Web Payments Community Group Telecon

Minutes for 2014-07-15

Dave Longley is scribing.
Manu describes the agenda, no changes.
Manu Sporny: Any updates or changes to the agenda?

Topic: Web Payments IG Charter (3rd revision)

Manu Sporny: The charter has gone through 3 iterations, it's a very broad charter, it covers everything from creating a web payments roadmap to terminology, to wallet APIs to initiating payments, digital receipts, identity and authentication, that doesn't mean that the web payments work will include all of those things, it means that all of those things are in scope for discussion for figuring out what the official group will do
Manu Sporny: The desire is to focus fairly narrowly, we don't want it to be a gigantic endeavor, we want to make progress on some focused specs, good bang for our buck instead of boiling the oceans (and various other idioms)
Manu Sporny: I imagine some of the discussion in the first few months will be boiling down the set of use cases we want to address
Manu Sporny: Speaking of use cases we've refined the ones from the web payments work shop, we've made a basic common format, removed duplicates, pushed things off to 2nd/3rd iteration of the tech to help narrow the scope down
Manu Sporny: The link in IRC is to the clean use cases, these are only from the web payments workshop, we haven't integrated the payswarm use cases or any of the other common, deployed use cases, such as paying for something via google wallet, paypal, with your mobile phone or CC as you do today
Manu Sporny: We will work those in there
Manu Sporny: We want to use this as input to the web payments IG
Manu Sporny: Any questions about the IG charter?
Manu Sporny: Tim, have you reviewed the charter?
Timothy Ng: Yes, i have read through the charter and the use case documents as well, i'm still feeling out and will ask questions after
Manu Sporny: The main thing we're blocked on now is getting firm commitments from companies to officially join the work, we have 40 responses from 40 different orgs saying they want to be involved in the work, we have 14 firm commitments from orgs that have named engineers to include in the work, now we have to do a second pass and make sure that the orgs that are already w3c members have committed engineering resources and those that are not w3c members are either on a path to becoming so to participate or we have some kind of invited experts mechanism drawn up for them
Manu Sporny: Any other questions?
Manu Sporny: Lehn, thoughts on reading through?
David I. Lehn: I've read through partly i'm going to do a more thorough read through
Manu Sporny: Mailing list for comments are here: http://lists.w3.org/Archives/Public/public-webpaymentsigcharter/
Manu Sporny: Requested changes to the charter are here: https://www.w3.org/community/webpaymentsigcharter/wiki/Main_Page
Manu Sporny: We're in good shape for the steering group to start its work, we're in fairly good shape in terms of recruiting orgs to participate in the work

Topic: Updates from Payments and Identity Meetings

Manu Sporny: There has been pushback on the identity aspect of the web payments work, adrian, anders to a degree, and a few other folks on the mailing list have questioned whether identity should be part of the web payments initiative or if it should be split into another initiative and those multiple working groups would try and talk to one another as they progressed
Manu Sporny: I was just at MIT last week talking with W3C and their feeling is that they'd rather see the work be decoupled. We'd have a web payments initiative and an identity initiative, the downside is rounding up the same number of companies for the identity group, we have 180 companies involved, only 40 want to participate, 14 have committed resources. We're looking at a similar sort of initiative for the identity stuff. There is tons of overlap.
Manu Sporny: The good news is that we've been doing the leg work on that for a while now, now we have ETS, US Fed, we were just in washington DC last week talking about the US Dept of Education about this, they are very interested in solving the "identity problem" on the web
Manu Sporny: They want to assign IDs to students and let them collect credentials, university degrees, nursing licenses, etc. credentials stuff like that
Manu Sporny: So the strategy question is, how do we run a payments initiative and an identity initiative and make sure they don't collapse under their own weight, it's hard to manage it all, we do have a very strong interest from the US Fed, the US Dept of Education, and the World Bank to solve both the identity and web payments problems
Manu Sporny: They overlap enough that orgs are feeling the pain and desire to solve those issues
Dave Longley: It might be a good idea to put out a vote from the CG on this. My concern is that a certain number of people would be voting for that w/o understanding that they'd be expected to get these companies involved. [scribe assist by Manu Sporny]
Dave Longley: It would be difficult to manage both of these groups at the same time. It's a lot of work to do that. It would be simpler to have just one group, but technically, it may be good to separate the work. [scribe assist by Manu Sporny]
Dave Longley: Both problems are solveable if they're in the same group. I don't disagree that they shouldn't be technically separated. You do need pieces of identity to do web payments, at a minimum, you need an identifier that you can tie other information to. [scribe assist by Manu Sporny]
Dave Longley: If we separate the work entirely, it may be difficult to finish the work. [scribe assist by Manu Sporny]
Dave Longley: If we don't plan ahead, it'll be more difficult to solve more complex problems in the future. [scribe assist by Manu Sporny]
Dave Longley: We don't want to end up w/ a patchwork - so implementers may have to implement things in a piece meal fashion. [scribe assist by Manu Sporny]
Dave Longley: It makes sense to separate the technologies, but it's a lot of work to do it that way. [scribe assist by Manu Sporny]
Dave Longley: Technologies should be decoupled, there needs to be an association that needs to be maintained. [scribe assist by Manu Sporny]
Manu Sporny: The biggest worry we have at this point is that the payments problem could be solved not including identity at all, by say using a protocol handler, you register with your payment provider and when you go to pay for something you get taken to your payment processor and you pay for somethig, but the problem is that you completely bypass the more complex purchase use cases, like transmitting shipping address information or your proof of age or whatever
Manu Sporny: There are these other use cases that some in the web payments community see as corner cases that aren't actually corner cases if you want to be able to use this payments system for both low and high value transactions
Manu Sporny: Some in the group don't see transactions for $10k to be worth addressing, but if we want [missed] we have to support that, and for that to happen we need very strong KYC to be associated with the transaction, we need verification
Dave Longley: There is an additional problem - people will start to say - in 80% of the transactions, shipping info would be needed. [scribe assist by Manu Sporny]
Dave Longley: In that case, we could throw shipping information into the receipt, for instance... so you design to solve some small percentage of use cases, so if you want to standardize transmitting other sorts of credentials in a different way. [scribe assist by Manu Sporny]
Dave Longley: So we end up with a patchwork of information - if the problem were solved more elegantly, all information associated w/ your identity could be transmitted in the same way. [scribe assist by Manu Sporny]
Dave Longley: So, there is a danger in solving the use cases in a way that fractures the solution. [scribe assist by Manu Sporny]
Dave Longley: If we can solve the problem in a forward-thinking way that doesn't require a lot of effort, that's fine, but we need to think ahead. [scribe assist by Manu Sporny]
Dave Longley: If we're putting all that extra design work for the future, maybe we should be doing this anyway. Many ways to mess this up for people in the future. [scribe assist by Manu Sporny]
Dave Longley: I'm concerned about the "let's just solve the simples problems" arguments because they could design us into a corner. [scribe assist by Manu Sporny]
Manu Sporny: So these are the discussions we're having with a number of identity folks, we're trying to balance things so that this group that would talk about identity would be composed of people from the payments industry, from identity protection [missed], background checks, people from the education space, we're trying to get a broad swath of people together, it's a double-edged sword ... it could be that we complicate the problem so much that it's unsolvable, which has happened in the past, so we have to be very careful with what we choose to solve, it has to be narrowly scoped, but it has to address a number of the web payments use cases so we don't paint ourselves into the corner
Manu Sporny: Have you participated in the open ID connect work?
Timothy Ng: No, i have not looked at the papers
Timothy Ng: It's the same kind of problem we're looking in right now, the relationship between identity and payments, so there are a lot of things to think through for these two areas
Manu Sporny: I think what we're trying to do ... the focus of the payments and education space is the transmission of some kind of proof of information about yousrelf that's been validated by a third party, digital ID card, drivers license, proof of email address, proof of age, we've been able to narrow the scope down to just that, so that's the breadth of the scope that we want to do, we don't want to make this into solving all identity for everyone over the web, because it means something different to everyone and is impossible, you have site A that wants to transmit digitally verifiable info about you to site B
Manu Sporny: The question is how do you do that
Manu Sporny: We have our contacts google [missed] OpenID Connect to get involved
Manu Sporny: The other piece of information was that we participated in Mozilla's badge alliance [missed], they are interested in assigning IDs/badges to students for course work, if they've taken SAT prep course, calc, etc, they want to assign badges to them, the outcome of that was that Mozilla was very interested in that as well, so that's another org to bring in, as far as the ID work is concerned we have 40-50 orgs interested, the next 6 months will be capacity building, try and figure out how many can get into the same room and how many will commit engineers to working on the identity problem as well
Manu Sporny: Anything else related to payments and identity and the meetings we've been having? If not, we'll move on.

Topic: Plan for Documenting Use Cases

Manu Sporny: Typically we come up with a user story around each use case, there aren't a crushing amount of use cases, but there are about 35-40 use cases
Manu Sporny: We still need to rank them and say which is more important than others, we need to get the community involved in writing up a paragraph description of each case and the requirements, etc
Manu Sporny: The other alternative is to wait and leave them simple until we take them to the IG and that group can rank them and the ones that are the first 5-10 end up being put into a use cases doc
Manu Sporny: The one liner is in there, 1-2 paragraph description and requirements are put in there
Manu Sporny: It is a very herculean task to have a single person write out all the descriptions for the use cases
Manu Sporny: Hopefully someone from the web payments community can volunteer to help
Manu Sporny: Any other ideas on getting them documented?
Timothy Ng: Do you mean to take the use cases as they exist and put more meat on them?
Manu Sporny: Yes
Timothy Ng: Do you have an example with an appropriate level of detail?
Manu Sporny: So there's a simple 1 paragraph description of what someone is trying to do, and then the requirements for that
Timothy Ng: So turn those use cases into a set of requirements and some scenarios, and kind of flesh it out a little bit
Timothy Ng: I can definitely help with that
Timothy Ng: I can take a look at the ones on the wiki
Manu Sporny: I imagine we will just do most of the work on the wiki, or make a new page and put a template at the top and let people just work on it from there, if you see one that calls out to you, copy the template and just fill one out
Manu Sporny: Maybe we could just call out specific community members and ask them to do 3 use cases or something
Manu Sporny: Each of us will do 3 or so and ask others to do 3 each and then we only need about 10 people
Manu Sporny: Then we can put some meat on all these use cases
Manu Sporny: The other thing that we need to do before that is that everyone agrees on the text of the use cases, as there is no need to fill them out if people disagree
Manu Sporny: I sent them out for people to vote
Manu Sporny: So the plan for documenting the use cases is to send the votes out to +1/-1, then get consensus on a use case being accepted we'll ask someone specifically to write out the use case text for that
Manu Sporny: Anything else regarding this topic?
No other comments.

Topic: 6-Month Plan for Specification Work

Manu Sporny: This is a bit premature, we have a set of specs that we are releasing patent and royalty free as a starting point for all these techs, many of the use cases we have are already covered and the CG has signed off as them being in scope, but that doesn't mean W3C member orgs have signed off
Manu Sporny: Because we haven't had a chance to discuss them with any amount of length yet
Manu Sporny: That said, we have a good track record of proposing specs and then getting them out to REC
Manu Sporny: For example, RDFa, JSON-LD, JSON-LD API, HTML5+RDFa
Manu Sporny: There are some specs that are fairly time critical, for example, we have JSON-LD normalization and canonicalization (RDF Dataset Normalization)
Manu Sporny: We have 4-5 implementations that are interoperable for that
Manu Sporny: The issue is that the spec is so small that it doesn't need its own WG, it just needs to go into a WG to adopt the work, we're trying to find a home for it
Manu Sporny: It's kind of the basis for a lot of the digital signature stuff we're doing so we need a normative spec for that
Manu Sporny: If all else fails it will go into web payments or identity WGs and we don't want to wait that long to get that one done
Manu Sporny: The other one is the IC spec, we can't really do anything with that spec without an official WG and there will probably be one created for it, in the interim there's a concern that the IC spec is a competitor to OpenID Connect when that isn't the case necessarily, it's about transmitting credentials digitally signed by a 3rd party, we need enough demos and examples demonstrating the use of the IC spec and how to integrate with OpenID Connect and OpenID connect providers
Manu Sporny: We don't want to mislead that there's competitive stuff there when there isn't
Manu Sporny: The other time-critical thing is the http-signatures spec which is a 4-5 page spec is simple, mark nottingham in charge of http/2 likes the state it's in as does [missed], we have the green light to push it through a more formal process at IETF, problem is we've all been too busy to make updates, it's been a month and a half since the last revision, we really need to get it done and out there or finalize it so that implementors can implement to the latest spec
Manu Sporny: And we really need to do something about JSON-LD and graph normalization stuff
Manu Sporny: Everything else, from what i remember are things that can be done in the web payments or identity WG
Manu Sporny: Any other time critical specs?
Dave Longley: Maybe the Secure Messaging spec
Manu Sporny: Yeah, that's important, we have multiple implementations but we haven't updated
Manu Sporny: The spec in a while to match, it's very low level
Manu Sporny: Both identity and payments specs build on top of it
Manu Sporny: So, most important to least important over next 6 months: Use Cases, HTTP Signatures, RDF Graph Normalization, Secure Messaging
Manu Sporny: Everything else is secondary, we can wait 6 months for the other specs
Dave Longley: Secure Messaging depends on RDF Graph Normalization... so yeah, I agree with that ordering. [scribe assist by Manu Sporny]
David I. Lehn: Sounds good. can always adjust as needed.
Manu Sporny: The http-signatures spec will be about a week of work i think
Dave Longley: Yeah, RDF Graph Normalization will take a lot of spec work (writing to align w/ implementations) [scribe assist by Manu Sporny]
Manu Sporny: The downside is no one is paying for that work
Manu Sporny: No orgs have stepped up to help finish off those specs
Manu Sporny: Secure Messaging hasn't changed that much
Manu Sporny: It's wrong right now because it doesn't match the implementations but it's not a very complicated spec
Manu Sporny: Tim, do you know if Microsoft is going to be submitting anything?
Timothy Ng: We started talking about it, we are discussing it, no firm plans yet, i will let you know
Manu Sporny: I think that's it for the call this week, we'll try to get the web payments CG into use case mode, discussing, documenting, focusing on that stuff
Manu Sporny: Trying to prep those docs as much as possible for the Web Payments Steering Group

Created by the Web Payments Community Group. Shared with love under a CC-BY license. Thanks to our contributors.