Web Payments Community Group Telecon

Minutes for 2013-10-09

  1. Web Payments Face-to-Face meetings
  2. Identity, Payments, and Persona
  3. Web Payments Technical Specifications Strategy
Action Items
  1. Create a Web Payments policy document that outlines the sort of technology that should be created by the Web Payments group.
Manu Sporny
Dave Longley
Dave Longley, Manu Sporny, Pindar Wong, David I. Lehn, Madhu Nott
Audio Log
Dave Longley is scribing.
Manu Sporny: I had a discussion with Lloyd from Mozilla Persona this morning about how we could leverage persona. We have now a way of achieving what we want through persona, he verified a number of things we needing him to verify, we can go over that discussion later on.

Topic: Web Payments Face-to-Face meetings

Manu Sporny: we have a number of Web Payments meetings happening around the world
Manu Sporny: Upcoming Web Payments Face-to-Face meetings will be in:
Manu Sporny: Bay Area (Palo Alto, Mountain View, San Francisco)
Manu Sporny: Bali (Internet Governance Forum)
Manu Sporny: Hong Kong (Multinational Banks and Tech Sector)
Manu Sporny: Shenzen (W3C Technical Plenary)
Manu Sporny: next week I'm traveling to the SF bay area, I'm doing a presentation at Google to the Chrome, Google Wallet, and requestautocomplete teams
Manu Sporny: that slide deck will likely change based on feedback from their payments team before i get there
Manu Sporny: i'm also doing a bay area node.js meetup
Manu Sporny: specifically, the talk i'm giving is on linked data, RDFa and JSON-LD
Manu Sporny: later on in the week we're going to be talking with some other companies that don't want to be named publicly yet, fairly large tech companies
Manu Sporny: after the bay area i'm flying out to Bali to meet pindar at the IGF
Manu Sporny: and try and represent the web payments work that's being done here
Pindar Wong: the objective is to raise awareness of the group and get others to participate where relevant, the taxation element is appearing a lot more in my conversations with bankers here in hong kong, it's more an outreach effort to make governments aware that this work is happening and one aspect that is to understand the future of mobile payments and where this group may fit in, and to understand how to tax how the various txns may occur there
Manu Sporny: we have thought about the taxation aspects ... it's built into the payswarm protocol, depending on the country, etc. the payswarm payment processor can handle the taxes based on where the sender is, receiver is, etc.
Pindar Wong: i think that's very attractive to hear and that's not an area that we typically harp on about but in this case it's a very nice feature set to mention
Manu Sporny: you think it would be helpful to mention that in bali?
Pindar Wong: absolutely
Pindar Wong: a lot of peopel have no idea how to deal with the taxation aspect
Manu Sporny: the mobile based stuff, a lot of people are saying there is no mobile web, it's just the web, the protocol works over mobile devices just like any other computer, which means the payswarm protocol taxation features work just the same over tablets, mobile devices, desktop, doesn't matter
Pindar Wong: exactly, great
Manu Sporny: next we'll be going to hong kong
Manu Sporny: pindar has set up multiple meetings with banks/tech sector companies over 2 weeks while i'm there
Manu Sporny: i should also point out that pindar has been incredibly generous with his time and resources to make sure we can go over to bali and hong kong to make this happen, it's greatly appreciated
Pindar Wong: sure it's my pleasure, i'm trying to move the ball forward, to add one aspect, the HK meetings ... i sent the approx. time for public meetings, there will be some private ones, managing expectations from the financial regulators is one of the strategic aims and goals, dealing with money laundering, etc. it's early stage, it's probably a multiple year commitment, it's good to start off on the right foot,
Manu Sporny: we've made a breakthrough with the KYC stuff with persona this morning i believe
Manu Sporny: yes, talking to regulators is incredibly important and they aren't represented in the web payments group and it's been difficult to get meetings with them, if you can organize meetings for that, pindar, it would be very very helpful
Manu Sporny: at the end of the HK visit i'm going to Shenzen to the W3C technical plenary
Manu Sporny: we'll be telling everyoen about the web payments work and the workshop in paris in 2014
Manu Sporny: the purpose of the workshop is to determine if the w3c should create a working group (made up of the w3c companies like bloomberg, mozilla, etc.) for web payments, ideally you get 4 large companies that want to back the working group
Manu Sporny: or 10 small companies
Manu Sporny: it's clear that payments is a very interesting area taht these companies care about, it's just not clear what the exact technical work that the working group would take up, payswarm, identity, etc.
Manu Sporny: this meeting will also be used to talk to all other groups that affect the web payments work
Manu Sporny: for example the Web Crypto group will be working on tech that affects what we do, it helps making web payments easier to do and more secure, we have people from the sysapps group working on NFC and that would allow us to do like pay with your mobile phone through a web browser to an NFC device at a checkout kiosk, pay for movie ticket, groceries, etc. or just transfer money by tapping phones together
Manu Sporny: so work at the technical plenary will be to join that group and make sure they have the web payments use cases in mind when they are creating these technologies
Manu Sporny: aside from that there are other publishing groups there and meeting various other people, GSM association there, giving everynoe an update, giving a presentation on what we've been able to accomplish this year on web payments is all on the agenda, after shenzen is coming back to the states
Manu Sporny: next is the web payments workshop which is in nov

Topic: Identity, Payments, and Persona

Manu Sporny: chatted with lloyd@mozilla, head of persona team
Manu Sporny: this morning, continuation of discussion from 2 weeks ago, core here has to do with creating an identity mechanism for the web that is also useful to banks, financial, and govt institutions
Manu Sporny: the idea is having an identity on the web that is capable of asserting that you are a citizen of a particular country, you are a certain age, live at a certain address, etc. all these things can be tacked onto this identity
Manu Sporny: the payswarm work has a rough spec for what this would look like, and what we didn't know until this morning was if we could integrate web payments identity with mozilla persona
Manu Sporny: for example, mozilla persona is meant to be email identity mechanism, simple, built into the browser
Manu Sporny: all it does is provide website you're logging into with a verified email address, website doesn't have to verify your email address anymore, you just click to log in with your email address on a website and the website now knows the email address is valid and have an identifier for you
Manu Sporny: the missing piece was the ability for the persona assertion, so when you have an identity provider like google, meritora, or payswarm and you can use an assertion that says this email address is real and belongs to the person holding this document
Manu Sporny: the missing piece is being able to specify the payment processor for that identity or who controls that persons address/govt issued information/who is the gatekeeper for that info
Manu Sporny: i talked with lloyd and we hammered out a rough plan for how to integrate with the web payments id mechanism
Manu Sporny: the payswarm authority would become a persona identity provider
Manu Sporny: dave@meritora.com or dave@paypal.com
Manu Sporny: so payswarm authority would give you an email address
Manu Sporny: when you log into a website you'd select that identity
Manu Sporny: when that assertion is sent to that website, it would not only contain your email address but also your web payments identity information
Manu Sporny: so, something like - paymentIdentity: "https://dev.payswarm.com/i/manu"
Manu Sporny: that URL would be injected into the assertion, and the website can then bootstrap the rest of the process
Manu Sporny: the website can hit that URL and retrieve the person's govt issue ID info, SSN, whatever that person permits
Manu Sporny: lloyd felt that it was the best way to extend persona, it doesn't require much work for them, they are happy with us being the canary in the mine proving that this can be done
David I. Lehn: what's the access control information for that?
Manu Sporny: we'd have access control stuff that mirrors how we do it for payments right now
Manu Sporny: so if a website wanted to get your shipping address they would make a request to the payswarm payment processor and then the processor would say access denied and say the user has to authorize you, then a pop up would show that the website wants certain information and the user has to say yes
Manu Sporny: and then that information is sent to the vendor's website
Manu Sporny: the vendor's request would just include what they want using a JSON-LD message
Manu Sporny: does that answer your question?
David I. Lehn: yeah, there are a lot of details there, but yeah
Manu Sporny: yeah, the Read-Write-Web group are working on this problem too
Manu Sporny: the persona people care a lot about this problem too but don't have spare cycles to work on it, he was very apologetic for not having more resources
Manu Sporny: there are multiple other groups that care about this problem and are working on it as well
Manu Sporny: so we'll have some help and coordination

Topic: Web Payments Technical Specifications Strategy

Manu Sporny: some people haev been pinging me off line saying it seems like the group has been fairly scattered in its discussion, talking about bitcoin, philosophy of payments, DRM and censorship, meanwhile we have mozpay and payswarm and discussions around the world with banks, financial institutions and tech companies, to anyone who just joined the group it seems like a wall of information
Manu Sporny: they are being hit with and it's raising the question, where is the group going to focus its time ...
Manu Sporny: is it going to be a lot of discussions where we pick something out of the soup or do we have a clear technical path
Manu Sporny: this is going to be an issue when we try to create the working group
Manu Sporny: the question that will be asked is "what is the technical output of this group going to be?"
Manu Sporny: we won't get a group until we have a clear answer for that
Manu Sporny: we could start this conversation off by talking about the things that are more or less done or could be standardized soon
Manu Sporny: so let me get some of the specs up here
Manu Sporny: in general, there are specs that are going through that would go through without the web payments group, RDFa is already a REC, it's done, and we use RDFa to express products for sale on the Web, that work started in 2004 and we were done in 2008 and a new version was published just this year 2012-2013: http://www.w3.org/TR/rdfa-core/
Manu Sporny: JSON-LD is the technology we use for the financial messaging: http://www.w3.org/TR/json-ld/
Manu Sporny: we have 6 implementations with 5 that pass all tests
Manu Sporny: other implementations are out there that are limited
Manu Sporny: we are trying to get the spec out this year but some process stuff is getting in the way
Manu Sporny: so for the payswarm and mozpay stuff we have prereqs out there
Manu Sporny: at the end of the mozpay discussions it was sounding like they wanted to use JSON-LD
Manu Sporny: it sounds like, for the future of the web, it looks like JSON-LD is the messaging format
Manu Sporny: it seems like JSON-LD is favored
Manu Sporny: those are things that will be done regardless of whether or not there's a web payments group
Manu Sporny: we have a number of specs that could be put into the web payments group
Manu Sporny: there's somethign called RDF dataset normalizatoin
Manu Sporny: it is used to make sure messages can be digitally signed and verified
Manu Sporny: we need dataset normalization in order to have any of the payments stuff work out, or we have to use the JOSE spec and it isn't ideally suited for financial/extensible tech
Manu Sporny: we could also include the http-keys spec, this allows us to do digitally signed messages, to do requests for transactions that are digitally signed in json-ld, we have a nice Web PKI that's a result of this messaging spec
Manu Sporny: it also does KYC on the Web which ties in nicely with persona
Manu Sporny: that's a pretty solid argument for the w3c for picking it up
Manu Sporny: there are at least 2 specs that the web payments group could kick off with that are more or less done, we wouldn't have to do much with them
Manu Sporny: those are foundational payment technologies, they are generic ... they could be used for anything, the argument that they should go into the web payments group is a discussion we'll need to have
Manu Sporny: that brings up to the meat of the issue
Manu Sporny: so what are we standardizing as the payment protocol here?
Manu Sporny: we have bitcoin, which is being standardized at the bitcoin foundation, they haven't been heavily involved in the web payments group but there has been discussions here
Manu Sporny: they dont' have spare bandwidth to go off and write bitcoin specifications, they mostly do code
Manu Sporny: the idea that we would end up working on bitcoin-specific technology is probably not going to happen in the web payments group
Manu Sporny: unless we get a lot more contributions from that community
Manu Sporny: the other group is Ripple, we've been having good offline communications with them, their protocol is open and on the web, their source code is open, the Ripple folks have been on these calls before and they have wanted to figure out a way to work with the web payments group
Manu Sporny: i don't think we'll have anything by 2014 to work on, but i am having meetings with them soon so that could change
Manu Sporny: the third thing that could be used on the web payments group is a generalized payment frame that is not spoofable or is whitelisted and this used to be part of mozpay and it's something that mozilla is interested in pursuing there is no spec for it, just ideas floating around for what it could be
Manu Sporny: the purpose of the frame was initially for web payments, but now they seem to be on shaky ground for what they'd want to standardize
Manu Sporny: that brings us to payswarm
Manu Sporny: there's several specs for payswarm we could work on
Manu Sporny: those specs are in a fairly rough state, but are certainly in a position to be picked up by a web payments working group
Manu Sporny: we have solid implementations for the specs so we know that they work from a technical standpoint that they work
Manu Sporny: so the question is what should we propose to the w3c for standardization
Manu Sporny: our organization, Digital Bazaar, is really pushing the payswarm stuff, mainly becauset here's nothing else that does what it does
Manu Sporny: we don't yet have Ripple saying they want a w3c spec or standard, same for bitcoin, we do have the people that that are working on the payswarm stuff
Manu Sporny: that stuff is improving and we are updating the specs and standards as we go
Manu Sporny: as far as i see it, the only potential pitch we have for the w3c is that we would like to standardize the identity and payments stuff that payswarm has outlined and the RDF dataset, http-keys specs
Manu Sporny: we would also like to standardize some kind of secure browser frame that mozilla is going to be working on over the next year
Manu Sporny: whether or not that will fly at a group level or not i have no idea
Manu Sporny: at this point we have 100 people in the group and it's pretty difficult to get a read on where the group wants to head
Dave Longley: I suspect that the group would be okay with the path, we could say that's the path we think we should take and see what they say. [scribe assist by Manu Sporny]
Pindar Wong: all the payswarm work you've done is very open and transparent and i'd agree with that
Pindar Wong: that's very clear and consistent with what i understand from the list
Pindar Wong: the intersection of policy and technology here is quite intricate, and i do think some of the discussions happening are quite important, it might be good to add some structure to separate between technology and policy in those discussions
Pindar Wong: some bifurcation might be necessary
Manu Sporny: one of the things we've tried to avoid in the past is to create separate mailing lists
Manu Sporny: these things, as you said, are intricately linked, it's hard to talk about tech without mentioning policy
Manu Sporny: philosophical discussions have a direct impact on the tech built
Manu Sporny: it's important to separate them where we can, but often we come back to core philosophical discussions and they tend to be painful and drag out for a long time, but it's improtant to understand the philosophy that's underpinning the decisions being made in this group
Pindar Wong: what i was suggesting then was a reference document or wiki that could state the status of the participants or their values/principles or architectural principles as a statement of policy because you are implementing policy through the code that is written, i guess get something more document driven is what i'm edging for
Manu Sporny: i agree, there are fundamental things here like tech created by the web payments group must be usable by people in emerging nations, industrialized countries, people on mobile devices, without leaving anyone out
Manu Sporny: tech should be accessible to all, take into account people with disabilities, people who don't have access to infrastructure like banks, outlining those things in a document would be very useful
Manu Sporny: they get lost in the mailing list
Manu Sporny: we need to have a document that ends up formalizing that kind of stuff
Manu Sporny: if we can direct that energy to a document i'm very supportive of that, the mailing list being the history of how that derived is very important
Manu Sporny: anything else on the direction/proposing it to the group?
Pindar Wong: i think this is a very productive conversation to have this time of year, there needs to be technical discussions to get work done and progress made
Manu Sporny: it's not that w3c will be inflexible about this, it's just about the fact that when a group gets chartered, it needs to have a clear list of things ... if you had things you have to go through a 6 month process to get rechartered
Manu Sporny: if we say we're going to do RDF dataset normalization, http-keys, and payswarm
and the frame window
Manu Sporny: and it will take 4 years to finish, but if mozilla wants to change something or add to it, in order to get it to standardization we have to recharter the group and go back to the w3c companies and get approval
Manu Sporny: it ends up taking months to do
Manu Sporny: so the only reason i'm saying that we have to propose something at the workshop is that we have to make sure we have something for the initial charter
Pindar Wong: absolutely makes sense
Pindar Wong: so the conversation on this list is really important leading up to 2014
Pindar Wong: so everyone is in the best possible position for next year
Pindar Wong: if the policy document could be done by early next year would be great and would see if this group will be coherent, etc.
Manu Sporny: maybe we should just kick start that policy document this week or next
Pindar Wong: it would be lovely to be able to farm off this discussion into an area where policy level inputs, regulators, etc could all be participating
Pindar Wong: let's raise this at the IGF and see what comes forward, try to get that domain expertise participating at the right time at the right level
Pindar Wong: it would be good to mention at the IGF we're at the process of doing this, making it document driven would be very useful
Manu Sporny: ok that gives us something very concrete to work on
ACTION: Create a Web Payments policy document that outlines the sort of technology that should be created by the Web Payments group.
Dave Longley: If we're going to have a policy document, we may want to have a document to say which technologies are intended to implement it. [scribe assist by Manu Sporny]
Pindar Wong: Absolutely agree with that. [scribe assist by Manu Sporny]
Manu Sporny: we could probably drive it off of the payswarm use cases
Manu Sporny: those use cases are kind of a pseudo policy document
Madhu Nott: bye

Created by the Web Payments Community Group. Shared with love under a CC-BY license.