See also: IRC log
<steph> starting
<steph> Steph: welcome
<steph> david: intro
<steph> Participants: stephaneB, David Ezell, Erik Anderson, Glen wiley, Virginie Galindo, Evert Fekkes, Joerg Heuer, Dave Raggett, Jean-Yves Rossi, Pat Adler, Dave McDermitt
<steph> screbenick: steph
<steph> scribenick: steph
David: describing the vision
Topc: admnistrivia
David: 3 mailing-lists:
public-webpayments-ig: public for the group
... 3 mailing-lists: public-webpayments-comments: public for
all, everyone can comment
... member-webpayments-ig: adminstrivia list member only
... we use IRC on #wpay
you can use http://irc.w3.org or a native client
david: chairs are just here to
drive the discussions, but the content is up ot the group
members
... going over the agenda
... sysaps and nfc.
sysapps very important about how to access device capabilities
Manu: general idea: we see how the first day goes, and then we change in case it needs?
Joerg: I have a demo for after 6 in case you are interested
David: let's see nw if we need to change
glen: from verisign, not used to W3C, but with ietf. interested in crypto currency+online identity
let's see overlap with ietf
pat: fed from chicago. working on payments+identity
interested in interaction with the Web, interoperability is key
dave: from the fed in atlanta.
worked with PCI
interested in the whole area
Virginie: from gemalto
following the web payments activity since the beginning
key for us
interested in the wallet
DanSyung: from verizon
Bernard: W3C staff in busdev
s/Syng/Sun/g
Mountie: working in korea and south-east asia providing payment
manu: representing few org.: chair of web payments cg, credential cg (identity )
working also for the open payment foundation
Manu: in W3C for quite long time, working on json-ld
excited by the diversity of pple in the room
Manu: hope we will also cover the unbanked and the underbanked
Jean-Yves: working for a consultancy i founded focus on business compliance
formerly with bank on hte regulatory side
Evert: from rabobank, first bank
at W3C
... actively developing wallet and nfc payment for the retail
sector
interested to see how national standard can fit with internation web standards
thoams: from WB, part fo the WB payment team
doing lots of support on banking sector in client countries
also interested in interoperability, access to payment
inclusion is essential for us
I'm new to W3C, first time joining W3C
working with Harish who was in march in paris
Joerg: deutsch telekom, new to W3C since march
involved with AAA authorization, Authentication,etc
interested in identity and also wallet
Dave: w3c staff
with the web since its creation
have been invomlved in launching this work
interested in value-added services around payments
payments for WoT too (paymetns for services
Dan: W3C since 99, working on vxml and related spec
representing aspect
working on web rtc
creator of voicexml
Angel: w3C staff in china
Francis: coming from china, created internet wallet.
we want ot bring our ideas to W3C
jeff: ceo of W3C
... embarassed that we haven't taken up on web payments, vrey
glad this group starting. extremly important to W3C mission
Erik: part of accreditrust specialized in web credentials, identity
useful for all sectors
Istvan: from GSMA interested in wallet and web payment
<bgidon> Istvan Lajtos from GSMA
interested to see what value we can bring to the group
Bill: from educational testing service
interested in credentials & identity
been with W3C at the early day
<bgidon> Dan Druta
brian: open payment foundation, developer first W3C meeting
API deszign for retailer
Bill: paypal/ebay
<bgidon> Telenor
Lars erik: opera
Karen: from ISOC, interested
Dieter: deutzch telekom
<manu> scribenick: manu
dezell: We're going to review the charter now, let's see how this charter can help us w/ our mission.
<jeff> Link to charter?
erik: Has everyone had a chance to review the charter yet?
<steph> http://www.w3.org/2014/04/payments/webpayments_charter.html
Some nods, some sheepish downward glances.
<steph> charter uri: http://www.w3.org/2014/04/payments/webpayments_charter.html
erik: We're trying to build a
platform that will be applicable to those on the Web. We want
to support past payment mechanisms (ACH, Credit Card,
etc.)
... We also want to support future payment mechanisms
(cryptocurrencies, etc.)
Daniel: What do you mean by
"legal" payment mechanisms?
... Was that meant to exclude any payment mechanism in
particular?
erik: What's legal in US, doesn't
mean it's legal elsewhere or vice versa.
... We aren't going to say what's legal not legal, we want the
system to support things that are legal somewhere
Joerg: We want to support gray areas.
thomas: What about fiat vs. non-fiat?
Harold: We need to understand what's legal/not legal...
dezell: We were just trying to say "we don't want to support illegal activity".
glen: It's a relevant point, what about Bitcoin? It's illegal in somewhere...
erik: Ecquador made it illegal, but only because they're releasing their own.
dezell: Because this charter has
been approved, it is what it is.
... This language is vague, we don't intend to not talk about
Bitcoin because Ecuador said it's illegal. In the same point,
we can't /just/ talk about Bitcoin.
jeff: The overall scope of the IG charter is broad, and probably doesn't need to be changed at this point. This gives plenty of room to work in it. We'll want to focus down, far much more in there than can be done in the first few months.
erik: It's hard to guess how long
this will take.
... New front-end payment initiation systems.
... Other value transfer systems - loyalty, payments, etc. p2p
payments.
... Web-mediated business-to-customer, business to business,
etc.
... We are here to identify barriers, such as 'card not
present'.
thomas: Is there a reason government-to-person payments isn't covered?
dezell: we say 'including', we don't exclude that.
erik: Identify ways to increase
stability, make payments work better across web.
... use privacy/protection
dezell: We want to work with Web Crypto WG, etc. wrt. security.
erik: This group does not have
solo understanding wrt. Web Crypto, we will work with Web
Crypto group.
... Identify role of regulations in payment process... regs
have big impact on this work. There's been a lot of talk about
putting regulations in the code itself.
... prioritization of the work - self explanatory.
... Review deliverables by other W3C groups that impact our
work here.
... Web Crypto, hardware tokens, etc.
... Liason w/ other organizations to get more
interoperability.
joerg: Would it be important to talk to companies that could or should use Web Payments? That plays into hand of bizdev in a way.
erik: i can see that web technologies could be different front-ends into backend systems.
joerg: For example, XML has been used for a while, but we reused it in GSMA for some technologies.
dezell: The way the thing blooms,
if you've done your REST Web Service correctly, there is a lot
of power there... these technologies can be
self-defining.
... I personally happen to be a fan of REST - it accepts in
either JSON or XML, we can content negotiate.
... There are three bullets in here that are important -
"identify missing pieces, missing gaps, identify role of
regulations"
erik: Development of technical
standards is not in scope for the group.
... We have to consider security/privacy/implications.
... Success criteria - we need participation.
... We're here for you.
... members of the IG will drive work of work items.
... We need constructive feedback on w3C deliverables.
... This is a new process for most of us, we need to ensure
interoperability, work with other organizations.
... We need to iron out what we think of the road map, meet
regularly.
... Primary deliverable is use cases, requirments,
identification of technical specs, gaps.
... We'd ideally specify use cases and requirements and take it
to other groups that exist out there.
... We will identify where W3C will need new groups. We want to
focus on Web Wallet - that's the good one on there.
... So, work items
... First item is the roadmap - what is the roadmap going to be
- identify, identify, identify.
... This is all about interoperability between old and new
systems. Enable a level playing field, hard to stress how
important that is - no vendor lock in. W3C patent policy is
great.
... We want to reduce burden on vendors and payees to support
multiple payment providers. Let them pay w/ what they want.
Increase user protection.
... increase fraud protection, provide more
transparency/choice
... What fees are provided. Identify other services that are
relevant, invoices, digital receipts.
... next work item - web payments terminology - make sure we're
speaking the same language.
... make sure we're talking about the same thing. Everyone
speaking english, nobody understanding each other.
dezell: The transparency aspect -
it's a big part of the work, alphabet soup for standards -
transparency is not the point of the ISO specs. W3C
transparency has a lot to do w/ accessibility.
... One of the core values of W3C is accessibility. It's hard
to get accessibility if you don't have a fundamental view that
TV Raman (from Google, who is blind) should be able to pay for
something when he wants to.
... UX is important.
erik: You want people to
innovate, but you want it to be generally accessible.
... wrt. terminology - adopt as much as possible.
... next topic wallet and wallet API
... we're going to be talking about this quite a bit over the
next day or two.
... transaction messaging - lots of ISO stuff out there,
identify requirements/constraints for merchants.
... requirements for payment service providers - messaging,
most of this exists already.
joerg: The word 'token' here
might be confusing.
... We may want to avoid that word, or explain what that
means.
manu: I think we should stay away from the word "token" or "wallet" right now, could be a permathread.
joerg: We can't stop the use of the word, but we can't monopolize its use.
erfekkes_: We need to specify terms and reference to other terms.
dezell: We should discuss
terminology.
... Maybe a Terminological Task Force
laughing in the group
dezell: but seriously, we need a common vocabulary.
thomas: A glossary might develop over time, to have a common set of terms.
erik: we should take into account mobile payments / proximity payments.
miguel: Here from intel - interested from Web Payments, we're in mobile space.
daniel: Before I was Chief
Architect of PayPal, now CEO of GRIN.
... Know quite a bit about payments.
erik: Next up - identity,
authentication, security
... identify, identify, identify - hot space right now
... ensure secure authentication, FIDO alliance, etc.
... Review existing identification methods and whether they fit
in w/ what we're doing here - privacy, security, transaction
privacy/security.
daniel: The purpose of FIDO is to generate docs/standardization around this stuff.
erik: identify user protection,
data privacy, put the regulations in the code (as a
suggestion)
... Access basic user and payment provider information in a way
that's easy to synchronize between people. Wallet/SIM chip on
telephone - how do you synchronize devices.
... minimize risk - build on top of Web Crypto - don't
re-invent the wheel.
... U2F is coming out, various biometric devices - ekg /
heartrate - lots of new technology that we can use.
... explore mechanisms for trusted UI - make sure rogue app in
browser isn't authorized to make transactions on your
behalf.
billGebert: From an
education/governmental side, commercial hiring practices,
identity is very, very important to us. Our experience at ETS
in providing assessments to 200+ countries, and accepting
payments, having the right person show up if they're
hired/tested. Proficiency is important, that's where we're
focused.
... That's what we want to see succeed in this group.
erik: The person taking the GRE, was that really that person taking the GRE.
billGebert: yes workforce, how much money is being wasted because of fraud that occurs. If the wrong person shows up to take the job, or shows up to a university - the cost there is well in the hundreds of millions.
erik: A lot of the problems we're
working on here are important to both education and financial
technology.
... There are many relevant groups working on this stuff.
... Too early to talk about a timeline for this work. We need
short term deliverable focus on this. We don't want open ended
tasks.
... Dependencies and liasons - there is a lot more out there
that's important.
... participation is important - open to W3C members and
invited experts.
... Let's bring those IEs in
... Communication happens over IRC, mailing list, phone calls.
Every now and then, face to face meeting.
... Patent disclosures - disclose patents. We have a chance of
success at this because of W3C patent policy.
mountie: The charter is trying to cover everything.
erik: There is a lot, we'll have
to find things to stay focused on.
... Move what exists into a Web Payment scope.
... There will be new challenges, but most of the stuff exists
today.
dezell: We can discuss all this
stuff, but we are not the ones that do the technical
work.
... We may create use cases, requirements to feed into other
work. For example, security - summarize what the requirements
are - send them over to WebCrypto group.
... We don't want to lose our way down the security rabbit
hole.
mountie: one more comment - wrt.
other W3C working groups - this is a convergence of other W3C
group work... the group is similar to Web and TV, Web and
Automotive... we have to take a different type of approach wrt.
what needs to be standardized.
... Web Payments IG is very different from regular W3C groups -
it's more high-level.
dezell: That's true - web and tv are parallel... this group is unique at W3C...
erik: There are a lot of
different verticals that are going to be interested in this, we
need to get involved in those other groups... how does that fit
back into Web Payments.
... Get involved in other groups that interest you.
bernard: it's part of the IG to
tell which groups should coordinate with whom.
... This is what we're working on - welcome.
dezell: important to show
progress in the right areas.
... I hope everyone is thinking about what they want to see
come out of the meeting.
... This isn't a spectator sport.
Pat: Is the payment work looking
at the non-human actors in payments - 3D printing,
manufacturing, authentication of embedded web agents to
facilitate payments.
... It's implied up here, is that another set of use cases?
dezell: That brings up another
deep rathole - once you start selling things, and complying w/
regulations - merchant has responsibility - are you automating
the sale of illegal goods? or legal goods in illegal
ways?
... For example, people of certain ages won't be able to use
certain crypto currencies.
joerg: Requirements for some work - depends on where you are, your perspective. I hope that we can say: This is how W3C work complies w/ the charter. Close the loop. Ok to talk about wide scope, but we need to boil it down so we can deliver on what we're going to deliver.
dezell: We need to bring people
working on this here - we are good at removing walls.
... Tim Berners-Lee said: secret to standards is to get people
that don't get along into the same room in a strange place...
they start working toward common goal.
... There is a human factor to this - Bloomberg just joined X9,
etc... we can create stuff at W3C and send those to X9 and
ISO.
stephane: We have a session where
we talk about outreach.
... think about this... who should be here and isn't... we'll
talk about that tomorrow.
<steph> bill smith from paypal has left the room
<dsr> scribenick: dsr
Virginie presents the web crypto WG (link to slides to follow)
In last 2 years, we have collected use cases. We have an API which is now quite mature and about to exit Last Call.
We're starting to think about next steps and the potential overlap with web payments, e.g. improved authentication using multi-factor techiques.
We had a workshop recently, see http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/
We have started to look at the potential role of trusted UI. as well as secure elements, etc. The new charter will begin next year.
Just keep in mind that there are groups that could help the Web Payments IG, e.g. Web Security IG, Web Crypto WG, WebAppSec WG. The latter is kicking off work on a credential API.
Questions?
Manu: when is rechartering happening?
Virginie: January 2015
To effect the WebCrypto Charter we need input by then
Manu asks about the credential API.
Virginie: we felt it would be a good fit for the WebAppSec WG which is rechartering at the same time as WebCrypto.
Some discussion about W3C domains. Dave Raggett notes that these are part if the way W3C staff are organized, and it is more important to focus on coordination by group members across groups.
Need to establish good communications across groups. Stephane adds that the Web payment IG charter lists groups or relevance. Having people who are participating in both the Web Payments IG and other groups is a particularly effective way to coordinate.
<virginie> FYI : credential management google proposal here http://mikewest.github.io/credentialmanagement/spec/
Manu: Google is leading work on credential API with support from Mozilla, which is very positive on behalf of browser vendors.
Dan: let's not tie what we're doing to specific browsers
Interoperability is the key.
What kind of credentials?
Manu: primarily relating to authentication to web sites.
<virginie> FYI : discussions related to next steps of web crypto is happening on the Web Security IG http://lists.w3.org/Archives/Public/public-web-security/
David: it is good for us to be engaged and we can discuss this further tomorrow in relation to plans for outreach.
Manu: a good way is to volunteer to perform spec reviews.
Virginie: the Web Security IG are
more interested in reviewing specifcations and may not be
effective at reviewing use cases.
... first spec from WebCrypto WG is mainly focused on widely
deployed crypto algorithms.
Coordination between W3C and IETF on crypto e.g. in relation to HTTP.
Is multi-signature support on their radar? This is important for web payments.
<virginie> FYI : algorithms considered in the web crypto are listed here : https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#algorithm-recommendations
David: one challenge is whether we trust the devices the apps run on?
Answer: you can't trust the devices in general.
Dan: you don't want to confuse encryption with security.
Joerg: is the security good enough for protecting the brand behind the solutions.
David: there are a lot of warning flags, so we need to be vigilant.
see https://web-payments.org/slides/2014/tpac-wpig-wpcg/
David invites a couple of people who just stepped in to introduce themselves.
<steph> Matt: from walmart
Manu starts with his introduction to the web payments community group and invites questions
<steph> uri slides:https://web-payments.org/slides/2014/tpac-wpig-wpcg/
He explains that community groups are unofficial and exist to incubate work. The web payment CG has 184 registered members.
We're an incubator for ideas we think may have potential and expect to pass ideas to the Interest Group for review. The CG is open to anyone, and our work is open, inclusive and transparent.
The CG is collaborating with a range of other groups. These include technical groups as well as policy, regulatory and legal groups.
Manu mentions the Open Payments Foundation which focuses on open source implementations
He recounts the timelime that has led to the Web Payments IG. Want to encourage good coordination between the CG and IG.
Lists the web platform's current failures: no standards for credentials, payment initiation and digital receipts.
Web Payments CG considers the following to be important: civic - strong identity is central to ownership, democracy, privacy and prosperity
The fact that 2.5 billion adults lack access to financial infrastructure.
The opportunity for the Internet to provide a more agile and vibrant global economy. Why does money transfer take much much longer than sending an email?
Role of phones and increasing penetration of smart phones across the globe.
Some discussion around MPESA for mobile payments.
David: the time for completing payments is related to maintaining control and business models for payment infrastructure.
Competition will drive innovation, e.g. for faster payments.
Daniel Austin: if we can make it profitable for companies to complete payments quickly, that is what will happen.
Experience with Rabobank in the Netherlands. We are trying to encourage card payments over cash payments and looking at the incentives to make that happen.
Moving money internationally involves many parties, and interoperability will stream line this.
Manu introduces the Web Payments CG use cases. We took these from the Paris workshop. They include push payments,subscriptions, digital receipts, pseudo anonymity, wallet portability, account portability, etc.
The design criteria include supporting existing payment instruments, emerging instruments, digital/physical receipts, smart contracts, etc.
David: the IG should review the CG use cases document.
Dan: this shouldn't be considered
to be exhaustive
... but is awesome work and will definitely be helpful
Stephane: is this a static finished document, or a living document?
Manu: it is continuing to evolve
We don't have any input into the use cases document from external groups as yet
(cites a list of organizations we would like to hear from)
Dan: it would be interesting to pick all the use cases with validity and pick some for detailed examination
Stephane: as well as selecting use cases, we need to prioritize them, and to ensure that they have sufficient coverage of the challenges we want to address
We have a technology stack (see diagram).
The Web Payment CG considers itself to be in a supporting role to the IG and will continue to experiment with pre-standardization payment technology. Likewise to continue outreach and collection of review input for the IG
Dan: we need to have a clear position when it comes to crypto currencies that we can communicate easily.
Disruptive technologies occur regularly. Things are going to shift in response. We need to keep an open mind and build standards that aren't too attached to current regulation and payment solutions.
Manu: the CG is very happy to take on things that would be impractical for the IG to address without being disrupted.
Some discussion on ensuring the messaging of the relationship between the IG and CG is really clear. We need to avoid mixed messages.
Dan: the W3C name on the CG is confusing.
Stephane: we are aware of this and want to help
Joerg: is there a picture that makes the differences between the various kinds of groups clear?
Stephane: not as far as I am aware, but it is a good idea
Dan Burnett: this is work for the W3C to make the distinction clearer
Manu: there are links on futher background from the slides
The slides are at https://web-payments.org/slides/2014/tpac-wpig-wpcg/
Joerg: I have the feeling that we are touching identity now. We are missing entitlements as an instrument that avoids the need for tracing all transactions back to the payee.
Slides: http://opencreds.org/presentations/2014/tpac-wpig-ccg/
This spun out of the web payments CG. People felt that work on credentials should be split off to avoid it being tied to closely to payments.
Manu presents the credential CG's definition of the term "credential".
One of the groups participating in the CG is the Badge Alliance, a spin off from Mozilla.
Manu plays a video
The video mentions credentials relating to educational achievements.
Manu: mostly relating to K through 12 age groups
The problem this is addressing is to be able to prove to employers that job applicants have the qualifications they claim to have.
This very much ties to identity. When you take an exam you need to prove your identity.
This requires high stakes credentials. We've been working on addressing this using JSON-LD and digital signatures.
We want to avoid the need for use name and passwords, date of birth and so forth which are subject to fraud.
High stake credentials may be formed from credentials that may or may not be high stakes.
You shouldn't need to distinguish whether these contributory credentials are high stakes.
Dan: these credentials may not be
the same as needed for payments, right?
... We need to keep these separate.
Joerg: credible signatures generally speaking involve a cost and a globally recognized signature is likely to cost more.
Mountie describes the situation in Korea
Manu: this is not a centralized solution. We need to look at what do we need to get people on board, and separately to address the technical issues.
Privacy and tracking are important issues to address.
Some discussion about the relationship to payments, and the role of standards for credentials.
scribe: and the relationship to business models.
Multiple credentials can help to reduce risk.
Open standards would be valuable.
Discussion around tokens and EMV.
David: this group (web payment IG) will need to be proactive and surf on current efforts.
Manu asks for 15 minutes to wrap up after we resume from lunch.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 0.99) FAILED: s/Syng/Sun/g Succeeded: s/paymnet/payment/ Succeeded: s/rool/room/ Succeeded: s/???/Istvan/ Succeeded: s/ban/telekom/ Succeeded: s/unknown/thomas/ Succeeded: s/andrew/glen/ Succeeded: s/harold/thomas/ Succeeded: s/harold/thomas/ Succeeded: s/Swanseid/Swandseid/g Succeeded: s/included/include/ Succeeded: s/problems/no standards/ Succeeded: s/logo/name/ Succeeded: s/clear/clear?/ Succeeded: s/groupds/groups/ Found ScribeNick: steph Found ScribeNick: manu Found ScribeNick: dsr Inferring Scribes: steph, manu, dsr Scribes: steph, manu, dsr ScribeNicks: steph, manu, dsr Present: Manu Sporny Virginie Galindo Dave Raggett Claudia Swandseid Joerg Heuer Glen wiley Pat Adler McDermitt DanSyung Bernard Gidon Mountie Lee Jean-Yve Rossi Evert Fekkes Thomas Lammer Dan Burnett Angel li Francis Jeff Jaffe Erik Korb Istvan Lajtos Bill dan Druta Brian Sletten Mary Smith Lars Bolstad Karen Dieter Al Villarica Marie-Claire Forgues Vagner Diniz Miguel Daniel Austin Matt Howarter Agenda: https://www.w3.org/Payments/IG/wiki/Draft_F2F_Agenda_-_TPAC_2014_-_27/28_October_2014 WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Got date from IRC log name: 27 Oct 2014 Guessing minutes URL: http://www.w3.org/2014/10/27-wpay-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]