GSoC2013 Web Payments WebKeys Client

From W3C Wiki
Jump to: navigation, search

Open Source PaySwarm Python API

The PaySwarm initiative is a payment specifications that could be used by anyone to collect money for prespecified assets, such as online merchant websites, teams collaborations, micropayments through different channels .. etc. A PaySwam API is the piece of software that allows using PaySwarm infrastructure from different clients which allows vendors to embed the required specifications in their channels. This project is a Python implementation of such an API, that allows easy implementation of different scenarios in Python web apps.

Personal Details

Name: Amr Fahmy

Email: A.Fahmy[at]cloud-11[dot]com

Personal Website: http://www.amrfahmy.info'

IRC:Amr-Fahmy

Skype ID or SIP address: amr.karam.fahmy

Phone number: +202 01009829173

School Name: Helwan University.

Years completed: 4 years

Programming Languages: PHP (Advanced),Joomla(Advanced), Google Apps Script(Advanced), C(Advanced), C#(Advanced), JavaScript (Intermediate), Python (Intermediate), REST APIs(Beginner), WebKeys(Beginner), PaySwarm(Beginner).


Link to project description

http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/amr_fahmy/1


Web Payments Overview

The Web Payments work, if successful, will have a huge impact on the way that we deal with money as a society on the Web, The Web Payments work is built on top of the previous two technologies, RDFa and JSON-LD. Manu Sporny: "The Web has fundamentally transformed the way we publish and interact with information. However, the way we reward people for creating that content has not changed. The Web’s foundation was not built to transmit and receive funds with the same ease as sending and receiving an email"


PaySwarm Web Payments Overview

PaySwarm gives you the mechanism and the protocol to mark items up for sell and put them on the website so that any user using user agent that implements PaySwarm protocol can buy them without the need to register an account at the vendor website or provide additional data to purchase the payment process. It decentralizes listing things for payments process and selling process from the payment processing. So the PaySwarm lets you use payment service without restricting interactions between you and the vendor if you need to buy anything.

The goal is also not just creating the traditional concept that the user click one click and everything should be done without knowing the how it is working, we want to use extensible Open Source so every developer who is interested in this specifications can add more features to this tool. This will increase the usage of Web Payments over the internet.

Identity and Web Keys :

These days there are many number of popular authorization mechanisms that provide dynamic access to control the resources, large number of them did not address message materialization and message security. Now the most important reason for public and private key is a strategy to achieve the materialization of the message via digital signature and secure messaging via encryption, also the private and public key help the access control to resources. One of the hardest things that we will face is developing an extensible, decentralized Public Key Infrastructure for the web. Linked Data principles help in developing decentralized Public Key Infrastructure on the web.

So the previous points will help us to achieve the future of the messaging in web service that depends on:

  • Message materialization (signing).
  • Message security (encryption).
  • Dynamic access control to resources.

Web Keys should not be confused with TLS, actually Web Keys can be operating in any environment regardless there is TLS or not.


PaySwarm API Main Components The following points are referenced from:("https://payswarm.com/specs/source/web-keys/")


1. Identity (Key Registration) The following is key registration algorithm that should be followed by a key agent utilizing the PaySwarm Python API as currently specified in Web Keys 1.0 draft

  • The user agent (browser) request from the key agent (Python app) to generate public and private key.
  • The key agent (Python app) retrieves the key listing service from the configuration service IRI as following:

- Base IRI for the key listing service (obtained for example from client e.g: dev.payswarm.com) + suffix (/.well-known/web-keys)

- An HTTPS GET request is performed on the configuration service IRI (dev.payswarm.com/.well-known/web-keys)

- The result will be a JSON-LD document using the context specified at https://w3id.org/web-keys/v1 containing a flat set of key-value pairs, for now this key is mandatory ‘publicKeyService’.

  • The key agent (Python app) responds to the user agent with the HTTP 302 to the key listing service URL.
  • The key listing service in turn associates the key agent (Python app) with the key listing account based on the provided public key. UI will ask user to login if there is no active login session.
  • The key listing service specifies a number of the key agent (Python app) configuration values and encrypts the JSON-LD reponse message using the Public Key provided. The response will be as following:

- It must contains 'publicKey' configuration

- The JSON-LD response is compacted and encrypted using Public Key associated with the registration request.

- Response is sent to 'registration-callback' IRI via POST request initiated by user agent.

- The key agent (Python app) then decrypts the base64-encoded stream then extracts and stores the location of 'publicKey' for later use.


2. Assets and Listings registration Asset is a description of a product or service. It typically describes something to be sold, who created it, a set of restrictions on selling it, and a validity period. Listing on the other hand is a description of the specific terms under which an asset is offered for sale.

3. Purchasing Three main items involved in purchasing process:

  • Purchase Request:

A purchase request is sent to a PaySwarm Authority when a purchase is requested by the customer. It contains details about the asset and listing that the buyer would like to purchase.

  • Contract:

A contract is an electronic document that expresses an agreement between all parties involved in a transaction. It contains the asset, digitally signed by the asset provider, and the listing, digitally signed by the vendor.

  • Receipt:

A receipt is the result of a successful purchase. Its main use is to prove that the sale of an asset to a particular customer was completed successfully.

PaySwarm Web Payments Overview

PaySwarm gives you the mechanism and the protocol to mark items up for sell and put them on the website so that any user using user agent that implements PaySwarm protocol can buy them without the need to register an account at the vendor website or provide additional data to purchase the payment process. It decentralizes listing things for payments process and selling process from the payment processing. So the PaySwarm lets you use payment service without restricting interactions between you and the vendor if you need to buy anything.

The goal is also not just creating the traditional concept that the user click one click and everything should be done without knowing the how it is working, we want to use extensible Open Source so every developer who is interested in this specifications can add more features to this tool. This will increase the usage of Web Payments over the internet.


What have you done so far with this idea: What I have did is some research in this field, tried the JSON-LD concept theoretical and I though it is very interest to continue this field and to improve it, although I have did so far some expermintals on the private and public key on my freebsd machine, also I have created Google script that and put the step in this doc to try it by yourself GSoC2013_Web_Payments_WebKeys_Client_With_GScript. Finally I have did some research in PHP programing language in the field of Web Key client service in Joomla Open Platform.


Anticipated challenges: This field has a lot of challenge as you must have a lot of experience in the Webkeys as it is very important internet service for the user to for example transfer their money like:

  • To increase innovation.
  • Improve service quality.
  • Reduce costs.
  • Enhance capabilities in key competitive areas.


Potential mentors: I had a small discussion with Manu Sporny msporny@digitalbazaar.com actually he is amazing mentor in this field he has great experience in the Web Payments services and he provide me with some helpful links.


Minimum time involvement estimation:

April 30 – May 20: 35 - 40 hours per week

May 21 – June 4: 15 - 20 hours per week (my exams period)

June 4 – June 25: 35 - 40 hours per week

June 26 – August 15: 45 - 50 hours per week


Open Source Development Experience

Coding Experience: I'am a Google Apps Deployment specialist and I have a good experience in Google Open source API's, I have worked with Google App engine for Platform as a service which we deploy application on Google app engine with Google script.

Work Experience

Job Title Work Description
Google Apps Customer Solution Engineer
December 2012 – Present (5 months)
Google Apps Customer Engineer , I'am responsible for deploying, configuring and migrating to Google Apps for Business and for Education while providing training workshops when needed , Cloud11 is a Company responsible for holding large systems in Cloud systems.
School Major Manager March
2010 – Present(3 years 2 months) 
Good Idea Group is a company responsible for Italian brand vacuum product which help in healthy & clean life.I was responsible for handling IT issues for than 29 users i was also responsible for handling system automated flow for the employees to get everything automated in our company .
Google Student Ambassador at Google
July 2011 – July 2012 (1 year 1 month)
The Google Student Ambassador Program is an opportunity for students to act as liaisons between Google and their universities

Academic Experience

Academic Institution: Helwan university (Helwan, Egypt).

Current Program: My major is computer science, my degree type I'm working on is BA, I'm in the four year

Anticipated Graduation: 2013/2014

Academic Performance:

Subject Grades
Software Development B+
Google Apps Script A+
Joomla B+ .
Programming(Object oriented object) B+ .
C++ B+ .
ASP.NET A+ .
PHP B+ .
JSP B+ .
MySQL B+ .
Security cryptography B+, in this course we play on the Public and Private key for FreeBSD OS .

GSoC for Credit: No.

References:

  • Dr.Ayman Email: <ayman@fcih.net> .
  • Dr Mottaz abdelfattah: <mottazabdelfattah@gmail.com>.
  • Ahmed Farrag: <a.m.farrag@gmail.com>.