Electronic Commerce Interoperability Standard

From W3C Wiki
Jump to: navigation, search

ECIS stands for E-Commerce Interoperability Standard. an interoperability standard between service providers in decentralized web environment

Why ECIS is required?

  • no standard method to exchange data between multiple service providers on the web
  • no standard framework to exchange data between multiple service providers on the web
  • because of above absent, current E-Commerce interoperation need complex integration and more resources.
  • when user access shopping service provider(merchant)
    • merchant provide their service on their own way
    • merchant integrate their backend service providers internally
    • no standard to inter-operate/exchange services between multiple providers.
  • a new standard is required
    • de-centralized
    • interoperabilitable
    • between multiple service providers including payment and identity service providers.

Data Formats for ECIS

  • JSON Web Token
  • IETF ECML

Exchanging mechanisms

  • SAML
  • OpenID
  • OAuth

ECIS Sequence Diagram

DECIS-Sequence-Diagram v0.1.png

  1. User(UA) send request payment to Shopping Mall
  2. shopping mall response request-token as XHTML/JSON format
    • the request-token can be signed by merchant
    • the token data can be formatted by ECML or JSON Web Token or others
  3. UA redirect the request-token to Payment Processor
  4. Payment processor response request-token to UA
    • Payment processor need to identity user but they are unable to identity user.
  5. UA redirect the request-token of payment processor to Identity Provider
  6. Identity Provider identify user
    • depends on ID providers
  7. Identity Provider response result as XHTML or JSON format
    • the result can be signed by Identity Provider
  8. UA redirect the result to Payment Processor
  9. Payment Processor verify the result
    • normally XML Signature verification can be used
  10. Payment Processor process payment with User
  11. Payment Processor response payment result
    • the result can be signed by payment processor
    • the formats can be XHTML or JSON
  12. UA redirect the result to Shopping Mall
  13. Shopping Mall verify the result sent from Payment Processor
  14. Shopping Mall deliver product/service to User

Decentralized by Centralized

  • between multiple service providers, the mechanism is de-centralized
  • but it is User Centralized

Considerations

  • Timeouts
    • Shopping Mall can not wait too much time
    • but user know what is under processing
  • Trust-Anchor between service providers
    • Trust Each Other
    • Use PKI

References

Author

Mountie Lee (mountie@paygate.net) PayGate Co., Ltd.