00:00:13 Topic: ARTS/NRF UPOS 00:00:35 dezell: There are other efforts - universal Point of Sale 00:01:30 dezell: If you had point of sale devices all of these interfaces would work - WebIDL interfaces... simply bringing it up - almost got richard to present on this, he couldn't make it. Just pointing out there are multiple things on here that feel like a WebApp. 00:02:08 dezell: printer methods UML diagram, print bitmap, print bar code, this has been in production for a long time, we could change this to be a bluetooth printer, etc. 00:02:44 dezell: EPAS - electronic payment applications software - european focus, ISO 20022 - those ISO messages don't make a payment application. If you implement 3 specs, you have a payment application, 00:03:17 dezell: terminal management, retailer application, acquirer protocol - these are the things that we may want to look at. 00:03:22 Topic: EMVCo 00:03:48 dezell: it's important for us to talk about this 400lb gorilla in the room - EMVco tokenization spec is at the basis of apple pay (that's the rumor) 00:04:10 dezell: You can download spec, readable - internally they use ISO 8583 - token is built from that stuff... it's binary. 00:04:51 dezell: Ecosystem is token service provider, acquirer, merchant, etc. token requestor is a placeholder - anyone can request a token. The soul of trusting this - refresh early/often. 00:05:33 dezell: If you have an old token, someone steals it, get a new token. Requirements for token service provider - API guidelines - extremely vague - we could define RESTful services to EMVco. 00:05:53 Manu: Are you suggesting…it would be neat to get Apple Pay involved 00:05:59 …is the EMVCo the mechanism? 00:06:16 David: No, I'm just bringing it tou our attention 00:06:20 s/tou/to 00:06:41 …it's more likely to get them moving in our direction if we are not going against them; not advocating, just stating fact 00:07:29 Scribenick: Karen 00:07:59 Speaker: Jorg Heuer, Deutsche Telekom 00:08:23 Jorg: I am part of Telekom laboratories 00:08:35 …not productized 00:08:50 …to address an eceosystem which a wallet should perhaps do, we have to have in mind... 00:09:06 …Given chance to occupy two days with what I have to tell 00:09:12 …Like to convey as much as I can 00:09:27 …today so that on second day you can tell me how to best contribute and continue on this topic 00:09:30 …the overview 00:09:42 …I have been using this overview for some time 00:09:59 …consists of people like Google who have been working on wallets 00:10:03 …all costs a lot of money 00:10:12 ..Gemalto has made money, but it's hard to do 00:10:14 …One of reasons 00:10:29 …best described if you look at the newest entrant, Apple, with Apple Pay 00:10:46 …So few that have a vertical power to know the user, have access, provide the software and all the backend services 00:10:57 …This is what you have to have if you want to engage with al the partners 00:11:07 …All the others in the end were lacking access to the right part of the value chain 00:11:34 …Also true for DK to some extent; Google has started working on infrastructure 00:11:49 …but they have not yet blasted through the infrastructure as some expected 00:11:59 …Really tough [to do] 00:12:03 …it is an ecosystem 00:12:18 …if all the others are going to be part of something that works in the end, they need to accept their roles 00:12:24 …We have worked on that in our work 00:12:34 …my wallpaper for all the stuff we did, starting in 2006 00:12:37 …NFC, UFC stuff 00:12:44 …our R&D unit worked on it 00:13:01 …In 2007 we came across Info-Cards; identity management solutions 00:13:09 …idea was to turn identities into virtual cards 00:13:18 …my team is actually a team of identity experts 00:13:24 …we did not expect to work on payment 00:13:36 …I will love this topic which is challenging and complex 00:13:45 …Recognized we needed to join these two worlds; identity and payment 00:13:53 …you are showing the entitlement, authorization 00:14:04 …we developed run types, more complex things; aspects of the ecosystem 00:14:17 …Demonstrations by DK were based on technology we had developed 00:14:24 …To show the most important parts 00:14:36 …All the things we had imagined and showed the most important parts 00:14:49 …They came to us with parts from Continental, who had mastered NFC 00:14:57 …show mastery of electronic keys 00:15:02 …We integrated this into our framework 00:15:18 …So we have been working on that until 2013 on basis of an Android native code developed over years 00:15:27 …then looked at how to go further 00:15:33 …and build a wallet with HTML5 00:15:39 …and this is what I want to tell you about 00:15:49 …Story starts with a simple idea about how to structure things 00:15:55 rrsagent, draft minutes 00:15:55 I have made the request to generate http://www.w3.org/2014/10/28-wpay-minutes.html Karen 00:16:07 Jorg: Take this info card as the trusted idea 00:16:16 …take credentials; we could build everything around it 00:16:34 …And we were able to create a title engine, a UI and engine worked with metadata 00:16:43 …We had no assumption about how functionality of card was implemented 00:16:47 …We needed to be open 00:16:53 …did not know what sits in the secure element 00:17:05 …but make sure the implementation accesses the secure element 00:17:13 …We know there is a Visa, MC, coupon application 00:17:18 …and we hook them up into our framework 00:17:27 …and have them handle things described in our metadata 00:17:36 ….We used HTML5 00:17:41 …wanted to run on every platform 00:17:50 …more or less I have two devices for the demo later on 00:17:54 …Next step 00:17:56 karen_od has joined #wpay 00:18:00 …for us is to define the vision 00:18:03 …what they are doing 00:19:00 …"A tool for users where all types of credentials are stored; with appropriate security; for use in all kinds of personal digital transactions; in a vivid ecosystem - always under the control of the user on his trustable device/service." 00:19:09 …Microsoft started but did not continue 00:19:21 …We wanted to make hardware secure instruments for the end user 00:19:24 …it is already sitting there 00:19:35 …give you maximum control of entitlements, security control, etec. 00:19:44 ….make it easy for people to have hundreds of identities 00:19:51 …get a new user card for each new mail box for example 00:20:01 …Since we do have ideas about understanding context for where wallet is used 00:20:10 …we could help and present the few identities that make sense 00:20:19 …We see the development in the identity space where silos are at it again 00:20:22 …we have lots of silos 00:20:37 …Today we see that browsers want to become identity management tools 00:20:54 …I as user have a problem when I want to change my browser; where are all these identities stored? 00:21:00 …possibly be a different tool 00:21:08 …and also take into account when running different devices 00:21:30 …Also, something that relates to next point, we did not to have the silos defined by your mobile operator or bank 00:21:50 …Whatever you do, not be confined o what end user accepts as a wallet 00:21:57 …I tell them your customers are also customers of others 00:22:02 …the wallet needs to be neutral 00:22:06 …That led us to a different model 00:22:10 …with respect to the roles 00:22:14 …We have a bit of a differentiator 00:22:23 …in which we say there is a role for a wallet provider 00:22:28 …someone who runs a wallet service 00:22:31 …could be a service 00:22:42 …you had that in your presentation; could be synchroniized 00:22:49 …Another one might not be open 00:23:10 …All things that are up to the ecosystem if we are talking about global standards 00:23:18 …I really like term Manu put out for a while 00:23:31 …a level playing field for others for innovation 00:23:37 …We could not do everything ourselves 00:23:46 …Access keys for house, card, hotel doors 00:23:56 …perhaps with loyalty cards; no way for us to cover all of that 00:24:11 …That was hard in our company to say we cannot be the ones to offer all these services, but rather to offer the platform 00:24:21 …We sit on the secure element, or could be a wallet operator 00:24:33 …Many places like ISIS in US, say we need to have one wallet 00:24:38 …One wallet operating 00:24:44 …would make onboarding easier 00:24:53 …So we learned we can achieve much more than we ever expected 00:25:00 …Some people wanted us to implemetn 00:25:06 …We did it in HTML5 00:25:07 virginie has joined #wpay 00:25:11 s/ISI/SIO 00:25:14 S/ISO 00:25:19 ..whatever these items are 00:25:24 …that will come from outside 00:25:44 …We recognized that by building this stuff, we had to adopt to every single interface on the OS level; to interact with all the browsers 00:26:01 …see lots of interfaces all different with all different combinations of platforms 00:26:07 …Thought we could share our vision with W3C 00:26:18 …i think the future holds a lot of potential for this kind of things 00:26:24 …In payment, our goal was convergence 00:26:29 …We called it a converged wallet 00:26:38 …We wanted you to have same experience at cash register as the online shop 00:26:50 …We built an NFC based shopping scenario with a PC 00:26:54 …with a plug-in in browser 00:26:58 …and we authenticated 00:27:08 …I would hold my mobile phone against the NFC reader to authenticate 00:27:13 …used it as the trusted instrument 00:27:15 …easier to shop 00:27:23 …this is identical to me paying at the cash registere 00:27:28 …Leads us to the e-commerce field 00:27:35 …Consultancy people approaching us 00:27:44 …asking isn't that what we have been doing for years? 00:27:51 ..Good prospect in e-commerce field 00:28:13 …Everything like loyalty, profiling, couponing would be integrated in same approach 00:28:20 …Can show with a small demo how that can be done 00:28:25 …Media is another thing with lots of problems 00:28:34 …in the home nobody knows who is allowed to do what 00:28:36 …To sue content 00:28:46 …that is limited; are you allowed to order something from your smart TV 00:28:56 …lots of personalization you cannot do; have to administer it with every device 00:29:03 …these things could be done simpler 00:29:13 …Also have been approached by DRM people; like music services 00:29:22 …I could have my entitlement with me and use on any device 00:29:25 …Topics of smart cities 00:29:29 …are pretty frightening 00:29:45 …They have started with EU Smart Cities program 00:29:52 …how can we control all the devices around me 00:30:05 …could be good way with my identity and authonomy 00:30:18 …Think we can help the whole thing to become user-centric; the whole idea behind the wallet 00:30:22 …Things flow through this device 00:30:30 …Wallet is also place where I do automation 00:30:39 …Opt-in and opt-out is one problem space 00:30:48 …When you want a confirmation from user 00:31:01 …pop up your wallet; an expression of will; to pick this one part for this transaction 00:31:17 …not opt-in or opt-out; but I picked this card for this transaction 00:31:25 …Also want to avoid storing my payment crednetial 00:31:42 …Id' rather have a world with credentials not stroed outside 00:31:47 …Ideas around centricity 00:32:01 …Lots of arguments; transparency, user control; convenience factor 00:32:06 …reference to .CLs 00:32:18 s/.CLs/Doc @ 00:32:24 …He invented @ 00:32:34 …complementary to customer relationship management 00:32:35 http://cyber.law.harvard.edu/projectvrm/Main_Page Project VRM 00:32:40 …If you have tokens from vendors 00:32:57 …and you keep them because you think it will be important to get back to that same shop, you might have that same information 00:33:08 …not up to vendor, but you keep data about the transaction on your file 00:33:15 …Every vendor wants to be remembered after years 00:33:33 s/Doc Searls 00:33:46 …Privacy 00:33:56 …use of pseudonyms is eased 00:34:00 s/invented @/invented VRM (Vendor Relationship Management) 00:34:01 …also working with a prof in Frankfurt 00:34:09 …wallet might provide certain modules 00:34:12 …issue these rules 00:34:15 …and be untrackable 00:34:22 …also requires audits 00:34:27 …could be a good thing in the framework 00:34:31 …there is a need 00:34:39 …That is the idea here 00:34:49 …Open ecosystem for all the other players is a bit rough 00:35:00 …Could gain cost efficiencies by using web-based technologies 00:35:07 …We learned that in the mobile industry 00:35:11 …allow connections 00:35:19 …between issuing bank and @ 00:35:35 …costs are high 00:35:39 …Germany has a lot of banks 00:35:49 …to be relevant with your wallet you need to have them all on board 00:35:59 …$500K per bank is not a model 00:36:06 …Once you have an agent in secure enviroment 00:36:10 …you could provide everything else 00:36:16 …even based on global platform standards 00:36:25 …Cards could allow that but not in practice today 00:36:30 …Legacy support 00:36:40 …I will show you things with optical systems 00:36:43 …show that these fit together 00:36:51 …technology agnostic makes it fit for innovation 00:36:58 …and fit into processes and things we already have 00:37:07 …Cannot just reinvent payment and expect everyobody to go for it 00:37:14 …and important to provide sercure element serviceces 00:37:18 s/services 00:37:23 …make payment possible 00:37:30 …cut it differently 00:37:43 …we are responsible for secure element; rest is up to others 00:37:51 …So let's look at more practical 00:37:55 …How to fit that into one wallet 00:38:04 …what we did is to create one monolythic application 00:38:15 …had some work done on the device itself 00:38:24 …applications on the same device 00:38:31 …talking to web browser was needed 00:38:41 …to pick your identity in the wallet and convey to a service on the Internet 00:38:45 …something really important 00:38:55 …if you have a merchant that you regularly go io,, they usually have an app 00:39:04 …all these things exist already 00:39:06 …One thing in wallet 00:39:14 …you want to have one place to do your transaction 00:39:30 …coupons in one app, payments in another app, that is not feasible 00:39:41 …If we can be part of that wallet experience that would help us 00:39:43 bgidon has joined #wpay 00:39:46 …Structuring it 00:39:56 …we needed to handle those items in the wallet and make modules available 00:39:59 …Complex picture 00:40:07 …but that contains everything in terms of the big blocks 00:40:17 Manu: one comment on the general diagram 00:40:26 …one of things I was concerned about is use of the term "wallet" 00:40:32 …it means something different to each of us 00:40:45 …looking at this slide, I see a payment ecosystem, not neces a wallet 00:41:00 …Good for outreach, but wallets are composed by a large set of pieces 00:41:07 …each needs its own spec 00:41:11 …In showing people the demo 00:41:33 …do you think there is a misconception about wallet, or do people get it's an ecosystem that is being described 00:41:52 Jorg: this is our software architecture; you seee an ecosystem which is what it is meant to do 00:42:00 …i hate the word wallet because of all the misunderstandings 00:42:05 …This is the wallet in the view of an end user 00:42:13 …Not aspiration of some service to be a wallet provider 00:42:26 …Say this thing is open to call your cards, tickets, coupons you want to collect 00:42:38 …Good to hear you say ecosystem, but it's an architecgture 00:42:48 ..If we dare influence people's perception of wallet 00:43:01 David: perhaps we put the bus model and software architectures at different levels 00:43:07 …I have hinted to that in the back end section 00:43:13 …These things would be vertical implementations 00:43:20 …and they would connect to @ 00:43:30 …on wallet level we don't need to know so much about it 00:43:45 …the users, browsers pick some elements 00:43:56 …may be a question of communciations channels; optical or NFC, context 00:44:02 Manu: those details we have to figure out 00:44:05 Jorg: Right 00:44:08 …It's a lot 00:44:19 …When I tried to put these slides together for people who were not familiar 00:44:32 …I was concerned they would not understand 00:44:38 …But all these interpretations fit in there 00:44:41 …A simpler one to show 00:44:54 …a platform on which all these items sit 00:44:59 …using hardware, software 00:45:04 …or nothing at all 00:45:06 …made available 00:45:08 …all issued 00:45:18 …from your issuers, your services into your wallet 00:45:24 @: We have to think about the 00:45:29 …pattern of that 00:45:39 …this design was discussed in Web Crypto WG 00:45:42 s/pattern of that/same-origin policy of the web/ 00:45:43 s/@/Mountie/ 00:45:45 …problem was…some origins 00:46:05 …need to overcome 00:46:10 …these issues 00:46:14 Jorg: I hope so 00:46:32 …you can bet on that, in our company it was not easy to convey notion that secure element could be some secure element 00:46:38 …people were proud of SIM card 00:46:39 s/these issues/issues with the same-origin policy for secure element 00:46:43 …one example was security arm 00:46:55 …customers who need secure elements with certificaitons 00:47:54 rrsagent, draft minutes 00:47:54 I have made the request to generate http://www.w3.org/2014/10/28-wpay-minutes.html Karen 00:48:05 Stephane: Question on this 00:48:06 scribenick: wseltzer 00:48:25 steph: question for tomorrow, where are the points where standards are needed 00:48:36 ... vs the places we need flexibility for innovation? 00:49:32 Jorg: [slide: Using t-labs wallet aas a straw man, what are the interfaces, protocols, data formats?] 00:49:37 s/aas/as/ 00:51:15 ... lots of things in connecting to the back-end 00:52:07 ... thought about beefing up the administration interface 00:52:23 ... I don't want a backend service that looks entirely different depedning on the client 00:52:41 ... I should be able to configure which instruments to sync with which devices 00:53:06 ... tell the bank "your customer has a new device, wants to have his card on it" that could be automated 00:53:16 ... lots of things out of our scope, coudl be useful in the ecosystem 00:53:33 [demo] 00:54:13 s/[demo]/[slide: references] 00:55:46 Jorg: That's the end of my hour; I hope it's useful for discussion tomorrow 00:56:09 ... A wallet isn't everything for payments, but I think it's a piece W3C could contribute 00:56:12 q? 00:56:47 manu: what's next? 00:57:28 Jorg: I want to give the use cases of the wallet, with requirements based on web technology 00:58:29 steph: Are people happy to discuss wallet interfaces, not internals of wallet? 00:58:58 dezell: Let's not take that vote today while we're tired, but wake up tomorrow ready to discuss 00:59:14 dsr: Let's talk about use cases, interfaces will follow 00:59:28 Jorg: we created a solution around our ideas, not a product 00:59:49 ... I expect there's space for dozens or hundreds of wallets meeting those specs 01:00:04 ... I'm not advocating the solution, but user-centric approach to a wallet model 01:00:16 @@: apprach gives a good context to look at the ecosystem 01:00:27 s/@@/patA/ 01:00:35 s/about use cases/use cases and ecosystem/ 01:01:03 Jorg: Wallet provider shouldn't be capitalizing on information 01:01:44 ... this business is based on trust 01:02:19 ... let me show you one story 01:02:45 dezell: Let's close the meeting, and people who want to see the demo can see it 01:02:54 rrsagent, make minutes 01:02:54 I have made the request to generate http://www.w3.org/2014/10/28-wpay-minutes.html steph 01:02:55 ... first thing tomorrow, we resume this discussion 01:03:11 ... then AC meeting interrupts, and we reconvene to figure out ongoing activities and way forward 01:03:21 ... Afternoon is very important 01:03:36 manu: also, identity and credentials CG during AC break 01:03:44 dezell: if you're not in AC meeting, that's a good place to be 01:03:46 [adjourned] 01:03:48 rrsagent, make minutes 01:03:48 I have made the request to generate http://www.w3.org/2014/10/28-wpay-minutes.html dsr 01:04:35 SiddharthB has joined #wpay 01:07:09 sboyera has joined #wpay 03:33:34 mountie has joined #wpay 04:10:49 steph has joined #wpay 04:20:30 Alan has joined #wpay 04:23:11 bgidon has joined #wpay 10:53:39 bgidon has joined #wpay 15:41:24 RRSAgent has joined #wpay 15:41:24 logging to http://www.w3.org/2014/10/28-wpay-irc 15:41:26 RRSAgent, make logs 413 15:41:26 Zakim has joined #wpay 15:41:28 Zakim, this will be 15:41:28 I don't understand 'this will be', trackbot 15:41:29 Meeting: Web Payments Interest Group Teleconference 15:41:29 Date: 28 October 2014 15:41:33 rrsagent, this meeting spans midnight 15:41:44 AndyF has joined #wpay 15:41:54 padler has joined #wpay 15:41:57 keiji has joined #wpay 15:42:05 ShaneM has joined #wpay 15:42:31 mcdermittd has joined #wpay 15:42:34 rrsagent, make logs public 15:44:44 toml has joined #wpay 15:44:49 test 15:45:48 First presetation/topic of the morning - Joerg Heuer - continuation of Wallet discussion from 10/27 15:46:18 just covering administrivia before getting started.. 15:46:47 discussion on where we are publishing minutes/content from meeting... 15:47:23 questions coming from the CG asking for visibility into what was discussed yesterday... 15:48:34 Added information to slide deck on Doc Searles VRM (vendor relationship management) topic 15:49:05 thanks to all for attending demo last night... willing to do another demo today on break.. 15:49:06 dan has joined #wpay 15:50:00 this part of the topic is more 'freestyle' - looking for input from others on topics/concepts that were discussed last evening 15:50:27 as well as discussing proposal and any use cases.. 15:51:28 thanks.. will add... 15:51:30 virginie has joined #wpay 15:52:04 joerg: recapping key points/from yesterday... 15:52:06 jin has joined #wpay 15:53:26 joerg: discussion power of the wallet paradigm to enable horizontal integration across many industries/providers... 15:54:07 joerg: meta-data in the wallet is key to being able to implement many different use-cases 15:55:41 gludi_ has joined #wpay 15:55:48 dsr has joined #wpay 15:56:00 Present+ Dave Raggett 15:56:12 Present+ Manu Sporny 15:56:25 q+ 15:56:51 Present+ Evert Fekkes 15:56:54 Present+ Shane McCarron 15:57:03 question on what dependencies the wallet concept has to underlying platform.. for example, is the wallet concept dependant on mobile app? 15:57:28 gludi has joined #wpay 15:57:41 (did not catch speakers name).. . 15:57:49 <_M_> _M_ has joined #wpay 15:58:12 dezell has joined #wpay 15:58:30 claudia: question on specific technologies used in implementing the wallet concept.. 15:58:46 ErikAnderson has joined #wpay 16:00:30 joerg: talking about the flexibility of the framework to choose distinct technologies based on different scenarios 16:00:56 joerg: showing QR code to show linkages between devices... 16:01:35 browsers display QR code and then leveraging mobile device to do out of band authentication... 16:02:16 joerg: serves as a good example for where these types of modules could "plug-in" to the wallet framework 16:02:44 joerg: black box wallet needs to talk to the browser.. 16:04:41 Matt/ joerg: discusssion on where the authentication credential "lives"... wallet implementation is not tied to any one device... 16:05:08 joerg: wallet can live either on device or on in cloud or others.. 16:05:27 joerg: many different implementations even for a plastic card.. 16:05:54 joerg: use context to be able to decide which implementation "item" to use.. 16:06:43 matt: merchant perspective is worried more about details of the issuer of the payment device.. 16:07:22 matt: how do we make this more future looking... than just looking at how this works in today's context.. 16:09:36 pat/matt/joerg: discussion on merchant preferences for how to route transactions... 16:10:55 matt/pat/joerg: how does the merchant context work? joerg: discussion on how debit schemes may work for POS terminal providers.. 16:11:12 matt/joerg: discussion on POS terminals and standards... 16:11:38 dave m: how many issuing banks in Germany? 16:12:02 joerg: there are many 16:12:37 Erik has joined #wpay 16:13:20 Dave E: discussion on full stack providing too much detail.. 16:13:36 TIMEOUT... potential gas leak in building.. 16:24:55 toml_ has joined #wpay 16:37:51