15:39:57 RRSAgent has joined #wpay 15:39:57 logging to http://www.w3.org/2014/10/27-wpay-irc 15:40:18 Meeting: web payments Face-to-face meeting - day 1 15:40:28 rrsagent, make log public 15:40:43 Agenda: https://www.w3.org/Payments/IG/wiki/Draft_F2F_Agenda_-_TPAC_2014_-_27/28_October_2014 15:45:43 starting 15:45:52 Steph: welcome 15:45:57 david: intro 15:47:02 Participants: stephaneB, David Ezell, Erik Anderson, Glen wiley, Virginie Galindo, Evert Fekkes, Joerg Heuer, Dave Raggett, Jean-Yves Rossi, Pat Adler, Dave McDermitt 15:47:29 manu has joined #wpay 15:47:37 Present+Manu Sporny 15:48:21 screbenick: steph 15:48:26 scribenick: steph 15:48:45 David: describing the vision 15:49:25 mountie has joined #wpay 15:49:47 Topc: admnistrivia 15:49:51 Topic: admnistrivia 15:51:11 David: 3 mailing-lists: public-webpayments-ig: public for the group 15:51:25 David: 3 mailing-lists: public-webpayments-comments: public for all, everyone can comment 15:51:49 David: member-webpayments-ig: adminstrivia list member only 15:52:44 dsr has joined #wpay 15:53:05 padler has joined #wpay 15:53:15 toml has joined #wpay 15:53:23 ErikAnderson has joined #wpay 15:53:26 gludi has joined #wpay 15:53:32 q+ 15:53:37 q- 15:54:24 burn has joined #wpay 15:54:46 david: we use IRC on #wpay 15:54:56 bgidon has joined #wpay 15:54:59 you can use http://irc.w3.org or a native client 15:55:37 david: chairs are just here to drive the discussions, but the content is up ot the group members 15:56:13 Present+Virginie Galindo 15:56:38 Present+Dave Raggett 15:57:04 David: going over the agenda 15:57:11 david: sysaps and nfc. 15:57:28 sysapps very important about how to access device capabilities 15:58:01 Present+Claudia Swanseid 15:58:09 virginie has joined #wpay 15:58:23 Present+Joerg Heuer 15:59:05 mcdermittd has joined #wpay 16:00:47 Manu: general idea: we see how the first day goes, and then we change in case it needs? 16:01:15 Joerg: I have a demo for after 6 in case you are interested 16:01:29 David: let's see nw if we need to change 16:01:37 Topic: Introduction 16:02:50 Present+Glen wiley 16:03:19 glen: from verisign, not used to W3C, but with ietf. interested in crypto currency+online identity 16:03:29 let's see overlap with ietf 16:03:37 Present+Pat Adler 16:03:50 pat: fed from chicago. working on payments+identity 16:04:07 interested in interaction with the Web, interoperability is key 16:04:15 Present+Dave McDermitt 16:04:26 dave: from the fed in atlanta. 16:04:42 worked with PCI 16:04:45 interested in the whole area 16:05:04 Virginie: from gemalto 16:05:20 following the web payments activity since the beginning 16:05:25 key for us 16:05:30 interested in the wallet 16:05:46 Present+DanSyung 16:06:18 DanSyung: from verizon 16:06:24 Present+Bernard Gidon 16:06:31 Bernard: W3C staff in busdev 16:06:49 s/Syng/Sun/g 16:06:59 Present+Mountie Lee 16:07:03 dan has joined #wpay 16:07:21 wseltzer has joined #wpay 16:07:25 erfekkes_ has joined #wpay 16:07:27 Mountie: working in korea and south-east asia providing payment 16:07:37 Present+ Manu Sporny 16:07:55 manu: representing few org.: chair of web payments cg, credential cg (identity ) 16:08:00 wseltzer has changed the topic to: TPAC Agenda 27-28 Oct: http://lists.w3.org/Archives/Public/public-webpayments-ig/2014Oct/0000.html 16:08:17 working also for the open paymnet foundation 16:08:24 s/paymnet/payment/ 16:08:42 Manu: in W3C for quite long time, working on json-ld 16:08:50 excited by the diversity of pple in the rool 16:08:55 s/rool/room/ 16:09:20 Manu: hope we will also cover the unbanked and the underbanked 16:09:28 Present+Jean-Yve Rossi 16:09:52 Jean-Yves: working for a consultancy i founded focus on business compliance 16:10:10 formerly with bank on hte regulatory side 16:10:20 Present+Evert Fekkes 16:10:42 Evert: from rabobank, first bank at W3C 16:10:51 evert: actively developing wallet and nfc payment for the retail sector 16:11:19 interested to see how national standard can fit with internation web standards 16:11:39 Present+Thomas Lammer 16:11:48 thoams: from WB, part fo the WB payment team 16:12:03 jeff has joined #wpay 16:12:07 doing lots of support on banking sector in client countries 16:12:20 also interested in interoperability, access to payment 16:12:28 inclusion is essential for us 16:12:42 I'm new to W3C, first time joining W3C 16:12:51 working with Harish who was in march in paris 16:13:09 Joerg: deutsch telekom, new to W3C since march 16:13:37 involved with AAA authorization, Authentication,etc 16:13:41 interested in identity and also wallet 16:13:53 Dave: w3c staff 16:13:59 with the web since its creation 16:14:12 have been invomlved in launching this work 16:14:26 interested in value-added services around payments 16:14:42 payments for WoT too (paymetns for services 16:14:52 Present+Dan Burnett 16:15:09 Dan: W3C since 99, working on vxml and related spec 16:15:17 representing aspect 16:15:25 working on web rtc 16:15:37 creator of voicexml 16:15:42 Present+Angel li 16:15:47 Angel: w3C staff in china 16:16:18 Present+ Francis 16:16:42 Francis: coming from china, created internet wallet. 16:16:42 we want ot bring our ideas to W3C 16:16:42 Joe_H has joined #wpay 16:16:52 Present+Jeff Jaffe 16:17:01 jeff: ceo of W3C 16:17:23 jeff: embarassed that we haven't taken up on web payments, vrey glad this group starting. extremly important to W3C mission 16:17:37 PResent+Erik Korb 16:17:52 Erik: part of accreditrust specialized in web credentials, identity 16:18:01 useful for all sectors 16:18:31 ???: from GSMA interested in wallet and web payment 16:18:45 Istvan Lajtos from GSMA 16:18:45 interested to see what value we can bring to the group 16:18:56 s/???/Istvan/ 16:19:15 glenwiley has joined #wpay 16:19:15 Present+ Istvan Lajtos 16:20:02 Present+Bill 16:20:12 Bill: from educational testing service 16:20:27 interested in credentials & identity 16:20:39 been with W3C at the early day 16:20:56 Dan Druta 16:21:11 PResent+dan Druta 16:21:24 present+Brian Sletten 16:21:36 brian: open payment foundation, developer first W3C meeting 16:21:45 API deszign for retailer 16:21:55 PResent+Mary 16:22:05 rrsagent, make minutes 16:22:05 I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html steph 16:23:09 Present+Bill Smith 16:23:19 Bill: paypal/ebay 16:23:44 karen_od has joined #wpay 16:24:01 Telenor 16:24:12 Present+Lars Erik Bolstad 16:24:17 Lars erik: opera 16:24:37 mcdermittd has joined #wpay 16:24:44 Present+Karen 16:24:53 Karen: from ISOC, interested 16:24:58 PResent+Dieter 16:25:03 Dieter: deutzch ban 16:25:12 s/ban/telekom 16:25:39 Present+Al Villarica 16:26:03 scribenick: manu 16:26:08 Topic: Charter review 16:26:32 dezell: We're going to review the charter now, let's see how this charter can help us w/ our mission. 16:26:44 Link to charter? 16:26:53 Present+Marie-Claire Forgues 16:26:58 erik: Has everyone had a chance to review the charter yet? 16:27:10 http://www.w3.org/2014/04/payments/webpayments_charter.html 16:27:13 Some nods, some sheepish downward glances. 16:27:26 charter uri: http://www.w3.org/2014/04/payments/webpayments_charter.html 16:27:50 erik: We're trying to build a platform that will be applicable to those on the Web. We want to support past payment mechanisms (ACH, Credit Card, etc.) 16:28:04 erik: We also want to support future payment mechanisms (cryptocurrencies, etc.) 16:28:24 Daniel: What do you mean by "legal" payment mechanisms? 16:28:45 Daniel: Was that meant to exclude any payment mechanism in particular? 16:29:03 erik: What's legal in US, doesn't mean it's legal elsewhere or vice versa. 16:29:40 erik: We aren't going to say what's legal not legal, we want the system to support things that are legal somewhere 16:29:56 Joerg: We want to support gray areas. 16:30:04 unknown: What about fiat vs. non-fiat? 16:30:13 s/unknown/thomas/ 16:30:32 Harold: We need to understand what's legal/not legal... 16:31:09 dezell: We were just trying to say "we don't want to support illegal activity". 16:31:41 q? 16:31:43 andrew: It's a relevant point, what about Bitcoin? It's illegal in somewhere... 16:31:56 s/andrew/glen/ 16:31:59 erik: Ecquador made it illegal, but only because they're releasing their own. 16:32:11 dezell: Because this charter has been approved, it is what it is. 16:32:44 dezell: This language is vague, we don't intend to not talk about Bitcoin because Ecuador said it's illegal. In the same point, we can't /just/ talk about Bitcoin. 16:33:46 jeff: The overall scope of the IG charter is broad, and probably doesn't need to be changed at this point. This gives plenty of room to work in it. We'll want to focus down, far much more in there than can be done in the first few months. 16:33:55 erik: It's hard to guess how long this will take. 16:34:03 erik: New front-end payment initiation systems. 16:34:18 erik: Other value transfer systems - loyalty, payments, etc. p2p payments. 16:34:39 erik: Web-mediated business-to-customer, business to business, etc. 16:35:01 erik: We are here to identify barriers, such as 'card not present'. 16:35:27 harold: Is there a reason government-to-person payments isn't covered? 16:35:46 dezell: we say 'including', we don't exclude that. 16:36:15 Present+Vagner Diniz 16:36:31 erik: Identify ways to increase stability, make payments work better across web. 16:36:35 erik: use privacy/protection 16:36:57 dezell: We want to work with Web Crypto WG, etc. wrt. security. 16:37:16 erik: This group does not have solo understanding wrt. Web Crypto, we will work with Web Crypto group. 16:37:45 erik: Identify role of regulations in payment process... regs have big impact on this work. There's been a lot of talk about putting regulations in the code itself. 16:37:59 erik: prioritization of the work - self explanatory. 16:38:14 erik: Review deliverables by other W3C groups that impact our work here. 16:38:25 erik: Web Crypto, hardware tokens, etc. 16:38:45 erik: Liason w/ other organizations to get more interoperability. 16:39:16 joerg: Would it be important to talk to companies that could or should use Web Payments? That plays into hand of bizdev in a way. 16:39:44 erik: i can see that web technologies could be different front-ends into backend systems. 16:41:23 joerg: For example, XML has been used for a while, but we reused it in GSMA for some technologies. 16:41:52 dezell: The way the thing blooms, if you've done your REST Web Service correctly, there is a lot of power there... these technologies can be self-defining. 16:42:16 dezell: I personally happen to be a fan of REST - it accepts in either JSON or XML, we can content negotiate. 16:43:07 dezell: There are three bullets in here that are important - "identify missing pieces, missing gaps, identify role of regulations" 16:43:36 erik: Development of technical standards is not in scope for the group. 16:44:00 erik: We have to consider security/privacy/implications. 16:44:20 erik: Success criteria - we need participation. 16:44:26 erik: We're here for you. 16:44:37 erik: members of the IG will drive work of work items. 16:44:54 erik: We need constructive feedback on w3C deliverables. 16:45:18 erik: This is a new process for most of us, we need to ensure interoperability, work with other organizations. 16:45:29 erik: We need to iron out what we think of the road map, meet regularly. 16:45:48 erik: Primary deliverable is use cases, requirments, identification of technical specs, gaps. 16:46:13 erik: We'd ideally specify use cases and requirements and take it to other groups that exist out there. 16:46:44 erik: We will identify where W3C will need new groups. We want to focus on Web Wallet - that's the good one on there. 16:46:51 erik: So, work items 16:47:10 erik: First item is the roadmap - what is the roadmap going to be - identify, identify, identify. 16:48:03 erik: This is all about interoperability between old and new systems. Enable a level playing field, hard to stress how important that is - no vendor lock in. W3C patent policy is great. 16:48:31 erik: We want to reduce burden on vendors and payees to support multiple payment providers. Let them pay w/ what they want. Increase user protection. 16:48:49 erik: increase fraud protection, provide more transparency/choice 16:49:23 erik: What fees are provided. Identify other services that are relevant, invoices, digital receipts. 16:49:42 erik: next work item - web payments terminology - make sure we're speaking the same language. 16:49:59 erik: make sure we're talking about the same thing. Everyone speaking english, nobody understanding each other. 16:50:52 dezell: The transparency aspect - it's a big part of the work, alphabet soup for standards - transparency is not the point of the ISO specs. W3C transparency has a lot to do w/ accessibility. 16:51:43 dezell: One of the core values of W3C is accessibility. It's hard to get accessibility if you don't have a fundamental view that TV Raman (from Google, who is blind) should be able to pay for something when he wants to. 16:51:47 dezell: UX is important. 16:52:13 erik: You want people to innovate, but you want it to be generally accessible. 16:52:37 erik: wrt. terminology - adopt as much as possible. 16:52:49 erik: next topic wallet and wallet API 16:53:19 erik: we're going to be talking about this quite a bit over the next day or two. 16:53:38 erik: transaction messaging - lots of ISO stuff out there, identify requirements/constraints for merchants. 16:53:56 erik: requirements for payment service providers - messaging, most of this exists already. 16:54:06 joerg: The word 'token' here might be confusing. 16:54:23 joerg: We may want to avoid that word, or explain what that means. 16:55:35 manu: I think we should stay away from the word "token" or "wallet" right now, could be a permathread. 16:55:53 joerg: We can't stop the use of the word, but we can't monopolize its use. 16:55:57 jeff has joined #wpay 16:56:23 erfekkes_: We need to specify terms and reference to other terms. 16:56:40 dezell: We should discuss terminology. 16:56:51 dezell: Maybe a Terminological Task Force 16:56:54 laughing in the group 16:57:10 dezell: but seriously, we need a common vocabulary. 16:57:57 harold: A glossary might develop over time, to have a common set of terms. 16:58:36 erik: we should take into account mobile payments / proximity payments. 16:59:07 miguel: Here from intel - interested from Web Payments, we're in mobile space. 16:59:09 s/harold/thomas/ 16:59:20 Present+Miguel 16:59:25 Present+Daniel Austin 16:59:39 daniel: Before I was Chief Architect of PayPal, now CEO of GRIN. 16:59:47 daniel: Know quite a bit about payments. 17:00:00 erik: Next up - identity, authentication, security 17:00:12 erik: identify, identify, identify - hot space right now 17:00:27 erik: ensure secure authentication, FIDO alliance, etc. 17:00:51 erik: Review existing identification methods and whether they fit in w/ what we're doing here - privacy, security, transaction privacy/security. 17:01:31 daniel: The purpose of FIDO is to generate docs/standardization around this stuff. 17:01:47 erik: identify user protection, data privacy, put the regulations in the code (as a suggestion) 17:02:19 erik: Access basic user and payment provider information in a way that's easy to synchronize between people. Wallet/SIM chip on telephone - how do you synchronize devices. 17:02:33 erik: minimize risk - build on top of Web Crypto - don't re-invent the wheel. 17:03:00 erik: U2F is coming out, various biometric devices - ekg / heartrate - lots of new technology that we can use. 17:03:27 erik: explore mechanisms for trusted UI - make sure rogue app in browser isn't authorized to make transactions on your behalf. 17:04:35 billGebert: From an education/governmental side, commercial hiring practices, identity is very, very important to us. Our experience at ETS in providing assessments to 200+ countries, and accepting payments, having the right person show up if they're hired/tested. Proficiency is important, that's where we're focused. 17:04:51 billGebert: That's what we want to see succeed in this group. 17:05:03 erik: The person taking the GRE, was that really that person taking the GRE. 17:05:37 billGebert: yes workforce, how much money is being wasted because of fraud that occurs. If the wrong person shows up to take the job, or shows up to a university - the cost there is well in the hundreds of millions. 17:05:45 Alan has joined #wpay 17:06:00 erik: A lot of the problems we're working on here are important to both education and financial technology. 17:06:11 erik: There are many relevant groups working on this stuff. 17:06:35 erik: Too early to talk about a timeline for this work. We need short term deliverable focus on this. We don't want open ended tasks. 17:06:59 Erik: Dependencies and liasons - there is a lot more out there that's important. 17:07:11 erik: participation is important - open to W3C members and invited experts. 17:07:21 erik: Let's bring those IEs in 17:07:41 erik: Communication happens over IRC, mailing list, phone calls. Every now and then, face to face meeting. 17:08:10 erik: Patent disclosures - disclose patents. We have a chance of success at this because of W3C patent policy. 17:08:30 mountie: The charter is trying to cover everything. 17:08:42 erik: There is a lot, we'll have to find things to stay focused on. 17:08:52 erik: Move what exists into a Web Payment scope. 17:09:22 erik: There will be new challenges, but most of the stuff exists today. 17:09:35 dezell: We can discuss all this stuff, but we are not the ones that do the technical work. 17:09:46 jeff has joined #wpay 17:10:09 dezell: We may create use cases, requirements to feed into other work. For example, security - summarize what the requirements are - send them over to WebCrypto group. 17:10:16 dezell: We don't want to lose our way down the security rabbit hole. 17:10:27 s/harold/thomas/ 17:11:19 mountie: one more comment - wrt. other W3C working groups - this is a convergence of other W3C group work... the group is similar to Web and TV, Web and Automotive... we have to take a different type of approach wrt. what needs to be standardized. 17:11:39 mountie: Web Payments IG is very different from regular W3C groups - it's more high-level. 17:12:10 dezell: That's true - web and tv are parallel... this group is unique at W3C... 17:12:42 erik: There are a lot of different verticals that are going to be interested in this, we need to get involved in those other groups... how does that fit back into Web Payments. 17:12:52 erik: Get involved in other groups that interest you. 17:13:12 bernard: it's part of the IG to tell which groups should coordinate with whom. 17:13:17 virginie has joined #wpay 17:13:20 bernard: This is what we're working on - welcome. 17:13:28 dezell: important to show progress in the right areas. 17:13:43 dezell: I hope everyone is thinking about what they want to see come out of the meeting. 17:13:56 dezell: This isn't a spectator sport. 17:14:28 Pat: Is the payment work looking at the non-human actors in payments - 3D printing, manufacturing, authentication of embedded web agents to facilitate payments. 17:14:44 Pat: It's implied up here, is that another set of use cases? 17:15:27 dezell: That brings up another deep rathole - once you start selling things, and complying w/ regulations - merchant has responsibility - are you automating the sale of illegal goods? or legal goods in illegal ways? 17:16:10 dezell: For example, people of certain ages won't be able to use certain crypto currencies. 17:16:57 joerg: Requirements for some work - depends on where you are, your perspective. I hope that we can say: This is how W3C work complies w/ the charter. Close the loop. Ok to talk about wide scope, but we need to boil it down so we can deliver on what we're going to deliver. 17:17:35 dezell: We need to bring people working on this here - we are good at removing walls. 17:18:13 dezell: Tim Berners-Lee said: secret to standards is to get people that don't get along into the same room in a strange place... they start working toward common goal. 17:18:42 dezell: There is a human factor to this - Bloomberg just joined X9, etc... we can create stuff at W3C and send those to X9 and ISO. 17:18:51 stephane: We have a session where we talk about outreach. 17:19:18 stephane: think about this... who should be here and isn't... we'll talk about that tomorrow. 17:22:40 bill smith from paypal has left the room 17:22:57 Karen has joined #wpay 17:42:38 Karen has joined #wpay 17:53:03 virginie has joined #wpay 18:00:59 mountie has joined #wpay 18:04:06 scribenick: dsr 18:05:45 Topic: Related Working Groups: Web Crypto 18:06:22 Virginie presents the web crypto WG (link to slides to follow) 18:07:16 In last 2 years, we have collected use cases. We have an API which is now quite mature and about to exit Last Call. 18:08:22 We're starting to think about next steps and the potential overlap with web payments, e.g. improved authentication using multi-factor techiques. 18:09:04 We had a workshop recently, see http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/ 18:10:06 We have started to look at the potential role of trusted UI. as well as secure elements, etc. The new charter will begin next year. 18:11:50 Just keep in mind that there are groups that could help the Web Payments IG, e.g. Web Security IG, Web Crypto WG, WebAppSec WG. The latter is kicking off work on a credential API. 18:12:06 Questions? 18:12:19 Manu: when is rechartering happening? 18:12:37 Virginie: January 2015 18:12:53 mcdermittd has joined #wpay 18:13:14 To effect the WebCrypto Charter we need input by then 18:13:36 Manu asks about the credential API. 18:14:13 Virginie: we felt it would be a good fit for the WebAppSec WG which is rechartering at the same time as WebCrypto. 18:14:36 erfekkes has joined #wpay 18:14:53 padler has joined #wpay 18:17:18 Some discussion about W3C domains. Dave Raggett notes that these are part if the way W3C staff are organized, and it is more important to focus on coordination by group members across groups. 18:19:22 Need to establish good communications across groups. Stephane adds that the Web payment IG charter lists groups or relevance. Having people who are participating in both the Web Payments IG and other groups is a particularly effective way to coordinate. 18:19:26 FYI : credential management google proposal here http://mikewest.github.io/credentialmanagement/spec/ 18:20:07 Manu: Google is leading work on credential API with support from Mozilla, which is very positive on behalf of browser vendors. 18:20:42 Dan: let's not tie what we're doing to specific browsers 18:21:13 Interoperability is the key. 18:21:49 What kind of credentials? 18:22:11 Manu: primarily relating to authentication to web sites. 18:22:37 FYI : discussions related to next steps of web crypto is happening on the Web Security IG http://lists.w3.org/Archives/Public/public-web-security/ 18:23:08 David: it is good for us to be engaged and we can discuss this further tomorrow in relation to plans for outreach. 18:23:23 Manu: a good way is to volunteer to perform spec reviews. 18:24:37 Virginie: the Web Security IG are more interested in reviewing specifcations and may not be effective at reviewing use cases. 18:26:23 Virginie: first spec from WebCrypto WG is mainly focused on widely deployed crypto algorithms. 18:27:14 Coordination between W3C and IETF on crypto e.g. in relation to HTTP. 18:28:06 Is multi-signature support on their radar? This is important for web payments. 18:28:34 FYI : algorithms considered in the web crypto are listed here : https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#algorithm-recommendations 18:28:52 David: one challenge is whether we trust the devices the apps run on? 18:29:07 Answer: you can't trust the devices in general. 18:30:10 karen_od has joined #wpay 18:30:29 Dan: you don't want to confuse encryption with security. 18:31:05 Joerg: is the security good enough for protecting the brand behind the solutions. 18:32:06 David: there are a lot of warning flags, so we need to be vigilant. 18:33:04 Topic: Related Groups: Web Payments CG (Manu Sporny) 18:33:14 see https://web-payments.org/slides/2014/tpac-wpig-wpcg/ 18:33:38 Present+Claudia Swanseid 18:34:55 David invites a couple of people who just stepped in to introduce themselves. 18:35:22 jeff has joined #wpay 18:35:37 Present+Matt Howarter 18:35:48 Matt: from walmart 18:36:38 gludi has joined #wpay 18:36:51 Manu starts with his introduction to the web payments community group and invites questions 18:37:05 uri slides:https://web-payments.org/slides/2014/tpac-wpig-wpcg/ 18:37:31 jeff_ has joined #wpay 18:37:46 s/Swanseid/Swandseid/g 18:37:49 He explains that community groups are unofficial and exist to incubate work. The web payment CG has 184 registered members. 18:38:43 gludi|4 has joined #wpay 18:39:03 gludi|4 has left #wpay 18:39:10 We're an incubator for ideas we think may have potential and expect to pass ideas to the Interest Group for review. The CG is open to anyone, and our work is open, inclusive and transparent. 18:40:48 The CG is collaborating with a range of other groups. These included technical groups as well as policy, regulatory and legal groups. 18:41:04 s/included/include/ 18:41:57 gludi|46 has joined #wpay 18:42:28 Manu mentions the Open Payments Foundation which focuses on open source implementations 18:44:40 Zakim has left #wpay 18:44:44 He recounts the timelime that has led to the Web Payments IG. Want to encourage good coordination between the CG and IG. 18:45:28 Lists the web platform's current failures: problems for credentials, payment initiation and digital receipts. 18:45:57 s/problems/no standards/ 18:47:20 Web Payments CG considers the following to be important: civic - strong identity is central to ownership, democracy, privacy and prosperity 18:48:11 The fact that 2.5 billion adults lack access to financial infrastructure. 18:49:17 The opportunity for the Internet to provide a more agile and vibrant global economy. Why does money transfer take much much longer than sending an email? 18:50:26 Role of phones and increasing penetration of smart phones across the globe. 18:50:39 ErikAnderson has joined #wpay 18:51:09 Some discussion around MPESA for mobile payments. 18:52:12 David: the time for completing payments is related to maintaining control and business models for payment infrastructure. 18:52:42 Competition will drive innovation, e.g. for faster payments. 18:53:42 Daniel Austin: if we can make it profitable for companies to complete payments quickly, that is what will happen. 18:55:13 Experience with Rabobank in the Netherlands. We are trying to encourage card payments over cash payments and looking at the incentives to make that happen. 18:55:48 Moving money internationally involves many parties, and interoperability will stream line this. 18:58:08 Manu introduces the Web Payments CG use cases. We took these from the Paris workshop. They include push payments,subscriptions, digital receipts, pseudo anonymity, wallet portability, account portability, etc. 18:58:53 The design criteria include supporting existing payment instruments, emerging instruments, digital/physical receipts, smart contracts, etc. 19:01:26 David: the IG should review the CG use cases document. 19:01:52 Dan: this shouldn't be considered to be exhaustive 19:02:23 ... but is awesome work and will definitely be helpful 19:02:55 Stephane: is this a static finished document, or a living document? 19:03:07 Manu: it is continuing to evolve 19:04:09 We don't have any input into the use cases document from external groups as yet 19:04:26 q+ 19:04:36 zakim, who is on the queue? 19:04:42 (cites a list of organizations we would like to hear from) 19:04:53 Zakim has joined #wpay 19:04:57 q+ 19:05:45 Dan: it would be interesting to pick all the use cases with validity and pick some for detailed examination 19:06:13 ack steph 19:07:04 Stephane: as well as selecting use cases, we need to prioritize them, and to ensure that they have sufficient coverage of the challenges we want to address 19:08:33 We have a technology stack (see diagram). 19:10:27 The Web Payment CG considers itself to be in a supporting role to the IG and will continue to experiment with pre-standardization payment technology. Likewise to continue outreach and collection of review input for the IG 19:11:39 Dan: we need to have a clear position when it comes to crypto currencies that we can communicate easily. 19:13:31 Disruptive technologies occur regularly. Things are going to shift in response. We need to keep an open mind and build standards that aren't too attached to current regulation and payment solutions. 19:15:04 Manu: the CG is very happy to take on things that would be impractical for the IG to address without being disrupted. 19:16:06 Some discussion on ensuring the messaging of the relationship between the IG and CG is really clear. We need to avoid mixed messages. 19:16:22 Dan: the W3C logo on the CG is confusing. 19:17:16 s/logo/name/ 19:17:41 Stephane: we are aware of this and want to help 19:18:39 Joerg: is there a picture that makes the differences between the various kinds of groups clear 19:18:47 s/clear/clear?/ 19:19:04 Stephane: not as far as I am aware, but it is a good idea 19:19:45 Dan Burnett: this is work for the W3C to make the distinction clearer 19:20:09 Manu: there are links on futher background from the slides 19:20:33 The slides are at https://web-payments.org/slides/2014/tpac-wpig-wpcg/ 19:21:51 Joerg: I have the feeling that we are touching identity now. We are missing entitlements as an instrument that avoids the need for tracing all transactions back to the payee. 19:22:24 Topic: Related groups: Credentials CG (Manu Sporny) 19:22:35 Slides: http://opencreds.org/presentations/2014/tpac-wpig-ccg/ 19:23:35 This spun out of the web payments CG. People felt that work on credentials should be split off to avoid it being tied to closely to payments. 19:24:33 Manu presents the credential CG's definition of the term "credential". 19:25:56 One of the groups participating in the CG is the Badge Alliance, a spin off from Mozilla. 19:26:09 Manu plays a video 19:27:45 The video mentions credentials relating to educational achievements. 19:29:29 Manu: mostly relating to K through 12 age groupds 19:29:48 s/groupds/groups/ 19:31:10 The problem this is addressing is to be able to prove to employers that job applicants have the qualifications they claim to have. 19:32:09 This very much ties to identity. When you take an exam you need to prove your identity. 19:33:22 This requires high stakes credentials. We've been working on addressing this using JSON-LD and digital signatures. 19:35:04 We want to avoid the need for use name and passwords, date of birth and so forth which are subject to fraud. 19:35:43 High stake credentials may be formed from credentials that may or may not be high stakes. 19:36:52 You shouldn't need to distinguish whether these contributory credentials are high stakes. 19:37:45 Dan: these credentials may not be the same as needed for payments, right? 19:38:09 ... We need to keep these separate. 19:38:56 rrsagent, make minutes 19:38:56 I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html dsr 19:40:06 Joerg: credible signatures generally speaking involve a cost and a globally recognized signature is likely to cost more. 19:40:55 Mountie describes the situation in Korea 19:42:10 Manu: this is not a centralized solution. We need to look at what do we need to get people on board, and separately to address the technical issues. 19:43:14 Privacy and tracking are important issues to address. 19:44:51 Some discussion about the relationship to payments, and the role of standards for credentials. 19:46:10 ... and the relationship to business models. 19:47:15 Multiple credentials can help to reduce risk. 19:48:54 Open standards would be valuable. 19:49:27 Discussion around tokens and EMV. 19:50:39 David: this group (web payment IG) will need to be proactive and surf on current efforts. 19:51:37 Manu asks for 15 minutes to wrap up after we resume from lunch. 19:51:46 rrsagent, make minutes 19:51:46 I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html dsr 20:15:54 bgidon has joined #wpay 20:19:19 Alan has joined #wpay 21:09:22 steph has joined #wpay 21:11:26 gludi|46 has joined #wpay 21:13:01 http://opencreds.org/presentations/2014/tpac-wpig-ccg/ 21:14:54 Zakim has left #wpay 21:16:34 padler has joined #wpay 21:17:05 evert has joined #wpay 21:17:17 evert: tests the connection 21:17:17 scribenick: evert 21:17:31 glenwiley has joined #wpay 21:17:43 mountie has joined #wpay 21:18:11 manu: continues presentation of Credentials CG, starting from Badge Alliance 21:18:28 Menu: Accreditrust 21:18:52 Manu: Educational Testing Service by Bill 21:19:28 Bill: challenge for education space is the credentials from education must be built on low-level credentials for web identity (secure) 21:20:13 ErikAnderson has joined #wpay 21:20:30 Bill: Need to sign credentials. Customer decides which credentials are high stakes. Hiring practices, assessments. Individuals take assessments (such as English) are worldwide 21:21:20 Bill: challenge that ensure that individual who pays for the assessment is the same individual who takes the assessment *giving access to some of the great universities) 21:22:00 Bill: Large business in " selling access to universities" based on the credentials being issued 21:22:58 Bill: how can these credentials be issued, transportable and secure? Cradle to cradle, starting already in primary school and life-long 21:23:30 Bill: what happens somebody passes away, how will the credentials will be deactivated? 21:24:28 Bill: Governmental agents such as immigration need this in their process 21:24:38 dsr has joined #wpay 21:25:30 Manu: ETS is Educatonial Testing Service 21:25:52 Bill: Also machine to machine connections for processing automated testing of assessments 21:26:17 Bill: 100s of millions of transactions processed by ETS worldwide 21:26:49 Manu: Strong beleif in Credential CG that this technology can also be used for Payments. Express and Verify a credential on-line 21:27:24 Manu: Credentials CG is a same type of organization as the Payments CG, spin off and giving input to the WPIG 21:28:19 Manu: collaboration happening with government organization US, Educations, IGF. Not with Swift, EMV etc right now. 21:28:59 Daniel: missing a number organizations such as Swift and EMVco 21:29:27 Matt: is there an idea about what the ideal state would be like? 21:29:35 Manu: no, that;s not yet defined 21:29:55 Manu: very focused on just storage and transmission of credentials over the web 21:30:26 Manu: need to transmit proof of age or identity document. Care about data probability, Support legacy systems. 21:30:56 Manu: Use cases will be very specific: verifiable claims, storage, transmission, etc 21:31:29 Manu: technology stack is currently "a mess", too complicated still. 21:31:45 Manu: a lot of this stack is similar to that og the Payments CG 21:32:17 Manu The Credentials CG hopes to play a similar role for the WPIG as the Payments CG does 21:32:42 Manu: slides are on http://opencreds.org/presentations/ 21:34:17 Mountie: credentials are not always required for every payment transaction 21:34:40 Manu: we want to be able to process pseudo anonymous transactions 21:34:59 Manu: credentials will be required for instance for opening a bank account over the web in the future 21:35:59 Mountie: during Paris workshop, huge number of anonymous payments were discussed. Anonymous payment is very important in a number of cases 21:37:11 Daniel: Not convinced that the credentials (and classes thereof) are the same for these cases. Privacy can be different: an address is not required when buying a candy bar. There will be N levels of credentials for different use cases 21:37:43 Daniel: we need to think of of more refined way handling credentials 21:38:34 David: we need to talk this further. As a point of order, we need to proceed to the next topic 21:38:43 Dave Ragget presenting 21:39:18 David: we are moving to the buying side of the conversation now 21:40:15 Dave: SysApps, NFC and their relevance to wallets and payment solutions 21:40:29 s/Ragget/Raggett 21:40:58 Dave: Also trust and permissions are in scope here 21:41:34 Dave: Wallets and payment solutions could be implemented as web applications (stress on could) 21:42:13 Dave: standards allowing this required. Locally installed on a device, remotely hosted in the cloud or a hybrid of these 21:42:29 Dave: user registers wallet with browser, 21:42:40 gludi has joined #wpay 21:42:41 Dave: user registers payment solution with wallet 21:42:48 gludi has left #wpay 21:43:07 Dave: synchronization across devices is for the implementors to address 21:43:29 Dave: System Applications WG drafted 2 years ago 21:43:30 burn has joined #wpay 21:43:50 Dave: two models: packaged apps installed from app store and hosted apps run from the web server 21:44:19 Dave: Phase 1 focus on executions & security model plus small number of APIs (in progress) 21:44:58 Dave: proposals for App Manifest (JSON), App lifecylcle and App URI (Last Call WD) 21:45:15 jeff has joined #wpay 21:45:42 Dave: App lifecycle has an eventing model based upon Service Worker now 21:46:01 Dave: Challenges for dealing with trust & permissions in an interoperable way 21:46:57 Dave: Lifecycle can have several states (micro lifecycle events) 21:47:21 Dave: the Service Worker can be launched from several events, including system events 21:48:30 Dave: other phase 1 work items: Task scheduler, Contacts, Messaging, Telephony and TCP & UDP sockets 21:49:16 David: This is really what is talked about. JS engine running in the browser to launch events, not requiring to be a guru to use these. 21:49:43 David: think about EMV offline transactions serviced by a Service Worker 21:50:52 Dave: scripting in HTML processed by Web Workers (not in the thread) 21:51:48 Dave: Sysapps phase 2: Bluetooth API, Browser API, Calendar API, Deveice Capa API, Idle API, Media Storage API, Network IF API, Secure Elements API, System Settings API 21:52:55 David: If you have a development group developing an API it is good to look what APIs are developed here. Giving much better alignment going forward 21:53:34 Dave: Secure Elements API intended to enable web apps to invoke code hosted by tamper resistant modules 21:54:07 Dave: Draft spec by Gemalto http://opoto.github.io/secure-element/ 21:54:30 Dave: use cases Authentication, digital signature, payment, credential provisioning 21:55:14 Joerg: Processing in laptops differs quite a bit from UICC processing. Is that included? (not clear now) 21:55:29 Joerg: the API should be generic enough 21:55:52 Dave: Via NFC to secure element on another device. 21:56:02 Dave: the slides are linked on the meeting agenda 21:56:24 gludi|4 has joined #wpay 21:56:32 https://www.w3.org/Payments/IG/wiki/images/b/b4/27-dsr-payments.pdf 21:56:34 gludi|4 has left #wpay 21:57:35 Dave: discusses diagram in slides, user device running web application runtime with secure element. API is abstraction layer over the APDU exchange. 21:58:09 Dave: slide number is 9/22 21:58:50 Joerg: usually you should have only one agent addressing the SE. Lot of discussion here 21:59:18 Dave: Application in JS communicating with the Secure Element 22:00:04 Joerg: you need some rulings on how to access the SE, such as known secrets. More complex when application also plays a role, depending on the status of the applet. 22:00:20 Joerg: is the hash correct to access the SIM card? (e.g.) 22:00:45 Dave: Bluetooth API - lots of innovations such as Paypal and Apple beacons 22:01:09 Daniel: security linked strong to Bluetooth Low Energy 22:01:41 Dave: Bluetooth Community Group http://www.w3.org/community/web-bluetooth/ 22:02:36 Dave: using BLE to broadcast URIs to nearby phones. Google promoting "Physical Web" 22:02:53 Daniel: a Discovery mechanism of some sort will be needed 22:03:08 Dave: Discovery will prove to be quite challenging 22:03:08 gludi|46 has joined #wpay 22:03:22 Dave: strong relevance for payments. 22:03:45 Dave: NFC working group: tap based interaction (very short range) 22:04:12 Dave: growth now to really take off? Significant announcement of Apple 22:04:50 Dave: Google android, Windows Phone API, Firefox OS, Tizen - all different APIs 22:05:37 Dave: Basic functionality: NDEF small formatted messages such as strings, URLs. Sending and receiving NDEF messages between peers 22:05:56 Dave: Handover mechanisms for bluetooth and wifi pairing 22:06:16 Dave: card emulation is NOT yet supported, could be in a future specification 22:06:29 Dave: see secure element API for APDU access 22:06:41 Dave: Possible use cases (see slide 12/22) 22:07:25 gludi|47 has joined #wpay 22:07:50 Dave: for NFC to have a common standard we have to develop the use case. Will the Payment area drive this? 22:08:19 Dave: code example slide 14/22 (Promise design pattern) 22:08:46 Dave: NFC is common in hardware now,how to move from proprietary to open API standards? 22:09:40 Manu: general NFC use cases, FIDO alliance 2 factor authentication device - could not figure out how to piece the parts together 22:10:22 Manu: what specs required, where to look? What does a " useful package" consist of? 22:10:36 Manu: what needs to be completed at W3C to enable this to happen? 22:10:57 Dave: Hardware tokens is restarted in the Web Crypto group 22:11:52 David: we need to figure out how to make things secure, interface the Secure Element 22:12:35 dan has joined #wpay 22:13:20 Mountie: comment, Web Crypto WG is different for key ownership philosophy. Is the user having ownership? Contradictions exist today 22:13:38 Dave: some stories around provisioning 22:14:05 ErikAnderson has joined #wpay 22:14:23 Joerg: when an SE is shipped, you need to keep track of it. The manufacturer does not have the customer relation. 22:14:44 Joerg: end user may have to have the power, but someone has to manage this in the back end 22:15:41 David: Thinks that this IG has a clear role to decide how to manage loading keys. Strategies need to be put in place. 22:16:14 Joerg: what is needed to make a wallet workable? Providing e.g. Mastercard and Visa functionality needs backend support 22:16:41 Dave: this is good stuff for further discussions on the use cases 22:16:51 Dave: Trust and permissions 22:17:26 Dave: Apps need to be trusted before they can be given access to use certain capabilities such as payments and raw socket access 22:17:30 jyr has joined #wpay 22:17:59 Dave: common approaches include asking user consent when app is installed (android) or first used (iOS) 22:18:16 Dave: Browse may silently grant permission to platform apps 22:18:47 Dave: native platforms handle this in a proprietory wa (iOS, Android, Windows Phone) 22:19:04 Dave: Hybrid platforms - Apcha Cordova/Phonegap 22:19:17 Dave: Open Web Platform HTML5 22:19:45 Web OS platforms extending the Open Web Platform proprietary: Mozilla Firefox, Tizen etc 22:20:26 Daneil Burnett: depending on connection being secure or not, some trust aspects can be stored 22:20:38 s/Daneil/Daniel 22:22:03 Dave: resource integrity, application accesses local libraries 22:22:58 Dave: http://www.w3.org/2014/07/permissions/ 22:23:23 Dave: SysApps meeting sharing experiences on native platforms, web platforms and research studies 22:23:37 Dave: Discussed ieas for extending the Open Web Platform 22:23:47 s/ieas/ideas 22:24:22 Dave: Need shared standards for Open Web Platform, building on precedents with exiting APIs 22:24:55 Dave: Browser vendors looking for heuristics monitoring how apps work, detecting misbehaving apps 22:25:19 Dave: increasing role for endorsements by trusted 3rd parties as a way for users to delegate trust decisions 22:26:04 Dave: avoid to ask the user upfront a long list of approving all kind of things 22:26:31 Dave: general agreement on launching a Community Group on Trust and Permisisons 22:26:42 Dave: Questions? 22:27:18 Manu: trust level to be obtained,? 22:27:52 Dave: Granularity depends. When asking the user, a small set of questions must be asked. When delegated, it can be more fine grained 22:28:14 Dave: prevent lots of annoying questions to the users, there is lots of interest for the delegation model 22:28:55 Daniel: Web RTC model - browser must confirm that the user has given permission - but does not say how. May be a license agreement in some cases. 22:29:17 Daniel: different browser vendors have implemented this in different ways 22:30:17 David: Web browser is itself also just an application. When controlling other applications there can be issues. 22:30:57 Dave: Suspicious behavior of apps may be determined also by others, such as a responsible adult monitoring. 22:31:31 Dave: important where the trusted software is running 22:32:04 Daniel: the generic term for the browser is the " user agent". What we need to trust is not the browser, but the specific JavaScript 22:32:25 Daniel:this JavaScript can be monitored on its behaviour 22:34:37 Erik: having deployed enterprise solutions, learned that sometimes a rogue install of a script by the user can interfere with otherwise secure distribution of signed JS 22:36:25 David: break until 16.00 22:46:44 mountie has joined #wpay 22:59:59 mountie has joined #wpay 23:00:12 dsr has joined #wpay 23:02:33 bgidon has joined #wpay 23:02:54 m4nu has joined #wpay 23:03:10 scribenick: m4nu 23:03:44 Topic: ISO 20022 23:03:58 erik: This is a basic introduction to ISO20022, it's a big data dictionary, highlight some particular items of interest. 23:04:08 erik: This is a recipe for making financial industry standards. 23:04:35 erik: FIs exchange massive amounts of information - sender/receiver need to agree on structured format... syntax and semantics. 23:04:48 page 14 of ISO20022 for dummies 23:04:58 erik: There isn't one standard out there, there are many. 23:05:03 Karen has joined #wpay 23:05:21 erik: You can map XML to SWIFT like so - syntax is the format - the way the message is structured. 23:05:30 virginie has joined #wpay 23:05:38 erik: so think of text-based, vs. XML-based, vs. JSON-based format 23:06:00 erik: Widely used existing standards in FI space... lots from ISO / SWIFT / etc. 23:06:23 erik: For example, if you want to exchange an address - it must contain these components 23:06:38 evert has joined #wpay 23:07:01 erik: ISO20022 is a consistent message standard across business/industry. Business components and elements - started high, went low. Messages are aligned for business processes. 23:07:25 erik: page 23 - syntax - ISO20022 is focused on separate layers - two different layers... third layer is physical syntax. 23:07:39 erik: focus is on reusability 23:07:53 erik: FI identification - that data structure looks identical 23:08:14 erik: What makes ISO so great? logical messages can be mapped to business definitions. Technical definitions map to businesses. 23:08:35 erik: Linking messages back to business processes, money transfer, security exchange, etc.