IRC log of wpay on 2014-10-27

Timestamps are in UTC.

15:39:57 [RRSAgent]
RRSAgent has joined #wpay
15:39:57 [RRSAgent]
logging to http://www.w3.org/2014/10/27-wpay-irc
15:40:18 [steph]
Meeting: web payments Face-to-face meeting - day 1
15:40:28 [steph]
rrsagent, make log public
15:40:43 [steph]
Agenda: https://www.w3.org/Payments/IG/wiki/Draft_F2F_Agenda_-_TPAC_2014_-_27/28_October_2014
15:45:43 [steph]
starting
15:45:52 [steph]
Steph: welcome
15:45:57 [steph]
david: intro
15:47:02 [steph]
Participants: stephaneB, David Ezell, Erik Anderson, Glen wiley, Virginie Galindo, Evert Fekkes, Joerg Heuer, Dave Raggett, Jean-Yves Rossi, Pat Adler, Dave McDermitt
15:47:29 [manu]
manu has joined #wpay
15:47:37 [steph]
Present+Manu Sporny
15:48:21 [steph]
screbenick: steph
15:48:26 [steph]
scribenick: steph
15:48:45 [steph]
David: describing the vision
15:49:25 [mountie]
mountie has joined #wpay
15:49:47 [steph]
Topc: admnistrivia
15:49:51 [steph]
Topic: admnistrivia
15:51:11 [steph]
David: 3 mailing-lists: public-webpayments-ig: public for the group
15:51:25 [steph]
David: 3 mailing-lists: public-webpayments-comments: public for all, everyone can comment
15:51:49 [steph]
David: member-webpayments-ig: adminstrivia list member only
15:52:44 [dsr]
dsr has joined #wpay
15:53:05 [padler]
padler has joined #wpay
15:53:15 [toml]
toml has joined #wpay
15:53:23 [ErikAnderson]
ErikAnderson has joined #wpay
15:53:26 [gludi]
gludi has joined #wpay
15:53:32 [steph]
q+
15:53:37 [steph]
q-
15:54:24 [burn]
burn has joined #wpay
15:54:46 [steph]
david: we use IRC on #wpay
15:54:56 [bgidon]
bgidon has joined #wpay
15:54:59 [steph]
you can use http://irc.w3.org or a native client
15:55:37 [steph]
david: chairs are just here to drive the discussions, but the content is up ot the group members
15:56:13 [steph]
Present+Virginie Galindo
15:56:38 [dsr]
Present+Dave Raggett
15:57:04 [steph]
David: going over the agenda
15:57:11 [steph]
david: sysaps and nfc.
15:57:28 [steph]
sysapps very important about how to access device capabilities
15:58:01 [steph]
Present+Claudia Swanseid
15:58:09 [virginie]
virginie has joined #wpay
15:58:23 [steph]
Present+Joerg Heuer
15:59:05 [mcdermittd]
mcdermittd has joined #wpay
16:00:47 [steph]
Manu: general idea: we see how the first day goes, and then we change in case it needs?
16:01:15 [steph]
Joerg: I have a demo for after 6 in case you are interested
16:01:29 [steph]
David: let's see nw if we need to change
16:01:37 [steph]
Topic: Introduction
16:02:50 [steph]
Present+Glen wiley
16:03:19 [steph]
glen: from verisign, not used to W3C, but with ietf. interested in crypto currency+online identity
16:03:29 [steph]
let's see overlap with ietf
16:03:37 [steph]
Present+Pat Adler
16:03:50 [steph]
pat: fed from chicago. working on payments+identity
16:04:07 [steph]
interested in interaction with the Web, interoperability is key
16:04:15 [steph]
Present+Dave McDermitt
16:04:26 [steph]
dave: from the fed in atlanta.
16:04:42 [steph]
worked with PCI
16:04:45 [steph]
interested in the whole area
16:05:04 [steph]
Virginie: from gemalto
16:05:20 [steph]
following the web payments activity since the beginning
16:05:25 [steph]
key for us
16:05:30 [steph]
interested in the wallet
16:05:46 [steph]
Present+DanSyung
16:06:18 [steph]
DanSyung: from verizon
16:06:24 [steph]
Present+Bernard Gidon
16:06:31 [steph]
Bernard: W3C staff in busdev
16:06:49 [steph]
s/Syng/Sun/g
16:06:59 [steph]
Present+Mountie Lee
16:07:03 [dan]
dan has joined #wpay
16:07:21 [wseltzer]
wseltzer has joined #wpay
16:07:25 [erfekkes_]
erfekkes_ has joined #wpay
16:07:27 [steph]
Mountie: working in korea and south-east asia providing payment
16:07:37 [steph]
Present+ Manu Sporny
16:07:55 [steph]
manu: representing few org.: chair of web payments cg, credential cg (identity )
16:08:00 [wseltzer]
wseltzer has changed the topic to: TPAC Agenda 27-28 Oct: http://lists.w3.org/Archives/Public/public-webpayments-ig/2014Oct/0000.html
16:08:17 [steph]
working also for the open paymnet foundation
16:08:24 [steph]
s/paymnet/payment/
16:08:42 [steph]
Manu: in W3C for quite long time, working on json-ld
16:08:50 [steph]
excited by the diversity of pple in the rool
16:08:55 [steph]
s/rool/room/
16:09:20 [steph]
Manu: hope we will also cover the unbanked and the underbanked
16:09:28 [steph]
Present+Jean-Yve Rossi
16:09:52 [steph]
Jean-Yves: working for a consultancy i founded focus on business compliance
16:10:10 [steph]
formerly with bank on hte regulatory side
16:10:20 [steph]
Present+Evert Fekkes
16:10:42 [steph]
Evert: from rabobank, first bank at W3C
16:10:51 [steph]
evert: actively developing wallet and nfc payment for the retail sector
16:11:19 [steph]
interested to see how national standard can fit with internation web standards
16:11:39 [steph]
Present+Thomas Lammer
16:11:48 [steph]
thoams: from WB, part fo the WB payment team
16:12:03 [jeff]
jeff has joined #wpay
16:12:07 [steph]
doing lots of support on banking sector in client countries
16:12:20 [steph]
also interested in interoperability, access to payment
16:12:28 [steph]
inclusion is essential for us
16:12:42 [steph]
I'm new to W3C, first time joining W3C
16:12:51 [steph]
working with Harish who was in march in paris
16:13:09 [steph]
Joerg: deutsch telekom, new to W3C since march
16:13:37 [steph]
involved with AAA authorization, Authentication,etc
16:13:41 [steph]
interested in identity and also wallet
16:13:53 [steph]
Dave: w3c staff
16:13:59 [steph]
with the web since its creation
16:14:12 [steph]
have been invomlved in launching this work
16:14:26 [steph]
interested in value-added services around payments
16:14:42 [steph]
payments for WoT too (paymetns for services
16:14:52 [steph]
Present+Dan Burnett
16:15:09 [steph]
Dan: W3C since 99, working on vxml and related spec
16:15:17 [steph]
representing aspect
16:15:25 [steph]
working on web rtc
16:15:37 [steph]
creator of voicexml
16:15:42 [steph]
Present+Angel li
16:15:47 [steph]
Angel: w3C staff in china
16:16:18 [steph]
Present+ Francis
16:16:42 [steph]
Francis: coming from china, created internet wallet.
16:16:42 [steph]
we want ot bring our ideas to W3C
16:16:42 [Joe_H]
Joe_H has joined #wpay
16:16:52 [steph]
Present+Jeff Jaffe
16:17:01 [steph]
jeff: ceo of W3C
16:17:23 [steph]
jeff: embarassed that we haven't taken up on web payments, vrey glad this group starting. extremly important to W3C mission
16:17:37 [steph]
PResent+Erik Korb
16:17:52 [steph]
Erik: part of accreditrust specialized in web credentials, identity
16:18:01 [steph]
useful for all sectors
16:18:31 [steph]
???: from GSMA interested in wallet and web payment
16:18:45 [bgidon]
Istvan Lajtos from GSMA
16:18:45 [steph]
interested to see what value we can bring to the group
16:18:56 [steph]
s/???/Istvan/
16:19:15 [glenwiley]
glenwiley has joined #wpay
16:19:15 [steph]
Present+ Istvan Lajtos
16:20:02 [steph]
Present+Bill
16:20:12 [steph]
Bill: from educational testing service
16:20:27 [steph]
interested in credentials & identity
16:20:39 [steph]
been with W3C at the early day
16:20:56 [bgidon]
Dan Druta
16:21:11 [steph]
PResent+dan Druta
16:21:24 [steph]
present+Brian Sletten
16:21:36 [steph]
brian: open payment foundation, developer first W3C meeting
16:21:45 [steph]
API deszign for retailer
16:21:55 [steph]
PResent+Mary
16:22:05 [steph]
rrsagent, make minutes
16:22:05 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html steph
16:23:09 [steph]
Present+Bill Smith
16:23:19 [steph]
Bill: paypal/ebay
16:23:44 [karen_od]
karen_od has joined #wpay
16:24:01 [bgidon]
Telenor
16:24:12 [steph]
Present+Lars Erik Bolstad
16:24:17 [steph]
Lars erik: opera
16:24:37 [mcdermittd]
mcdermittd has joined #wpay
16:24:44 [steph]
Present+Karen
16:24:53 [steph]
Karen: from ISOC, interested
16:24:58 [steph]
PResent+Dieter
16:25:03 [steph]
Dieter: deutzch ban
16:25:12 [steph]
s/ban/telekom
16:25:39 [steph]
Present+Al Villarica
16:26:03 [manu]
scribenick: manu
16:26:08 [manu]
Topic: Charter review
16:26:32 [manu]
dezell: We're going to review the charter now, let's see how this charter can help us w/ our mission.
16:26:44 [jeff]
Link to charter?
16:26:53 [steph]
Present+Marie-Claire Forgues
16:26:58 [manu]
erik: Has everyone had a chance to review the charter yet?
16:27:10 [steph]
http://www.w3.org/2014/04/payments/webpayments_charter.html
16:27:13 [manu]
Some nods, some sheepish downward glances.
16:27:26 [steph]
charter uri: http://www.w3.org/2014/04/payments/webpayments_charter.html
16:27:50 [manu]
erik: We're trying to build a platform that will be applicable to those on the Web. We want to support past payment mechanisms (ACH, Credit Card, etc.)
16:28:04 [manu]
erik: We also want to support future payment mechanisms (cryptocurrencies, etc.)
16:28:24 [manu]
Daniel: What do you mean by "legal" payment mechanisms?
16:28:45 [manu]
Daniel: Was that meant to exclude any payment mechanism in particular?
16:29:03 [manu]
erik: What's legal in US, doesn't mean it's legal elsewhere or vice versa.
16:29:40 [manu]
erik: We aren't going to say what's legal not legal, we want the system to support things that are legal somewhere
16:29:56 [manu]
Joerg: We want to support gray areas.
16:30:04 [manu]
unknown: What about fiat vs. non-fiat?
16:30:13 [steph]
s/unknown/thomas/
16:30:32 [manu]
Harold: We need to understand what's legal/not legal...
16:31:09 [manu]
dezell: We were just trying to say "we don't want to support illegal activity".
16:31:41 [virginie]
q?
16:31:43 [manu]
andrew: It's a relevant point, what about Bitcoin? It's illegal in somewhere...
16:31:56 [steph]
s/andrew/glen/
16:31:59 [manu]
erik: Ecquador made it illegal, but only because they're releasing their own.
16:32:11 [manu]
dezell: Because this charter has been approved, it is what it is.
16:32:44 [manu]
dezell: This language is vague, we don't intend to not talk about Bitcoin because Ecuador said it's illegal. In the same point, we can't /just/ talk about Bitcoin.
16:33:46 [manu]
jeff: The overall scope of the IG charter is broad, and probably doesn't need to be changed at this point. This gives plenty of room to work in it. We'll want to focus down, far much more in there than can be done in the first few months.
16:33:55 [manu]
erik: It's hard to guess how long this will take.
16:34:03 [manu]
erik: New front-end payment initiation systems.
16:34:18 [manu]
erik: Other value transfer systems - loyalty, payments, etc. p2p payments.
16:34:39 [manu]
erik: Web-mediated business-to-customer, business to business, etc.
16:35:01 [manu]
erik: We are here to identify barriers, such as 'card not present'.
16:35:27 [manu]
harold: Is there a reason government-to-person payments isn't covered?
16:35:46 [manu]
dezell: we say 'including', we don't exclude that.
16:36:15 [steph]
Present+Vagner Diniz
16:36:31 [manu]
erik: Identify ways to increase stability, make payments work better across web.
16:36:35 [manu]
erik: use privacy/protection
16:36:57 [manu]
dezell: We want to work with Web Crypto WG, etc. wrt. security.
16:37:16 [manu]
erik: This group does not have solo understanding wrt. Web Crypto, we will work with Web Crypto group.
16:37:45 [manu]
erik: Identify role of regulations in payment process... regs have big impact on this work. There's been a lot of talk about putting regulations in the code itself.
16:37:59 [manu]
erik: prioritization of the work - self explanatory.
16:38:14 [manu]
erik: Review deliverables by other W3C groups that impact our work here.
16:38:25 [manu]
erik: Web Crypto, hardware tokens, etc.
16:38:45 [manu]
erik: Liason w/ other organizations to get more interoperability.
16:39:16 [manu]
joerg: Would it be important to talk to companies that could or should use Web Payments? That plays into hand of bizdev in a way.
16:39:44 [manu]
erik: i can see that web technologies could be different front-ends into backend systems.
16:41:23 [manu]
joerg: For example, XML has been used for a while, but we reused it in GSMA for some technologies.
16:41:52 [manu]
dezell: The way the thing blooms, if you've done your REST Web Service correctly, there is a lot of power there... these technologies can be self-defining.
16:42:16 [manu]
dezell: I personally happen to be a fan of REST - it accepts in either JSON or XML, we can content negotiate.
16:43:07 [manu]
dezell: There are three bullets in here that are important - "identify missing pieces, missing gaps, identify role of regulations"
16:43:36 [manu]
erik: Development of technical standards is not in scope for the group.
16:44:00 [manu]
erik: We have to consider security/privacy/implications.
16:44:20 [manu]
erik: Success criteria - we need participation.
16:44:26 [manu]
erik: We're here for you.
16:44:37 [manu]
erik: members of the IG will drive work of work items.
16:44:54 [manu]
erik: We need constructive feedback on w3C deliverables.
16:45:18 [manu]
erik: This is a new process for most of us, we need to ensure interoperability, work with other organizations.
16:45:29 [manu]
erik: We need to iron out what we think of the road map, meet regularly.
16:45:48 [manu]
erik: Primary deliverable is use cases, requirments, identification of technical specs, gaps.
16:46:13 [manu]
erik: We'd ideally specify use cases and requirements and take it to other groups that exist out there.
16:46:44 [manu]
erik: We will identify where W3C will need new groups. We want to focus on Web Wallet - that's the good one on there.
16:46:51 [manu]
erik: So, work items
16:47:10 [manu]
erik: First item is the roadmap - what is the roadmap going to be - identify, identify, identify.
16:48:03 [manu]
erik: This is all about interoperability between old and new systems. Enable a level playing field, hard to stress how important that is - no vendor lock in. W3C patent policy is great.
16:48:31 [manu]
erik: We want to reduce burden on vendors and payees to support multiple payment providers. Let them pay w/ what they want. Increase user protection.
16:48:49 [manu]
erik: increase fraud protection, provide more transparency/choice
16:49:23 [manu]
erik: What fees are provided. Identify other services that are relevant, invoices, digital receipts.
16:49:42 [manu]
erik: next work item - web payments terminology - make sure we're speaking the same language.
16:49:59 [manu]
erik: make sure we're talking about the same thing. Everyone speaking english, nobody understanding each other.
16:50:52 [manu]
dezell: The transparency aspect - it's a big part of the work, alphabet soup for standards - transparency is not the point of the ISO specs. W3C transparency has a lot to do w/ accessibility.
16:51:43 [manu]
dezell: One of the core values of W3C is accessibility. It's hard to get accessibility if you don't have a fundamental view that TV Raman (from Google, who is blind) should be able to pay for something when he wants to.
16:51:47 [manu]
dezell: UX is important.
16:52:13 [manu]
erik: You want people to innovate, but you want it to be generally accessible.
16:52:37 [manu]
erik: wrt. terminology - adopt as much as possible.
16:52:49 [manu]
erik: next topic wallet and wallet API
16:53:19 [manu]
erik: we're going to be talking about this quite a bit over the next day or two.
16:53:38 [manu]
erik: transaction messaging - lots of ISO stuff out there, identify requirements/constraints for merchants.
16:53:56 [manu]
erik: requirements for payment service providers - messaging, most of this exists already.
16:54:06 [manu]
joerg: The word 'token' here might be confusing.
16:54:23 [manu]
joerg: We may want to avoid that word, or explain what that means.
16:55:35 [manu]
manu: I think we should stay away from the word "token" or "wallet" right now, could be a permathread.
16:55:53 [manu]
joerg: We can't stop the use of the word, but we can't monopolize its use.
16:55:57 [jeff]
jeff has joined #wpay
16:56:23 [manu]
erfekkes_: We need to specify terms and reference to other terms.
16:56:40 [manu]
dezell: We should discuss terminology.
16:56:51 [manu]
dezell: Maybe a Terminological Task Force
16:56:54 [manu]
laughing in the group
16:57:10 [manu]
dezell: but seriously, we need a common vocabulary.
16:57:57 [manu]
harold: A glossary might develop over time, to have a common set of terms.
16:58:36 [manu]
erik: we should take into account mobile payments / proximity payments.
16:59:07 [manu]
miguel: Here from intel - interested from Web Payments, we're in mobile space.
16:59:09 [steph]
s/harold/thomas/
16:59:20 [steph]
Present+Miguel
16:59:25 [steph]
Present+Daniel Austin
16:59:39 [manu]
daniel: Before I was Chief Architect of PayPal, now CEO of GRIN.
16:59:47 [manu]
daniel: Know quite a bit about payments.
17:00:00 [manu]
erik: Next up - identity, authentication, security
17:00:12 [manu]
erik: identify, identify, identify - hot space right now
17:00:27 [manu]
erik: ensure secure authentication, FIDO alliance, etc.
17:00:51 [manu]
erik: Review existing identification methods and whether they fit in w/ what we're doing here - privacy, security, transaction privacy/security.
17:01:31 [manu]
daniel: The purpose of FIDO is to generate docs/standardization around this stuff.
17:01:47 [manu]
erik: identify user protection, data privacy, put the regulations in the code (as a suggestion)
17:02:19 [manu]
erik: Access basic user and payment provider information in a way that's easy to synchronize between people. Wallet/SIM chip on telephone - how do you synchronize devices.
17:02:33 [manu]
erik: minimize risk - build on top of Web Crypto - don't re-invent the wheel.
17:03:00 [manu]
erik: U2F is coming out, various biometric devices - ekg / heartrate - lots of new technology that we can use.
17:03:27 [manu]
erik: explore mechanisms for trusted UI - make sure rogue app in browser isn't authorized to make transactions on your behalf.
17:04:35 [manu]
billGebert: From an education/governmental side, commercial hiring practices, identity is very, very important to us. Our experience at ETS in providing assessments to 200+ countries, and accepting payments, having the right person show up if they're hired/tested. Proficiency is important, that's where we're focused.
17:04:51 [manu]
billGebert: That's what we want to see succeed in this group.
17:05:03 [manu]
erik: The person taking the GRE, was that really that person taking the GRE.
17:05:37 [manu]
billGebert: yes workforce, how much money is being wasted because of fraud that occurs. If the wrong person shows up to take the job, or shows up to a university - the cost there is well in the hundreds of millions.
17:05:45 [Alan]
Alan has joined #wpay
17:06:00 [manu]
erik: A lot of the problems we're working on here are important to both education and financial technology.
17:06:11 [manu]
erik: There are many relevant groups working on this stuff.
17:06:35 [manu]
erik: Too early to talk about a timeline for this work. We need short term deliverable focus on this. We don't want open ended tasks.
17:06:59 [manu]
Erik: Dependencies and liasons - there is a lot more out there that's important.
17:07:11 [manu]
erik: participation is important - open to W3C members and invited experts.
17:07:21 [manu]
erik: Let's bring those IEs in
17:07:41 [manu]
erik: Communication happens over IRC, mailing list, phone calls. Every now and then, face to face meeting.
17:08:10 [manu]
erik: Patent disclosures - disclose patents. We have a chance of success at this because of W3C patent policy.
17:08:30 [manu]
mountie: The charter is trying to cover everything.
17:08:42 [manu]
erik: There is a lot, we'll have to find things to stay focused on.
17:08:52 [manu]
erik: Move what exists into a Web Payment scope.
17:09:22 [manu]
erik: There will be new challenges, but most of the stuff exists today.
17:09:35 [manu]
dezell: We can discuss all this stuff, but we are not the ones that do the technical work.
17:09:46 [jeff]
jeff has joined #wpay
17:10:09 [manu]
dezell: We may create use cases, requirements to feed into other work. For example, security - summarize what the requirements are - send them over to WebCrypto group.
17:10:16 [manu]
dezell: We don't want to lose our way down the security rabbit hole.
17:10:27 [manu]
s/harold/thomas/
17:11:19 [manu]
mountie: one more comment - wrt. other W3C working groups - this is a convergence of other W3C group work... the group is similar to Web and TV, Web and Automotive... we have to take a different type of approach wrt. what needs to be standardized.
17:11:39 [manu]
mountie: Web Payments IG is very different from regular W3C groups - it's more high-level.
17:12:10 [manu]
dezell: That's true - web and tv are parallel... this group is unique at W3C...
17:12:42 [manu]
erik: There are a lot of different verticals that are going to be interested in this, we need to get involved in those other groups... how does that fit back into Web Payments.
17:12:52 [manu]
erik: Get involved in other groups that interest you.
17:13:12 [manu]
bernard: it's part of the IG to tell which groups should coordinate with whom.
17:13:17 [virginie]
virginie has joined #wpay
17:13:20 [manu]
bernard: This is what we're working on - welcome.
17:13:28 [manu]
dezell: important to show progress in the right areas.
17:13:43 [manu]
dezell: I hope everyone is thinking about what they want to see come out of the meeting.
17:13:56 [manu]
dezell: This isn't a spectator sport.
17:14:28 [manu]
Pat: Is the payment work looking at the non-human actors in payments - 3D printing, manufacturing, authentication of embedded web agents to facilitate payments.
17:14:44 [manu]
Pat: It's implied up here, is that another set of use cases?
17:15:27 [manu]
dezell: That brings up another deep rathole - once you start selling things, and complying w/ regulations - merchant has responsibility - are you automating the sale of illegal goods? or legal goods in illegal ways?
17:16:10 [manu]
dezell: For example, people of certain ages won't be able to use certain crypto currencies.
17:16:57 [manu]
joerg: Requirements for some work - depends on where you are, your perspective. I hope that we can say: This is how W3C work complies w/ the charter. Close the loop. Ok to talk about wide scope, but we need to boil it down so we can deliver on what we're going to deliver.
17:17:35 [manu]
dezell: We need to bring people working on this here - we are good at removing walls.
17:18:13 [manu]
dezell: Tim Berners-Lee said: secret to standards is to get people that don't get along into the same room in a strange place... they start working toward common goal.
17:18:42 [manu]
dezell: There is a human factor to this - Bloomberg just joined X9, etc... we can create stuff at W3C and send those to X9 and ISO.
17:18:51 [manu]
stephane: We have a session where we talk about outreach.
17:19:18 [manu]
stephane: think about this... who should be here and isn't... we'll talk about that tomorrow.
17:22:40 [steph]
bill smith from paypal has left the room
17:22:57 [Karen]
Karen has joined #wpay
17:42:38 [Karen]
Karen has joined #wpay
17:53:03 [virginie]
virginie has joined #wpay
18:00:59 [mountie]
mountie has joined #wpay
18:04:06 [dsr]
scribenick: dsr
18:05:45 [dsr]
Topic: Related Working Groups: Web Crypto
18:06:22 [dsr]
Virginie presents the web crypto WG (link to slides to follow)
18:07:16 [dsr]
In last 2 years, we have collected use cases. We have an API which is now quite mature and about to exit Last Call.
18:08:22 [dsr]
We're starting to think about next steps and the potential overlap with web payments, e.g. improved authentication using multi-factor techiques.
18:09:04 [dsr]
We had a workshop recently, see http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/
18:10:06 [dsr]
We have started to look at the potential role of trusted UI. as well as secure elements, etc. The new charter will begin next year.
18:11:50 [dsr]
Just keep in mind that there are groups that could help the Web Payments IG, e.g. Web Security IG, Web Crypto WG, WebAppSec WG. The latter is kicking off work on a credential API.
18:12:06 [dsr]
Questions?
18:12:19 [dsr]
Manu: when is rechartering happening?
18:12:37 [dsr]
Virginie: January 2015
18:12:53 [mcdermittd]
mcdermittd has joined #wpay
18:13:14 [dsr]
To effect the WebCrypto Charter we need input by then
18:13:36 [dsr]
Manu asks about the credential API.
18:14:13 [dsr]
Virginie: we felt it would be a good fit for the WebAppSec WG which is rechartering at the same time as WebCrypto.
18:14:36 [erfekkes]
erfekkes has joined #wpay
18:14:53 [padler]
padler has joined #wpay
18:17:18 [dsr]
Some discussion about W3C domains. Dave Raggett notes that these are part if the way W3C staff are organized, and it is more important to focus on coordination by group members across groups.
18:19:22 [dsr]
Need to establish good communications across groups. Stephane adds that the Web payment IG charter lists groups or relevance. Having people who are participating in both the Web Payments IG and other groups is a particularly effective way to coordinate.
18:19:26 [virginie]
FYI : credential management google proposal here http://mikewest.github.io/credentialmanagement/spec/
18:20:07 [dsr]
Manu: Google is leading work on credential API with support from Mozilla, which is very positive on behalf of browser vendors.
18:20:42 [dsr]
Dan: let's not tie what we're doing to specific browsers
18:21:13 [dsr]
Interoperability is the key.
18:21:49 [dsr]
What kind of credentials?
18:22:11 [dsr]
Manu: primarily relating to authentication to web sites.
18:22:37 [virginie]
FYI : discussions related to next steps of web crypto is happening on the Web Security IG http://lists.w3.org/Archives/Public/public-web-security/
18:23:08 [dsr]
David: it is good for us to be engaged and we can discuss this further tomorrow in relation to plans for outreach.
18:23:23 [dsr]
Manu: a good way is to volunteer to perform spec reviews.
18:24:37 [dsr]
Virginie: the Web Security IG are more interested in reviewing specifcations and may not be effective at reviewing use cases.
18:26:23 [dsr]
Virginie: first spec from WebCrypto WG is mainly focused on widely deployed crypto algorithms.
18:27:14 [dsr]
Coordination between W3C and IETF on crypto e.g. in relation to HTTP.
18:28:06 [dsr]
Is multi-signature support on their radar? This is important for web payments.
18:28:34 [virginie]
FYI : algorithms considered in the web crypto are listed here : https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#algorithm-recommendations
18:28:52 [dsr]
David: one challenge is whether we trust the devices the apps run on?
18:29:07 [dsr]
Answer: you can't trust the devices in general.
18:30:10 [karen_od]
karen_od has joined #wpay
18:30:29 [dsr]
Dan: you don't want to confuse encryption with security.
18:31:05 [dsr]
Joerg: is the security good enough for protecting the brand behind the solutions.
18:32:06 [dsr]
David: there are a lot of warning flags, so we need to be vigilant.
18:33:04 [dsr]
Topic: Related Groups: Web Payments CG (Manu Sporny)
18:33:14 [dsr]
see https://web-payments.org/slides/2014/tpac-wpig-wpcg/
18:33:38 [steph]
Present+Claudia Swanseid
18:34:55 [dsr]
David invites a couple of people who just stepped in to introduce themselves.
18:35:22 [jeff]
jeff has joined #wpay
18:35:37 [steph]
Present+Matt Howarter
18:35:48 [steph]
Matt: from walmart
18:36:38 [gludi]
gludi has joined #wpay
18:36:51 [dsr]
Manu starts with his introduction to the web payments community group and invites questions
18:37:05 [steph]
uri slides:https://web-payments.org/slides/2014/tpac-wpig-wpcg/
18:37:31 [jeff_]
jeff_ has joined #wpay
18:37:46 [dezell]
s/Swanseid/Swandseid/g
18:37:49 [dsr]
He explains that community groups are unofficial and exist to incubate work. The web payment CG has 184 registered members.
18:38:43 [gludi|4]
gludi|4 has joined #wpay
18:39:03 [gludi|4]
gludi|4 has left #wpay
18:39:10 [dsr]
We're an incubator for ideas we think may have potential and expect to pass ideas to the Interest Group for review. The CG is open to anyone, and our work is open, inclusive and transparent.
18:40:48 [dsr]
The CG is collaborating with a range of other groups. These included technical groups as well as policy, regulatory and legal groups.
18:41:04 [dsr]
s/included/include/
18:41:57 [gludi|46]
gludi|46 has joined #wpay
18:42:28 [dsr]
Manu mentions the Open Payments Foundation which focuses on open source implementations
18:44:40 [Zakim]
Zakim has left #wpay
18:44:44 [dsr]
He recounts the timelime that has led to the Web Payments IG. Want to encourage good coordination between the CG and IG.
18:45:28 [dsr]
Lists the web platform's current failures: problems for credentials, payment initiation and digital receipts.
18:45:57 [dsr]
s/problems/no standards/
18:47:20 [dsr]
Web Payments CG considers the following to be important: civic - strong identity is central to ownership, democracy, privacy and prosperity
18:48:11 [dsr]
The fact that 2.5 billion adults lack access to financial infrastructure.
18:49:17 [dsr]
The opportunity for the Internet to provide a more agile and vibrant global economy. Why does money transfer take much much longer than sending an email?
18:50:26 [dsr]
Role of phones and increasing penetration of smart phones across the globe.
18:50:39 [ErikAnderson]
ErikAnderson has joined #wpay
18:51:09 [dsr]
Some discussion around MPESA for mobile payments.
18:52:12 [dsr]
David: the time for completing payments is related to maintaining control and business models for payment infrastructure.
18:52:42 [dsr]
Competition will drive innovation, e.g. for faster payments.
18:53:42 [dsr]
Daniel Austin: if we can make it profitable for companies to complete payments quickly, that is what will happen.
18:55:13 [dsr]
Experience with Rabobank in the Netherlands. We are trying to encourage card payments over cash payments and looking at the incentives to make that happen.
18:55:48 [dsr]
Moving money internationally involves many parties, and interoperability will stream line this.
18:58:08 [dsr]
Manu introduces the Web Payments CG use cases. We took these from the Paris workshop. They include push payments,subscriptions, digital receipts, pseudo anonymity, wallet portability, account portability, etc.
18:58:53 [dsr]
The design criteria include supporting existing payment instruments, emerging instruments, digital/physical receipts, smart contracts, etc.
19:01:26 [dsr]
David: the IG should review the CG use cases document.
19:01:52 [dsr]
Dan: this shouldn't be considered to be exhaustive
19:02:23 [dsr]
... but is awesome work and will definitely be helpful
19:02:55 [dsr]
Stephane: is this a static finished document, or a living document?
19:03:07 [dsr]
Manu: it is continuing to evolve
19:04:09 [dsr]
We don't have any input into the use cases document from external groups as yet
19:04:26 [steph]
q+
19:04:36 [dezell]
zakim, who is on the queue?
19:04:42 [dsr]
(cites a list of organizations we would like to hear from)
19:04:53 [Zakim]
Zakim has joined #wpay
19:04:57 [steph]
q+
19:05:45 [dsr]
Dan: it would be interesting to pick all the use cases with validity and pick some for detailed examination
19:06:13 [dezell]
ack steph
19:07:04 [dsr]
Stephane: as well as selecting use cases, we need to prioritize them, and to ensure that they have sufficient coverage of the challenges we want to address
19:08:33 [dsr]
We have a technology stack (see diagram).
19:10:27 [dsr]
The Web Payment CG considers itself to be in a supporting role to the IG and will continue to experiment with pre-standardization payment technology. Likewise to continue outreach and collection of review input for the IG
19:11:39 [dsr]
Dan: we need to have a clear position when it comes to crypto currencies that we can communicate easily.
19:13:31 [dsr]
Disruptive technologies occur regularly. Things are going to shift in response. We need to keep an open mind and build standards that aren't too attached to current regulation and payment solutions.
19:15:04 [dsr]
Manu: the CG is very happy to take on things that would be impractical for the IG to address without being disrupted.
19:16:06 [dsr]
Some discussion on ensuring the messaging of the relationship between the IG and CG is really clear. We need to avoid mixed messages.
19:16:22 [dsr]
Dan: the W3C logo on the CG is confusing.
19:17:16 [dsr]
s/logo/name/
19:17:41 [dsr]
Stephane: we are aware of this and want to help
19:18:39 [dsr]
Joerg: is there a picture that makes the differences between the various kinds of groups clear
19:18:47 [dsr]
s/clear/clear?/
19:19:04 [dsr]
Stephane: not as far as I am aware, but it is a good idea
19:19:45 [dsr]
Dan Burnett: this is work for the W3C to make the distinction clearer
19:20:09 [dsr]
Manu: there are links on futher background from the slides
19:20:33 [dsr]
The slides are at https://web-payments.org/slides/2014/tpac-wpig-wpcg/
19:21:51 [dsr]
Joerg: I have the feeling that we are touching identity now. We are missing entitlements as an instrument that avoids the need for tracing all transactions back to the payee.
19:22:24 [dsr]
Topic: Related groups: Credentials CG (Manu Sporny)
19:22:35 [dsr]
Slides: http://opencreds.org/presentations/2014/tpac-wpig-ccg/
19:23:35 [dsr]
This spun out of the web payments CG. People felt that work on credentials should be split off to avoid it being tied to closely to payments.
19:24:33 [dsr]
Manu presents the credential CG's definition of the term "credential".
19:25:56 [dsr]
One of the groups participating in the CG is the Badge Alliance, a spin off from Mozilla.
19:26:09 [dsr]
Manu plays a video
19:27:45 [dsr]
The video mentions credentials relating to educational achievements.
19:29:29 [dsr]
Manu: mostly relating to K through 12 age groupds
19:29:48 [dsr]
s/groupds/groups/
19:31:10 [dsr]
The problem this is addressing is to be able to prove to employers that job applicants have the qualifications they claim to have.
19:32:09 [dsr]
This very much ties to identity. When you take an exam you need to prove your identity.
19:33:22 [dsr]
This requires high stakes credentials. We've been working on addressing this using JSON-LD and digital signatures.
19:35:04 [dsr]
We want to avoid the need for use name and passwords, date of birth and so forth which are subject to fraud.
19:35:43 [dsr]
High stake credentials may be formed from credentials that may or may not be high stakes.
19:36:52 [dsr]
You shouldn't need to distinguish whether these contributory credentials are high stakes.
19:37:45 [dsr]
Dan: these credentials may not be the same as needed for payments, right?
19:38:09 [dsr]
... We need to keep these separate.
19:38:56 [dsr]
rrsagent, make minutes
19:38:56 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html dsr
19:40:06 [dsr]
Joerg: credible signatures generally speaking involve a cost and a globally recognized signature is likely to cost more.
19:40:55 [dsr]
Mountie describes the situation in Korea
19:42:10 [dsr]
Manu: this is not a centralized solution. We need to look at what do we need to get people on board, and separately to address the technical issues.
19:43:14 [dsr]
Privacy and tracking are important issues to address.
19:44:51 [dsr]
Some discussion about the relationship to payments, and the role of standards for credentials.
19:46:10 [dsr]
... and the relationship to business models.
19:47:15 [dsr]
Multiple credentials can help to reduce risk.
19:48:54 [dsr]
Open standards would be valuable.
19:49:27 [dsr]
Discussion around tokens and EMV.
19:50:39 [dsr]
David: this group (web payment IG) will need to be proactive and surf on current efforts.
19:51:37 [dsr]
Manu asks for 15 minutes to wrap up after we resume from lunch.
19:51:46 [dsr]
rrsagent, make minutes
19:51:46 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/10/27-wpay-minutes.html dsr
20:15:54 [bgidon]
bgidon has joined #wpay
20:19:19 [Alan]
Alan has joined #wpay
21:09:22 [steph]
steph has joined #wpay
21:11:26 [gludi|46]
gludi|46 has joined #wpay
21:13:01 [steph]
http://opencreds.org/presentations/2014/tpac-wpig-ccg/
21:14:54 [Zakim]
Zakim has left #wpay
21:16:34 [padler]
padler has joined #wpay
21:17:05 [evert]
evert has joined #wpay
21:17:17 [evert]
evert: tests the connection
21:17:31 [glenwiley]
glenwiley has joined #wpay
21:17:43 [mountie]
mountie has joined #wpay
21:18:11 [evert]
manu: continues presentation of Credentials CG, starting from Badge Alliance
21:18:28 [evert]
Menu: Accreditrust
21:18:52 [evert]
Manu: Educational Testing Service by Bill
21:19:28 [evert]
Bill: challenge for education space is the credentials from education must be built on low-level credentials for web identity (secure)
21:20:13 [ErikAnderson]
ErikAnderson has joined #wpay
21:20:30 [evert]
Bill: Need to sign credentials. Customer decides which credentials are high stakes. Hiring practices, assessments. Individuals take assessments (such as English) are worldwide
21:21:20 [evert]
Bill: challenge that ensure that individual who pays for the assessment is the same individual who takes the assessment *giving access to some of the great universities)
21:22:00 [evert]
Bill: Large business in " selling access to universities" based on the credentials being issued
21:22:58 [evert]
Bill: how can these credentials be issued, transportable and secure? Cradle to cradle, starting already in primary school and life-long
21:23:30 [evert]
Bill: what happens somebody passes away, how will the credentials will be deactivated?
21:24:28 [evert]
Bill: Governmental agents such as immigration need this in their process
21:24:38 [dsr]
dsr has joined #wpay
21:25:30 [evert]
Manu: ETS is Educatonial Testing Service
21:25:52 [evert]
Bill: Also machine to machine connections for processing automated testing of assessments
21:26:17 [evert]
Bill: 100s of millions of transactions processed by ETS worldwide
21:26:49 [evert]
Manu: Strong beleif in Credential CG that this technology can also be used for Payments. Express and Verify a credential on-line
21:27:24 [evert]
Manu: Credentials CG is a same type of organization as the Payments CG, spin off and giving input to the WPIG
21:28:19 [evert]
Manu: collaboration happening with government organization US, Educations, IGF. Not with Swift, EMV etc right now.
21:28:59 [evert]
Daniel: missing a number organizations such as Swift and EMVco
21:29:27 [evert]
Matt: is there an idea about what the ideal state would be like?
21:29:35 [evert]
Manu: no, that;s not yet defined
21:29:55 [evert]
Manu: very focused on just storage and transmission of credentials over the web
21:30:26 [evert]
Manu: need to transmit proof of age or identity document. Care about data probability, Support legacy systems.
21:30:56 [evert]
Manu: Use cases will be very specific: verifiable claims, storage, transmission, etc
21:31:29 [evert]
Manu: technology stack is currently "a mess", too complicated still.
21:31:45 [evert]
Manu: a lot of this stack is similar to that og the Payments CG
21:32:17 [evert]
Manu The Credentials CG hopes to play a similar role for the WPIG as the Payments CG does
21:32:42 [evert]
Manu: slides are on http://opencreds.org/presentations/
21:34:17 [evert]
Mountie: credentials are not always required for every payment transaction
21:34:40 [evert]
Manu: we want to be able to process pseudo anonymous transactions
21:34:59 [evert]
Manu: credentials will be required for instance for opening a bank account over the web in the future
21:35:59 [evert]
Mountie: during Paris workshop, huge number of anonymous payments were discussed. Anonymous payment is very important in a number of cases
21:37:11 [evert]
Daniel: Not convinced that the credentials (and classes thereof) are the same for these cases. Privacy can be different: an address is not required when buying a candy bar. There will be N levels of credentials for different use cases
21:37:43 [evert]
Daniel: we need to think of of more refined way handling credentials
21:38:34 [evert]
David: we need to talk this further. As a point of order, we need to proceed to the next topic
21:38:43 [evert]
Dave Ragget presenting
21:39:18 [evert]
David: we are moving to the buying side of the conversation now
21:40:15 [evert]
Dave: SysApps, NFC and their relevance to wallets and payment solutions
21:40:29 [evert]
s/Ragget/Raggett
21:40:58 [evert]
Dave: Also trust and permissions are in scope here
21:41:34 [evert]
Dave: Wallets and payment solutions could be implemented as web applications (stress on could)
21:42:13 [evert]
Dave: standards allowing this required. Locally installed on a device, remotely hosted in the cloud or a hybrid of these
21:42:29 [evert]
Dave: user registers wallet with browser,
21:42:40 [gludi]
gludi has joined #wpay
21:42:41 [evert]
Dave: user registers payment solution with wallet
21:42:48 [gludi]
gludi has left #wpay
21:43:07 [evert]
Dave: synchronization across devices is for the implementors to address
21:43:29 [evert]
Dave: System Applications WG drafted 2 years ago
21:43:30 [burn]
burn has joined #wpay
21:43:50 [evert]
Dave: two models: packaged apps installed from app store and hosted apps run from the web server
21:44:19 [evert]
Dave: Phase 1 focus on executions & security model plus small number of APIs (in progress)
21:44:58 [evert]
Dave: proposals for App Manifest (JSON), App lifecylcle and App URI (Last Call WD)
21:45:15 [jeff]
jeff has joined #wpay
21:45:42 [evert]
Dave: App lifecycle has an eventing model based upon Service Worker now
21:46:01 [evert]
Dave: Challenges for dealing with trust & permissions in an interoperable way
21:46:57 [evert]
Dave: Lifecycle can have several states (micro lifecycle events)
21:47:21 [evert]
Dave: the Service Worker can be launched from several events, including system events
21:48:30 [evert]
Dave: other phase 1 work items: Task scheduler, Contacts, Messaging, Telephony and TCP & UDP sockets
21:49:16 [evert]
David: This is really what is talked about. JS engine running in the browser to launch events, not requiring to be a guru to use these.
21:49:43 [evert]
David: think about EMV offline transactions serviced by a Service Worker
21:50:52 [evert]
Dave: scripting in HTML processed by Web Workers (not in the thread)
21:51:48 [evert]
Dave: Sysapps phase 2: Bluetooth API, Browser API, Calendar API, Deveice Capa API, Idle API, Media Storage API, Network IF API, Secure Elements API, System Settings API
21:52:55 [evert]
David: If you have a development group developing an API it is good to look what APIs are developed here. Giving much better alignment going forward
21:53:34 [evert]
Dave: Secure Elements API intended to enable web apps to invoke code hosted by tamper resistant modules
21:54:07 [evert]
Dave: Draft spec by Gemalto http://opoto.github.io/secure-element/
21:54:30 [evert]
Dave: use cases Authentication, digital signature, payment, credential provisioning
21:55:14 [evert]
Joerg: Processing in laptops differs quite a bit from UICC processing. Is that included? (not clear now)
21:55:29 [evert]
Joerg: the API should be generic enough
21:55:52 [evert]
Dave: Via NFC to secure element on another device.
21:56:02 [evert]
Dave: the slides are linked on the meeting agenda
21:56:24 [gludi|4]
gludi|4 has joined #wpay
21:56:32 [evert]
https://www.w3.org/Payments/IG/wiki/images/b/b4/27-dsr-payments.pdf
21:56:34 [gludi|4]
gludi|4 has left #wpay
21:57:35 [evert]
Dave: discusses diagram in slides, user device running web application runtime with secure element. API is abstraction layer over the APDU exchange.
21:58:09 [evert]
Dave: slide number is 9/22
21:58:50 [evert]
Joerg: usually you should have only one agent addressing the SE. Lot of discussion here
21:59:18 [evert]
Dave: Application in JS communicating with the Secure Element
22:00:04 [evert]
Joerg: you need some rulings on how to access the SE, such as known secrets. More complex when application also plays a role, depending on the status of the applet.
22:00:20 [evert]
Joerg: is the hash correct to access the SIM card? (e.g.)
22:00:45 [evert]
Dave: Bluetooth API - lots of innovations such as Paypal and Apple beacons
22:01:09 [evert]
Daniel: security linked strong to Bluetooth Low Energy
22:01:41 [evert]
Dave: Bluetooth Community Group http://www.w3.org/community/web-bluetooth/
22:02:36 [evert]
Dave: using BLE to broadcast URIs to nearby phones. Google promoting "Physical Web"
22:02:53 [evert]
Daniel: a Discovery mechanism of some sort will be needed
22:03:08 [evert]
Dave: Discovery will prove to be quite challenging
22:03:08 [gludi|46]
gludi|46 has joined #wpay
22:03:22 [evert]
Dave: strong relevance for payments.
22:03:45 [evert]
Dave: NFC working group: tap based interaction (very short range)
22:04:12 [evert]
Dave: growth now to really take off? Significant announcement of Apple
22:04:50 [evert]
Dave: Google android, Windows Phone API, Firefox OS, Tizen - all different APIs
22:05:37 [evert]
Dave: Basic functionality: NDEF small formatted messages such as strings, URLs. Sending and receiving NDEF messages between peers
22:05:56 [evert]
Dave: Handover mechanisms for bluetooth and wifi pairing
22:06:16 [evert]
Dave: card emulation is NOT yet supported, could be in a future specification
22:06:29 [evert]
Dave: see secure element API for APDU access
22:06:41 [evert]
Dave: Possible use cases (see slide 12/22)
22:07:25 [gludi|47]
gludi|47 has joined #wpay
22:07:50 [evert]
Dave: for NFC to have a common standard we have to develop the use case. Will the Payment area drive this?
22:08:19 [evert]
Dave: code example slide 14/22 (Promise design pattern)
22:08:46 [evert]
Dave: NFC is common in hardware now,how to move from proprietary to open API standards?
22:09:40 [evert]
Manu: general NFC use cases, FIDO alliance 2 factor authentication device - could not figure out how to piece the parts together
22:10:22 [evert]
Manu: what specs required, where to look? What does a " useful package" consist of?
22:10:36 [evert]
Manu: what needs to be completed at W3C to enable this to happen?
22:10:57 [evert]
Dave: Hardware tokens is restarted in the Web Crypto group
22:11:52 [evert]
David: we need to figure out how to make things secure, interface the Secure Element
22:12:35 [dan]
dan has joined #wpay
22:13:20 [evert]
Mountie: comment, Web Crypto WG is different for key ownership philosophy. Is the user having ownership? Contradictions exist today
22:13:38 [evert]
Dave: some stories around provisioning
22:14:05 [ErikAnderson]
ErikAnderson has joined #wpay
22:14:23 [evert]
Joerg: when an SE is shipped, you need to keep track of it. The manufacturer does not have the customer relation.
22:14:44 [evert]
Joerg: end user may have to have the power, but someone has to manage this in the back end
22:15:41 [evert]
David: Thinks that this IG has a clear role to decide how to manage loading keys. Strategies need to be put in place.
22:16:14 [evert]
Joerg: what is needed to make a wallet workable? Providing e.g. Mastercard and Visa functionality needs backend support
22:16:41 [evert]
Dave: this is good stuff for further discussions on the use cases
22:16:51 [evert]
Dave: Trust and permissions
22:17:26 [evert]
Dave: Apps need to be trusted before they can be given access to use certain capabilities such as payments and raw socket access
22:17:30 [jyr]
jyr has joined #wpay
22:17:59 [evert]
Dave: common approaches include asking user consent when app is installed (android) or first used (iOS)
22:18:16 [evert]
Dave: Browse may silently grant permission to platform apps
22:18:47 [evert]
Dave: native platforms handle this in a proprietory wa (iOS, Android, Windows Phone)
22:19:04 [evert]
Dave: Hybrid platforms - Apcha Cordova/Phonegap
22:19:17 [evert]
Dave: Open Web Platform HTML5
22:19:45 [evert]
Web OS platforms extending the Open Web Platform proprietary: Mozilla Firefox, Tizen etc
22:20:26 [evert]
Daneil Burnett: depending on connection being secure or not, some trust aspects can be stored
22:20:38 [evert]
s/Daneil/Daniel
22:22:03 [evert]
Dave: resource integrity, application accesses local libraries
22:22:58 [evert]
Dave: http://www.w3.org/2014/07/permissions/
22:23:23 [evert]
Dave: SysApps meeting sharing experiences on native platforms, web platforms and research studies
22:23:37 [evert]
Dave: Discussed ieas for extending the Open Web Platform
22:23:47 [evert]
s/ieas/ideas
22:24:22 [evert]
Dave: Need shared standards for Open Web Platform, building on precedents with exiting APIs
22:24:55 [evert]
Dave: Browser vendors looking for heuristics monitoring how apps work, detecting misbehaving apps
22:25:19 [evert]
Dave: increasing role for endorsements by trusted 3rd parties as a way for users to delegate trust decisions
22:26:04 [evert]
Dave: avoid to ask the user upfront a long list of approving all kind of things
22:26:31 [evert]
Dave: general agreement on launching a Community Group on Trust and Permisisons
22:26:42 [evert]
Dave: Questions?
22:27:18 [evert]
Manu: trust level to be obtained,?
22:27:52 [evert]
Dave: Granularity depends. When asking the user, a small set of questions must be asked. When delegated, it can be more fine grained
22:28:14 [evert]
Dave: prevent lots of annoying questions to the users, there is lots of interest for the delegation model
22:28:55 [evert]
Daniel: Web RTC model - browser must confirm that the user has given permission - but does not say how. May be a license agreement in some cases.
22:29:17 [evert]
Daniel: different browser vendors have implemented this in different ways
22:30:17 [evert]
David: Web browser is itself also just an application. When controlling other applications there can be issues.
22:30:57 [evert]
Dave: Suspicious behavior of apps may be determined also by others, such as a responsible adult monitoring.
22:31:31 [evert]
Dave: important where the trusted software is running
22:32:04 [evert]
Daniel: the generic term for the browser is the " user agent". What we need to trust is not the browser, but the specific JavaScript
22:32:25 [evert]
Daniel:this JavaScript can be monitored on its behaviour
22:34:37 [evert]
Erik: having deployed enterprise solutions, learned that sometimes a rogue install of a script by the user can interfere with otherwise secure distribution of signed JS
22:36:25 [evert]
David: break until 16.00
22:46:44 [mountie]
mountie has joined #wpay
22:59:59 [mountie]
mountie has joined #wpay
23:00:12 [dsr]
dsr has joined #wpay
23:02:33 [bgidon]
bgidon has joined #wpay
23:02:54 [m4nu]
m4nu has joined #wpay
23:03:10 [m4nu]
scribenick: m4nu
23:03:44 [m4nu]
Topic: ISO 20022
23:03:58 [m4nu]
erik: This is a basic introduction to ISO20022, it's a big data dictionary, highlight some particular items of interest.
23:04:08 [m4nu]
erik: This is a recipe for making financial industry standards.
23:04:35 [m4nu]
erik: FIs exchange massive amounts of information - sender/receiver need to agree on structured format... syntax and semantics.
23:04:48 [m4nu]
page 14 of ISO20022 for dummies
23:04:58 [m4nu]
erik: There isn't one standard out there, there are many.
23:05:03 [Karen]
Karen has joined #wpay
23:05:21 [m4nu]
erik: You can map XML to SWIFT like so - syntax is the format - the way the message is structured.
23:05:30 [virginie]
virginie has joined #wpay
23:05:38 [m4nu]
erik: so think of text-based, vs. XML-based, vs. JSON-based format
23:06:00 [m4nu]
erik: Widely used existing standards in FI space... lots from ISO / SWIFT / etc.
23:06:23 [m4nu]
erik: For example, if you want to exchange an address - it must contain these components
23:06:38 [evert]
evert has joined #wpay
23:07:01 [m4nu]
erik: ISO20022 is a consistent message standard across business/industry. Business components and elements - started high, went low. Messages are aligned for business processes.
23:07:25 [m4nu]
erik: page 23 - syntax - ISO20022 is focused on separate layers - two different layers... third layer is physical syntax.
23:07:39 [m4nu]
erik: focus is on reusability
23:07:53 [m4nu]
erik: FI identification - that data structure looks identical
23:08:14 [m4nu]
erik: What makes ISO so great? logical messages can be mapped to business definitions. Technical definitions map to businesses.
23:08:35 [m4nu]
erik: Linking messages back to business processes, money transfer, security exchange, etc.