Web Payments Community Group Telecon

Minutes for 2014-01-29

Agenda
http://lists.w3.org/Archives/Public/public-webpayments/2014Jan/0181.html
Topics
  1. Introduction to Jeff Cliff
  2. ISSUE-20: eBay/PayPal concerns
  3. Communication with SWIFT and IETF
  4. Web Payments Charter/Work Items Voting Status
  5. Web Commerce API
Chair
Manu Sporny
Scribe
Dave Longley
Present
Dave Longley, Manu Sporny, David I. Lehn, Jeff Cliff, Brent Shambaugh
Audio Log
Dave Longley is scribing.
Manu Sporny: Any changes to the Agenda?
David I. Lehn: Nope.

Topic: Introduction to Jeff Cliff

Jeff Cliff: I'm a fairly active member in the ripple community. I've been following the work that's been done here for quite some time. I'm not affiliated with any organization here. I'm a voice of the Ripple community in some ways. I'm a developer, I haven't contributed any code to this project yet, and I'm still trying to figure out a way to do that
Manu Sporny: Welcome, we're really happy to have you here! Hopefully we can figure out a way to get some contributions from you or just get your input on the work we're doing here.
Manu Sporny: Are you coming to the web payments workshop, it's in Paris?
Jeff Cliff: I'm trying to figure a way to get there, I'll work on that.
Manu Sporny: Let us know if you have any questions as we go through all this stuff, feel free to follow up on the mailing list as well.

Topic: ISSUE-20: eBay/PayPal concerns

Manu Sporny: Paypal wrote in with a number of concerns about the website. T they were concerned that people would get the wrong impression that the output of the web payments CG would become standards immediately, they wanted us to be a bit more clear about what the group was working on, this is what kicked off the entire discussion about the charter and scope of work/work items
Manu Sporny: We talked with w3c management and we've gone to a pretty great effort to ensure that w3c management and paypal/ebay and some other larger companies were ok with the text
Manu Sporny: If you look at issue 20, the first 4 have been marked off
Manu Sporny: We've made it clear that no community group is endorsed by w3c but also made it clear that we are working on tech here that we hope to get into the w3c standards-track process. I've mentioned that we've done this before, gone through this mechanism and gotten things published.
Manu Sporny: Also made a clear statement that while the work is not on the w3c rec track, we do plan on trying to get it adopted through a web payments working group
Manu Sporny: We plan to push hard to get the specs that are mature enough from the CG into the WG
Manu Sporny: We've Made these changes to the site over two weeks ago - https://web-payments.org/
Manu Sporny: The other part was specifying who the community is. Paypal was concerned that people would get the impression that the CG consists of W3C member companies, but even though it does, since it doesn't have W3C WG blessing yet, we've clarified the group info on the site
Manu Sporny: I think the statement is accurate enough to indicate who the group consists of
Manu Sporny: They wanted us to remove the language that says the world's financial system is ailing or has problems with it, the larger financial players don't want that language there, we just say that the web is going to play a key role in improving the world's financial infrastructure and a more equitable future of all of us, etc.
Manu Sporny: We Were also asked to specify who the dependencies/liasons are: http://www.w3.org/community/webpayments/wiki/WebPaymentsCommunityGroupCharterProposal#Dependencies_or_Liaisons
Manu Sporny: We touch on a wide variety of issues in the dependencies/liaisons list
Manu Sporny: We have a large number of people to keep in touch with and up-to-date on with respect to what we're working on
Manu Sporny: We can't create a page for the charter on the website until we're done with the vote on the charter, the vote ends this friday
Manu Sporny: I believe those were all of Paypal's concerns that we could address, a lot of them were non-issues because paypal/ebay didn't seem to understand how CGs were run, talking with w3c management i believe we have hopefully clarified that all of the issues.
Manu Sporny: Anyone think there are any concerns or other issues that haven't been addressed?
Manu Sporny: If there's nothing else, we'll go ahead and move on
Manu Sporny: I imagine that this issue will be closed once we close the vote and update the site w/ the charter and list of liasons.

Topic: Communication with SWIFT and IETF

Manu Sporny: SWIFT reached out to us and said that they don't want to be listed in the liaison group on the CG list, there have been a number in their membership that are concerned with SWIFT's interaction with this group. They wanted to make clear that they are very interested in what we're doing. They are on the program committee and coming to the workshop, they just want to make sure that any announcement of SWIFT's involvement with this Community Group is held off until after the workshop once they've figured out what part they will play in this space.
Manu Sporny: I've removed them from the list, it doesn't require us to recharter, etc.
Manu Sporny: I also spoke with Hannes Tschofenig from the IETF's Advisory Board about Web Payments yesterday.
Manu Sporny: We're going to try and present the web payments work at the next IETF plenary which is in march in london, i'm trying to find money to fly me out there to do a presentation on our work here.
Manu Sporny: They said it's a topic the plenary is very interested in there would be between 800-100 highly technical folks in the audience there.
Manu Sporny: Hannes is very involved in OAuth as well.
Manu Sporny: We built the web payments stuff on top of oauth in the beginning and moved away from it
Manu Sporny: Hannes wants to know more about why we made that decision and wants to see if the newer stuff in oauth can help
Manu Sporny: So we're in close contact with these IETF groups: OAuth, JOSE, HTTP2
Manu Sporny: The whole purpose is to get more communication happening here between w3c and IETF when it comes to payments, so this is a good thing, it's not a done deal yet, we have to figure out funding but hopefully it will work out
Manu Sporny: Any questions about that?

Topic: Web Payments Charter/Work Items Voting Status

Manu Sporny: The votes on the proposed charter and scope of work are going well, we have a good turnout. We would still like more people to vote before Friday.
Manu Sporny: We expect the charter to go through, it is overwhelmingly supported
Manu Sporny: With the work items, some people who weren't technical in nature abstained, most votes were from people who are at least fairly technical in nature
Manu Sporny: The only specs that have gotten votes against them have been the web payments design principles (which is a little confusing), the web commerce specification, and the web payments crowdfunding specification and http signatures and nonces, each having just one vote against them. Vast majority is for the specs, with about 25% abstention rate.
Manu Sporny: Any questions on the charter voting status stuff?
Brent Shambaugh: I've been working on my own stuff for a while, just got looped back in for the vote, for whatever that's worth.
Manu Sporny: That's fine, the vote's more about whether or not you'd like the work to happen, not necessarily that you've been deeply involved in the work.

Topic: Web Commerce API

Manu Sporny: This is a revival of the mozpay API, which was something created for the firefox marketplace, it's a place where you can list items for sale and using a firefox phone you can do a single click purchase
Manu Sporny: Mozilla has somewhat abandoned that approach, they were counting on a trusted chrome UI to protect the transaction, but they've found that that approach has been too difficult to implement, they are concerned about it being easy to fake that UI, there is a bit of that spec that could be used for doing web payments, specifically the thing that we are missing in the group right now, is the ability to provide a unified mechanism on the web where someone can click on the buy button on the web, regardless of who their payment provider is, paypal, payswarm, bitcoin, google, amazon, whatever, they should be able to use the same UI flow to make a purchase
Manu Sporny: This spec is about sending a purchase request to a payment processor and having that payment processor respond with a standardized digital receipt that indicates whether or not the payment went through
Manu Sporny: After talking with Kumar from Mozilla about this last week, he said it shouldn't be an issue to just build on top of what they had.
Manu Sporny: And we're also looking at making this simpler on the browser manufacturers - we want to make this implementable as a polyfill
Manu Sporny: This is similar to how JSON got going (JSON.parse() / JSON.stringify()), and mozilla persona, etc.
Manu Sporny: If it becomes widely used, then the API can be built into the browser
Manu Sporny: The API in the browser would then take over what the polyfill was doing
Manu Sporny: It's just a neat technical trick to say something will be a browser ability without having to get buy in at the very beginning, if it never catches on, browsers don't have the nasty legacy to live with. If it does catch on, browsers can implement a more secure version of it (using 2-factor auth, for example).
Manu Sporny: So when people go to a website and click on "pay with X" button, it will execute the same code across each one of those systems, it will be the same across any of the payment providers available, and the digital receipt will be the same as well
Manu Sporny: The big question is whether or not paypal/google/amazon will go for this
Manu Sporny: It does allow us to do the simplest possible thing, we're just standardizing the purchase request and digital receipt
Manu Sporny: Whether or not the vendor will trust these receipts is another thing
Manu Sporny: The digital receipt will be signed by say, paypal, and the vendor can decide if they trust them and grant access
Manu Sporny: If someone else, some completely unknown payment processor on the web gives a digital receipt to the vendor, the vendor might not know them and may not trust them and they'd not honor that digital receipt because the person on the other end could be trying to spoof the purchase
Manu Sporny: I'm pointing that out because there are issues with this implementation because it gives an undue advantage to very large organizations that are already payment processors
Manu Sporny: Payment processors to be are going to have a difficult time with this unless we make it possible to register new payment processors and decentralized payment processor trust mechanisms.
Manu Sporny: That's an overview of what this spec is supposed to do (buy button/API, standard purchase request, which is transmitted to buyer's payment processor, digital receipt is returned to the vendor through the browser, etc.)
Manu Sporny: This should work with paypal, payswarm, google wallet, bitcoin, etc. buy flows
Manu Sporny: Any comments or questions on this spec?
Manu Sporny: This is not a part of our scope of work right now, so we'd have to figure out if it's part of our scope of work, we'd have to do another vote to add it in as a work item
Manu Sporny: When it comes to creating a WG at w3c this is probably one of the specs that will get the bigger companies interested, this could get googles, paypals, large banks of the world interested, allows them to slowly move towards a standardized buy flow on the web while keeping their proprietary backend payment system.

Created by the Web Payments Community Group. Shared with love under a CC-BY license. Thanks to our contributors.