Web Payments Community Group Telecon

Minutes for 2013-08-14

Agenda
http://lists.w3.org/Archives/Public/public-webpayments/2013Aug/0032.html
Topics
  1. Introductions to Adam B. Levine and Anders
  2. Update from Andrei on PaySwarm Marketplace Demo
  3. Project Watershed
  4. Crypto Key Storage in the Browser
Chair
Manu Sporny
Scribe
Dave Longley
Present
Dave Longley, Manu Sporny, Adam B. Levine, Anders Rundgren, Andrei Oprea, David I. Lehn
Audio Log
Dave Longley is scribing.
Manu Sporny: before we get started let's do some introductions

Topic: Introductions to Adam B. Levine and Anders

Adam B. Levine: my name is Adam B Levine, my background is with bitcoin, i've been involved for ~2 years, i do a show let's talk bitcoin, i'm really interested in micropayments to figure out barrier to entry for purchases, txns, commerce of all kinds on the web, bitcoin accomplishes the goal of low overhead and it's very inclusive and it's been very difficult for me to monetize the shows i do and bitcoin has made that much easier (internationally), i'm working on project watershed right now and i'm trying to figure out if i'm putting it aside for a bit because there are some for-profit outfits trying to do the same thing now, so i'm trying to figure out how to devote my time because i don't have enough of it
Anders Rundgren: i'm Anders Rundgren, i work on [security solutions] for about 10 years, RSA security,etc. and my interest is in payments from the authentication side, i think that payments technologies should be more close than they are today, i want to see some standards/open source used to accomplish this goal
Anders Rundgren: i've also worked with a small PKI provider for passports and stuff like that
Manu Sporny: ok, sounds good, content distribution, identity, and payments go hand in hand

Topic: Update from Andrei on PaySwarm Marketplace Demo

Manu Sporny: Andrei is going to give us a quick update on his progress on the payswarm marketplace stuff he's been doing
Andrei Oprea: i've successfully made in-app purchases, i've run into some issues, one would be that when making an in-app purchase i got an error saying that there was no receipt, but the purchase did go through, so i can see it as a successful purchase
Andrei Oprea: i wanted to ask how to sell something that isn't music/book/etc something like that, if it's a service, what should the user receive
David I. Lehn: We'll need more debugging info on this. [scribe assist by Manu Sporny]
Dave Longley: let's take this offline, it may take some debugging. callbcks are only through web interface. [scribe assist by Manu Sporny]
Manu Sporny: as far as marking things up for sale for services, say, a dog walking service, the asset is just a block of time for services for an hour, etc.
Manu Sporny: invoices will be modeled as assets as well
Manu Sporny: when you want to sell something, the asset always encapsulates what you're selling, it's as broad as possible, if there's something that doesn't quite fit into the asset model we should discuss it, but we tried to make it cover as much as we could (be really generic)
Andrei Oprea: if someone purchases a dog walking service what do i give them?
Manu Sporny: typically an invoice would be produced that described what services were used (it would be an asset) and there would line items in the asset
Manu Sporny: we could change things so that a service could be used instead of an asset
Dave Longley: I don't think we'd necessarily want to do that - an additional type for an Asset can be a service. We're trying to find the correct vocabulary terms for what you're trying to model, to properly markup what you want. [scribe assist by Manu Sporny]
Dave Longley: Finding the right vocabulary for what you want to sell is important. [scribe assist by Manu Sporny]
Dave Longley: You may want to look online for some other vocabularies. You may add additional types to the asset that gives more information about what it is... you could have DogWalkingService in there if that's a part of a vocvabulary. [scribe assist by Manu Sporny]
Manu Sporny: You might take a look at the Product Ontology - http://www.productontology.org/ which has stuff like: pto:WebPage pto:Shovel pto:CinderBlock lots of things you could augment Asset with.
Manu Sporny: ok, great progress andrei, we can discuss after the call getting stuff onto the VM, etc.

Topic: Project Watershed

Manu Sporny: so Adam sent an email to the web payments mailing list about project watershed and gave a talk at the bitcoin conf about it, so give us an overview
Adam B. Levine: the basics ... the point of what i'm trying to do is to build an open source and free platform that is agnostic in the way a wordpress install would be, but i would build on top of crypto stuff for frictionless payments, where lots of other currencies (non-bitcoins) require you to go through a lot of hoops to buy things, bitcoin doesn't require that
Adam B. Levine: with bitcoin you can just generate new addresses for every purpose you want
Adam B. Levine: we're looking at tech for a hierarchical key management to fix some of the technical problems here
Adam B. Levine: instead of having a banner on a webpage/billboard on side of the road, the process in order to buy something by clicking on something like this ... if you're on a webpage to consume content you are much less likely to use one of the advertisers there simply because it's asking you to click somewhere and leave, it's a disruptive act, so sites where you were already planning to leave get more success from this method, but if you didn't want to leave you're less likely to use this.
Adam B. Levine: you can do purchases/subscriptions using this new tech by clicking on ads without disruption so the ads function more like vending machines
Adam B. Levine: my focus with this project is to find better ways to monetize content and work with communities, once you get critical mass everything's ok, but before that it's difficult, it's an enormous cost to deal with the same issues prior to critical mass (issues are same between small and big sites, but only big sites can fix them)
Adam B. Levine: bitcoin has a problem right now, 6 cents USD for txns, but compared to the size of donations, it's not as good as it could be, the solution that bitcoin community is coming from is off-chain txns, so you keep track of small off-chain txns and then at some point if someone wants to cash in you make the conversion at that point so the txn cost makes more since for $3 (in aggregate) vs. 25 cents
Adam B. Levine: so with this system you can incentivize content creation
Manu Sporny: we're 100% on board with what you want to do here, specifically, DB, the people that created payswarm, our background was in monetizing content, we had ~1 million independent songs we were selling, we had a p2p network where fans could make money off of selling content (in addition to artists) as distributions on the p2p network
Manu Sporny: we absolutely believe that what you're doing is a problem with solving
Manu Sporny: as far as the tech used to solve the problem, you're coming from bitcoin blockchain side, we're coming from a web perspective, the talk i gave recently was about a huge community on the web 2.5 billion people, our goal is to slightly tweak the web so that payments are integrated into the core of the web
Manu Sporny: bitcoin has a lot of advantages over the current financial system, and we also want to use feature sof the web to enhance current financial system
Manu Sporny: payswarm has the ability to give an address for every single thing for sale on the web, we use a URL
Manu Sporny: we use URLs to identify assets, things for sale, people that are selling it
Manu Sporny: just like bitcoin has one address per use per user, instead of doing that, we use a URL for that txn and each txn gets its own URL and it creates a nice decentralized system that already has a fairly large community (the web) using it
Manu Sporny: the other part of that is that bitcoin has a number of adv. and disadv. txns cost around $0.06 which can make things difficult, on meritora the txn fee is 2% which can go down over time and that applies over time the minimum fee we charge for doing that is like 0.0002
Manu Sporny: with payswarm only USD is supported right now but one of the next things on the roadmap is building bitcoin into it
Manu Sporny: you know how you kept track of bitcoin txns offline and then cash out, that's essentially what we're implementing in payswarm
Manu Sporny: and once that's there you can send a couple of shitoshi's to someone and not have it all eaten up in txn fees
Manu Sporny: the other thing is txns are immediate, etc. and you dont' have to wait for the block chain to settle
Manu Sporny: that's where we are, so i think the goals here are completely aligned
Manu Sporny: we definitely want to help people create content on the web, we are content agnostic and currency agnostic, the system is designed that way, we're interested in achieving the same goals
Adam B. Levine: yeah, i listened to your calls and i agree, i think it's great, and that's the ultimate solution, especially that payswarm is currency-agnostic
Manu Sporny: we also think the number of the currencies in use will explode over time
Manu Sporny: even with bitcoin there are all kinds of tiny tweaks you can do, like forking it and introducing inflation, that's a new currency, any of these things changes the dynamic of how the block chain is operated, etc.
Manu Sporny: we've talked about creating a fiat currency on a block chain
Manu Sporny: clearly there are people that don't like that ide,a but if we can move fiat currency over to a block chain like mechanism that could address some fraud related issues we have today
Manu Sporny: there is a lot of room for currencies to grow here and chain, etc.
Manu Sporny: no reason to focus on one particular currency
Adam B. Levine: i totally agree, the other point of watershed is to break the media model we have right now, that's my other passion
Adam B. Levine: i don't really enjoy doing the out in public and journalism stuff, i probably should, and i feel like very few people are doing this enough, not that i'm great at it, part of this is how we fund media, microtransactions lower the barrier for the audience to be in charge of media
Adam B. Levine: i want a platform where the advertisers and creators of media are more separate, one side is audience+content creators who care about the content, the platform advertisers are looking at it from a 1000 ft level at money, etc.
Adam B. Levine: right now the payments don't flow directly, the advertiser gets paid, who pays the platform, who pays the creator, etc.
Manu Sporny: Web Payments use cases: https://payswarm.com/specs/source/use-cases/
Adam B. Levine: i think it should be the audience that is consuming the content should be giving direct feedback by judging the quality of the content, etc.
Manu Sporny: yes, a number of the things you're talking about are in the use cases in the payswarm spec
Manu Sporny: again, our background is in media, talking about artists/scientists/content creators, whomever, we want them to have access to capital from their fans, we want kickstarter to exist without the high fees, etc.
Adam B. Levine: yes, so we're very aligned
Manu Sporny: so, the question is where do we go from here, so we're very involved in the technical side of things, free and open standard, etc. and we're talking with browser manufacturers, these are our strengths, we can build the tech and commercialize it and we have contacts for getting things into web browsers, and we haev some contacts in the finance community to lean on, so where do you see collaboration opportunities here
Adam B. Levine: my plan from here has been finishing development on laying out the vision and then handing it off to a developer to implement, his estimate was $15k for 2-3 months of develop, i don't think it's terribly difficult/expensive to implement, i just want this to exist, i don't care who pays for it or whatever, i just want it to happen
Adam B. Levine: if this is something you want to throw time at, it doesn't have to be project watershed, i just want these tools to exist
Manu Sporny: have you seen the payswarm wordpress demo?
Manu Sporny: PaySwarm Sandbox: https://dev.payswarm.com/
Adam B. Levine: no, there's bitcredit.io and bitwall.io, two recent start ups without a product yet but maybe in 2 weeks, i'm trying out business model with one and with another, i'd be happy to try things out
Manu Sporny: so right now we have a wordpress plugin and you click buy on an article and you pay a very small fraction of what you'd pay now and get access to an article, etc.
Manu Sporny: we can also add crowd funding,etc. to that plugin
Manu Sporny: this has been done and out there for multiple months now, we're looking to see if people want to adopt it, and we want to add bitcoin support
Manu Sporny: i think the place to start would be if you could look at it and tell us what's missing from the vision you want and we could reprioritize based on your feedback
Manu Sporny: eventually you'll have a technical implementation based on payswarm creating what you want
Manu Sporny: so you can look at that and we can go from there
Adam B. Levine: ok, that sounds good, yeah, i'll look at that and we can talk about moving forward on that
Adam B. Levine: this works with USD?
Manu Sporny: the demo site uses fake money, but there is a real version too
Adam B. Levine: can you do multiple currnecies?
Manu Sporny: now no, in the future, yes, you could say "we access USD and bitcoins" for instance.

Topic: Crypto Key Storage in the Browser

Manu Sporny: ok, we're very aligned and let's collaborate more in the future.
Manu Sporny: so you had posted things about crypto key storage in the browser
Manu Sporny: i had a chance to look through all three of the documents you had sent out and could you go over it a bit more?
Anders Rundgren: you were talking about a number of things that were quite interesting, like plugins and extensions to the browser and this is all related
Anders Rundgren: on the first document, i wrote about why i started this project back in 2006, i was concerned with 2 factor auth not working properly, they do their own clients and not use a browser client, for many reasons, still happens today with android, banks use their own solution, they don't use the built in android solution, anyway, the inspiration is this
Anders Rundgren: i started looking at protocols for key provisions to try and solve this problem.
Anders Rundgren: i found that i needed to match the keystore and a protocol to go with that for each keystore type, etc.
Anders Rundgren: i'm a lurker with web crypto API, not a member, and it's great tech, but it has no connection to system keystores
Anders Rundgren: i started playing with extensions to tie together new keystores and old ones
Anders Rundgren: and i have a document that talks about payments with respect to this which is how i got here
Manu Sporny: "Executive Level" description of the SKS/KeyGen2 concept: http://webpki.org/papers/SKS-KeyGen2-Project.pdf
Manu Sporny: The WebCrypto/SKS combination: http://webpki.org/papers/PKI/pki-webcrypto.pdf
Anders Rundgren: The mozpay has predefined trusted UI, which is fine, there's a problem with that because payment systems can be very different, what i'd like to have is a trusted UI that is adaptable that is programmable, it's very hard to combine a programmable system that is also trusted
Anders Rundgren: so i have talked about a trust model based on a key that signs code, each payment provider has their own protocol and ui that may or may not be standardized but the trusted part is only valid for certain pieces of software, instead of something that is universal i think that's another way to solve the problem that's what i've come up with recently
Anders Rundgren: it is very complicated to have a dialog because of things that must be cleared before discussion, etc.
Manu Sporny: we operate must more transparently than that, so i've got some comments on that
Manu Sporny: on crypto in the browser, we're definitely focused here, as are you, the idea here is to create crypto keys and keep them in the browser and specify exactly what the keys can or can't be used for, keeping permissions for them,e tc.
Manu Sporny: the idea here is not to do it through an extension to the browser but to use existing tech (browser native)
Manu Sporny: so there's no installation
Manu Sporny: so your idea is to sign code and transmit signatures via postMessage(), that's how persona works, that's how they do their digital signatures
Manu Sporny: but persona is server-side, but your solution would use keys stored on the client
Manu Sporny: so we're really interested in this approach for the web payments tuff
Manu Sporny: currently w/payswarm, you delegate all the digital signature stuff to your payment processor, because of browser client-side limitations
Manu Sporny: eventually we want the customer to be in charge of all the signatures on the receipts, etc. in order to do that you have to have keys in the browser/device, so you need a secure way of doing this via the browser, so this approach using domain-locked keys and the web crypto API for the signature and using postMessage() to send the signature is great
Manu Sporny: i want to have a high level discussion with you and figure out how to utilize this tech, outside of persona i haven't seen too many people working on this, and it's the approach we like
Manu Sporny: if you look at the solution you're proposing in your documents it may not just be stop-gap it may be the way to do things
Anders Rundgren: Yes, anonymizing stuff is important.
Manu Sporny: we use a URL to identify customers to the merchants right now (not necessarily personal info there at all)
Manu Sporny: in bitcoin only you are in control of your private keys, etc.
Manu Sporny: with payswarm your payment processor has some control over that
Manu Sporny: we want to empower the customer more
Anders Rundgren: what about the browser vendor support for what you're doing?
Anders Rundgren: does this require an extension in the browser?
Manu Sporny: we don't want to depend on the browser vendors to innovate
Manu Sporny: the approach we're taking right now doesn't need a browser extension, the downside is that we can't do customer-based digital signatures
Anders Rundgren: i don't know exactly what the role will be, i'm thinking of working with device vendors, because they have a large market that is super advanced rather than going through the
Anders Rundgren: it takes a very long time to get anything done there
Manu Sporny: i think you could get a certain implementation of the system you have right now, these payswarm payment processors could be interested in implementing that stuff so long as it's kept on the payment processors, they are more ok with doing crypto hacks to get a more secure system
Manu Sporny: it's not a priority for the browser vendors to implement this sort of stuff, they have other things on their plate.
Manu Sporny: we want to stay in touch and work with you as well, the best approach would be, perhaps, to build a JS library that you can put on the server to show people how to use this system and then once it's out there it could probably be integrated pretty easily
Manu Sporny: i'll try and send something out there to the mailing list to see if we can get some of the tech you described into the web payments work
Manu Sporny: i'll talk to the persona team as well
Manu Sporny: and their marketplace team
Manu Sporny: if you can respond to that once i get that message out there to keep the discussion going
Adam B. Levine: is there a reason not to use a browser extension here?
Adam B. Levine: what [Joe] has implemented here is a browser extension that allows a meta login via your bitcoin address
Adam B. Levine: why is a browser extension not good?
Manu Sporny: Joe's system is really good, that's not the issue, the browser extension is, you can't scale to 2 b/million people by making them install extensions
Manu Sporny: the only really successful extension like that is flash which as we know is being killed off
Manu Sporny: you don't know what browser extenisons are doing, there's a security issue, etc. but you also want the tech to be accessible to anyone... the # of people using the web vs. using extensions is much greater
Manu Sporny: we can't build the blockchain into the browser (having gb of data lying around)
Manu Sporny: until you get 1 billion people using bitcoin they aren't going to be interested in building that tech into the browser
Manu Sporny: the other idea is to push the identity in the block chain solution off to a third party that people trust to hold onto their bitcoin wallets but as soon as you do that you lose control over your identity
Manu Sporny: if the NSA/prism comes in and wants coinbase to digitally sign things on your behalf +gag order, it happens and you don't know about it
Manu Sporny: this is why the approach that anders is talking about is an interesting approach
Manu Sporny: so you get the best of both worlds while you get to
Dave Longley: I'm pretty sure that the approach that Anders is talking about allows the service to sign stuff as well. [scribe assist by Manu Sporny]
Dave Longley: What we're talking about w/ Anders system is the ability to integrate w/ existing keystores and sign code and have it run in other places. It doesn't remove the ability for the provisioner to use the keys for something else. [scribe assist by Manu Sporny]
Dave Longley: With Anders solution, you get access to keystores that are more native on the device. [scribe assist by Manu Sporny]
Anders Rundgren: yes, you've understood it completely
Anders Rundgren: you can combine more traditional models with web crypto API
Dave Longley: Not every browser extension operates the same way, so it costs a lot more to write the code vs. something that natively ran in the browser. [scribe assist by Manu Sporny]
Anders Rundgren: it's very complicated to do browser extensions
Adam B. Levine: i'm looking at this as, how do we solve this problem with crypto currencies
Adam B. Levine: doing the decentralized thing without trusted stake holders is difficult
Manu Sporny: the ideal case here is for everyone to be in control of your own finances
Manu Sporny: with bitcoin you can do that, but then you don't have some of the other commerce stuff
Manu Sporny: now the US has said bitcoin is a currency so there may be regulation coming
Manu Sporny: we've got people coming from the fiat side and people from the crypto currency (bitcoin) side
Dave Longley: What this comes down to is that when you use crypto currencies, you end up gaining advantages and losing some advantages. [scribe assist by Manu Sporny]
Dave Longley: You want to make sure that people can control their own finances between the two. [scribe assist by Manu Sporny]
Adam B. Levine: right, one size fits all doesn't work
Adam B. Levine: the payswarm approach makes a lot of sense.
Manu Sporny: ok, let's figure out more ways to collaborate in the future, we're all very aligned
Adam B. Levine: manu, your talk is going up on episode 32 of let's talk bitcoin - https://soundcloud.com/mindtomatter/ltbep032

Created by the Web Payments Community Group. Shared with love under a CC-BY license.