu Sporny: i'll send an email to dave raggett about how the two mailing lists might cause confusion
Manu Sporny: since the working group doesn't exist yet, etc.

Topic: Technologies Focused on in the Group

Manu Sporny: we're focused on specifically payswarm, webcredits, and opentransact
Manu Sporny: most discussion has been on payswarm
Manu Sporny: now we also have IFEX
Manu Sporny: which we should track because it solves an issue that none of the other specs cover
Manu Sporny: which is how you do an exchange for currency and move physical funds
Manu Sporny: for example, the frontend for webpayments could be payswarm with the backend being visa, mastercard, etc, and IFEX
Manu Sporny: the group also asked why don't we focus on a major player ... the simple answer is that no one in the group works there or knows where they are trying to go
Manu Sporny: we don't know what they want or how we ought to standardize for them
Dave Longley: i agree
David I. Lehn: agreed

Topic: W3C Next Steps for Web Payment

Manu Sporny: so what do we want them to do to help webpayments out?
Manu Sporny: dave raggett proposed a workshop/outreach
Manu Sporny: one of the things w3c could do is become more involved in the mailing list and on the calls
Manu Sporny: i know doug subscribes to the list but is very busy as is dave
Manu Sporny: we could ask them to make w3c a priority
Manu Sporny: i think we should push them to figure out where payments belongs (which group it belongs in)
Manu Sporny: and figure out the criteria for starting a working group, etc.
Dave Longley: I'd really like to see W3C be more involved on the list or the calls - or both. All the people that are working on this stuff toward interoperability are fairly involved already... we need them to be more involved. [scribe assist by Manu Sporny]
David I. Lehn: I agree - I want to make sure we are addressing everything they want us to address. [scribe assist by Manu Sporny]
David I. Lehn: Would having a summary help them understand where we are from week to week. [scribe assist by Manu Sporny]
Manu Sporny: i think the minutes are clear, we're having regular meetings, they could attend and give their thoughts or they could read the minutes and comment on the list
Manu Sporny: we announce the meeting on twitter and the mailing list and the website
Manu Sporny: i think the problem is they are lacking the bandwidth to keep up with this stuff
Manu Sporny: and none of the member companies really want to get involved
Manu Sporny: i don't want to create more work than we already have
Manu Sporny: we're already focused on the things we think will make a difference
Manu Sporny: what the working group needs is a spec and an experimental implementation of that spec
Manu Sporny: i think we need to discuss with the w3c team and indicate what we want out of this and what they need
Manu Sporny: we could try reaching out to google and paypal or have w3c reach out to them
Manu Sporny: flattr/IFEX/opentransact are keeping an eye on the list
Manu Sporny: Amir Taaki (bitcoin) pings us from time to time, watches the group
Manu Sporny: most of the experimental providers on the w3c report are watching this list/know about it
Manu Sporny: maybe it would be helpful to get the ripple on board
Manu Sporny: opentabs work is being done in this group
Dave Longley: I really think we need to get someone from W3C participating in the calls, or reading the minutes - the Web Intents suggestion was a great example of missing the mark. We need the W3C folks to be more educated about the work that is happening in this group. [scribe assist by Manu Sporny]

Created by the Web Payments Community Group. Shared with love under a CC-BY license.