05:40:51 RRSAgent has joined #wpay 05:40:51 logging to http://www.w3.org/2015/10/28-wpay-irc 05:41:05 forgot the RSS agent, just going to repeat the previous line 05:41:08 scribe: nick 05:41:17 TOPIC: Web payments working group architecture 05:41:22 Andy: we are partner with SK Telecom. We are in charge of development and service operation. 05:42:19 Andy: we named our web payment standard prototype PAYTO 05:42:40 shepazu has joined #wpay 05:42:47 Andy: Payto standard allows the payer to transfer money and simple checkout 05:43:05 Andy: it uses a payto://PayToAddress,Amounts scheme 05:43:12 Andy: the payer has the authority over the payment process 05:43:36 AdrianHB has joined #wpay 05:43:47 Andy: supports various service models, like delivery service ordering through app 05:44:31 Andy: another service model, donations and gifts. no need to share the payer’s finance information with the service provider 05:44:57 q? 05:45:36 shevski has joined #wpay 05:45:53 lbolstad has joined #wpay 05:46:00 chaals has joined #wpay 05:46:22 Andy: demo of delivery app and donation app 05:47:02 shepazu has joined #wpay 05:48:33 Ian: so this is using a mobile money account in the back? 05:48:37 Andy: no, carrier billing is the model 05:49:39 Andy: when your delivery comes the delivery person has a device 05:50:04 zkoch has joined #wpay 05:50:13 ??: What’s the use of the beacon? 05:50:52 Andy: it’s cash on delivery, the beacon confirms receipt of goods 05:51:04 Adrian: what’s the protocol actual being used here? 05:51:07 Andy: BTLE 05:51:20 ??: but the ID of the beacon is tied to the order? 05:51:23 Andy: yes 05:51:48 ??: so the reading of beacons is done on the platform or through the browser 05:51:51 Andy: by the app 05:52:17 AdrianHB has joined #wpay 05:52:29 q? 05:52:32 Rouslan has joined #wpay 05:52:34 rbarnes has joined #wpay 05:52:35 Andy: payment notification is finalized by SMS 05:52:40 jystewart has joined #wpay 05:52:47 q+ to look at the flow diagram from the presentation 05:52:51 riju has joined #wpay 05:52:51 Andy: payto supports both cash on delivery and pay now 05:52:56 ack AdrianHB 05:52:56 AdrianHB, you wanted to look at the flow diagram from the presentation 05:53:17 q= AdrianHB 05:53:23 Laurent has joined #wpay 05:53:23 queue= AdrianHB 05:53:32 CyrilV has joined #wpay 05:53:35 Jurgen has joined #wpay 05:54:27 Andy: all payments work in the web 05:54:32 Andy: the app is just to do the beacon work 05:54:35 ack AdrianHB 05:54:48 AdrianHB: can we look back at your presentation and the flow? Where does the URI scheme fit in? 05:55:37 AdrianHB: what’s the format of the address (in payto://PaytoAddress,Amounts) 05:56:00 q+ to ask about security of the request 05:56:14 q+ 05:56:35 AdrianHB: the reason I ask is because there’s only one way to pay, without much change I see a synergy between what we want to do in the WG and providing a list of options 05:57:06 ??: the payto:// URL seems more like an instruction to pay? 05:57:42 Andy: this is just a prototype from IG discussions 05:57:54 Cyril: so payto can implicitely identify carrier billing? 05:58:27 Ian: if I understand Adrian’s comment it’s that there’s a service ,and you’re using the URL to invoke the service 05:58:33 Ian: and you’re handing them an offer, here’s the offer 05:58:36 AdrianHB has joined #wpay 05:58:43 Ian: and then the service gets invoked and asks for a payment insturment 05:58:51 q- 05:58:53 Ian: can we generalize 05:58:58 q 05:58:59 q- 05:59:20 Andy: want to show one more thing, payto for P2P 05:59:55 Ian: so the question for you, as well as Zach and others working on other proposals 06:00:12 Ian: what are challenges for the wg? what problems are hard to solve? what challenges exist between local services and cloud services? 06:00:21 Ian: part of the goal of today’s session was to hear from people who may not be at the wg 06:00:36 Ian: where are the biggest hurdles? 06:00:52 Zach: I think the biggest thing will be to find a way to register payment instruments 06:01:13 s/Zach/zkoch/ 06:01:28 zkoch: we want to define a standard way to do this but recognize platforms have limitations 06:01:43 zkoch: what’s the right way to invoke the installation of particular instruments? 06:01:54 zkoch: on desktop in general how should we treat this? 06:02:07 zkoch: on mobile you can imagine an intent model, but on the desktop we don’t necessarily have this 06:02:18 zkoch: how can we standardize this as long as you have an instrument it’s available? 06:02:38 zkoch: when the browser takes a stance and says “yes, we can process a payment” it’s an implicit confirmation the website is trustworthy 06:02:43 zkoch: in actuality you can’t really do that 06:02:50 zkoch: we’re limited to the current set of web technologies 06:03:03 zkoch: when you think about the chain of trust what are the resources we have at our disposal? 06:03:07 Ian: is your vision we can do better? 06:03:26 zkoch: I don’t have any ideas, there are tools we use as browsers 06:03:35 zkoch: one big thing is spoofability. 06:03:54 zkoch: sometimes we can break out of the DOM and into the browser chrome, but users never notice 06:04:01 q+ 06:04:15 ack jheuer 06:04:26 q+ To Ian's question if 'we can do better today' ? 06:04:27 jheuer: we should consider the payment instrument chosen might have their own ways of ensuring security 06:04:27 q+ 06:04:33 (+1 to jeheuer’s point from me) 06:04:34 Rouslan has joined #wpay 06:05:00 s/jeheuer/jheuer 06:05:11 zkoch: it will probably end up there 06:05:15 q? 06:05:26 ack MattPisut 06:05:26 MattPisut, you wanted to Ian's question if 'we can do better today' ? 06:05:28 kris has joined #wpay 06:05:32 +1 with the two levels of security 06:05:40 MattPisut: excellent question. to pile on, authentication between the terminal and the payment device 06:05:46 jiangtao has joined #wpay 06:05:46 MattPisut: the device isn’t authentication the terminal 06:06:00 shepazu has joined #wpay 06:06:05 MattPisut: can we do better today or tomorrow? I’m not so sure we can actually do better 06:06:18 rrsagent, draft minutes 06:06:18 I have made the request to generate http://www.w3.org/2015/10/28-wpay-minutes.html jiangtao 06:06:22 MattPisut: one concern we have is chain of trust 06:06:38 Ian: one clarification - there will be some things that will be better 06:06:44 Ian: like not sending PII through forms 06:06:58 Ian: I just meant the confidence in the party at the other end 06:07:13 q? 06:07:23 ack rbarnes 06:07:35 rbarnes: I think Zach is on target. the critical question is what is a payment instrument 06:07:47 rbarnes: there’s a bunch of instructive prior art that leads to different conceptions and might cover different chunks of use cases 06:07:59 rbarnes: when I think of what a payment instrument might be it’s some chunk of state that gets put into the browser 06:08:05 Dezell has joined #wpay 06:08:11 q+ 06:08:19 rbarnes: I think one of these constructs will be good enough for what we’re doing here 06:08:21 AdrianHB has joined #wpay 06:08:30 rbarnes: the critical step is to find one of these constructs 06:08:37 q+ to expand on payment instruments 06:08:53 Ian: sounds like an agenda for the wg is serving this prior art 06:08:56 ack AdrianHB 06:08:56 AdrianHB, you wanted to expand on payment instruments 06:09:12 AdrianHB: something that has been difficult to nail down is the definition of payment instrument 06:09:20 q+ 06:09:20 AdrianHB: some people consider a payment instrument to be as simple as a piece of data 06:09:32 AdrianHB: that probably doesn’t work, or that’s not going to be enough 06:09:35 q+ 06:09:46 AdrianHB: maybe an instrument is some executable logic given to the browser to deal with the payment 06:09:59 AdrianHB: that thing may have another whole flow of its own for authentication 06:10:00 q- 06:10:31 AdrianHB: the challenge i think we have is there are models in existence where a payment instrument may have multiple credentials, like PayPal (a front for potentially three cards) 06:10:40 zephyr_ has joined #wpay 06:10:48 AdrianHB: what happens if I visit a merchant’s site and they don’t support PayPal but do take those cards backing PayPal 06:11:00 AdrianHB: do we have a way for payment instruments to expose the credentials they use 06:11:28 ack nick 06:11:33 AdrianHB has joined #wpay 06:12:19 nick: a point of contention so far has been definitions of various terms 06:12:38 ... there is a spectrum of complexity wrt what we call a "payment instrument" 06:12:57 ... we need to figure out what those mean 06:13:14 q+ 06:13:19 ian: is that important to the protocol design or the work of the group 06:13:37 dsr has joined #wpay 06:14:03 jheuer: we’ve done stuff like that in software, but the only thing I don’t know if it will be compliant with W3C standards 06:14:19 q? 06:14:20 jheuer: I hope to see something which is on a higher level of understanding and compliance 06:14:35 Ian: jheuer showed up with a demo at the last IG F2F so he has experience 06:14:39 ack zkoch 06:14:50 present+ jiangtao 06:14:53 zkoch: I might be a little biased since I’ve come up with a proposal, but with regard to prior art 06:15:04 circ-user-O5cOn has joined #wpay 06:15:13 zkoch: at some point you’re going to leave the comfort of the web and go into proprietary systems on different platforms 06:15:23 zkoch: you can imagine a world where I’m on my android device and end up in android pay, a native application 06:15:39 rbarnes: ultimately this payment instrument will be a represented as a web thing 06:15:57 zkoch: not necessarily. one of the goals we have is to bring secure payments into the browser, and to do that you may need to exist the web ecosystem temporarily 06:16:15 rbarnes: it should appear to the web as part of the web, even if the internals are doing something different 06:16:36 rbarnes: again, I think it’s important to keep in mind the browser might bring some things along but keep a more general frame in mind 06:16:47 q? 06:17:13 zkoch: two other comments, from an instrument perspective it could be complicated or very simple 06:17:23 zkoch: as long as you can speak the messaging system I don’t care if you’re a piece of data or a more complicated application 06:17:56 q+ Ian 06:18:07 zkoch: you [nick] mentioned auto form filling 06:18:12 zkoch: we did try this with request autocomplete 06:18:20 zkoch: we should look at that and see if there are any learnings 06:18:21 q+ 06:18:22 AdrianHB has joined #wpay 06:18:25 ack CyrilV 06:18:34 CyrilV: I think there will be some issues on the protocol side for the instrument 06:18:53 CyrilV: part of closed loop / card based systems, if you see the ISO 20022 there is a payment initiation 06:19:26 CyrilV: initiation for direct debit, credit transfer, etc are different. part of the protocol would be to have a factorization of those messages, but that implies we must explicitely explain the payment instrument 06:19:41 CyrilV: this is the form for direct debit, this is the form for credit, etc. 06:19:49 q+ to respond to Cyril 06:20:06 ack me 06:20:33 Ian: one of the things that occurs to me is that I think in the HTML working group they did some work polling preferences amongst members, etc 06:20:40 Ian: I wonder if something like this might be useful in this group 06:21:07 Ian: “we need a solution to accommodate a full range of scenarios”, type of thing. you only have to say one time “yes, we also need to take this case into account" 06:21:20 Ian: don’t want to add work but if it helps avoid redundancy it might be useful 06:21:32 rbarnes: you mean use cases? 06:21:56 Ian: less use cases, more design goals and constraints. there must be a way for a wallet to reside in the cloud, for example. not quite a use case, but a requirement / constriant on the protocol 06:22:16 rbarnes: I think it is useful to go through use cases 06:22:34 rbarnes: what are the logical message flows that we want to support for those things 06:22:36 ack rbarnes 06:22:36 q+ 06:22:50 rbarnes: what does migrating to this API from now look like? 06:23:09 rbarnes: but I would really strongly prefer if we didn’t have multiple levels of this API (the static one, the dynamic secure one, etc). we can probably arrive at an abstraction that can scale 06:23:16 Ian: i agree 06:23:20 ack AdrianHB 06:23:20 AdrianHB, you wanted to respond to Cyril 06:23:34 (I wanted to say that Richard's comment was the sort of "design goal" I was referring to) 06:23:58 q? 06:24:01 rrsagent, make minutes 06:24:01 I have made the request to generate http://www.w3.org/2015/10/28-wpay-minutes.html Ian 06:24:02 AdrianHB: I think part of the goal we’ve discussed is putting a lot of complexity behind…all the different ways you can pay, the types of data…I see that not being part of the API, and being part of what the instrument does and the PSP does 06:24:25 rrsagent, this meeting spans midnight 06:25:05 q+ 06:25:11 AdrianHB: if it’s something new, like bitcoin, maybe they return cryptographic receipts rather than something else. It’s determined by the two entities (PSP and instrument) 06:25:13 zakim, close the queue 06:25:13 ok, Ian, the speaker queue is closed 06:25:29 AdrianHB: to address what zkoch said about instruments. I think even simple instruments will need logic to return a response 06:25:53 AdrianHB: when you register that instrument it may be as simple as five lines of JS that return its data 06:25:56 ack CyrilV 06:26:28 CyrilV: instruments may have some constraints 06:26:43 CyrilV: we have constraint in, say, some characters, each payment instrument should give a list of data 06:27:09 (nick on IRC: other constraints might be monetary, e.g, a ceiling) 06:27:22 AdrianHB: my expectation is that level of constraint will be handled by the instrument 06:28:24 q? 06:28:30 q+ 06:28:35 CyrilV: the issue there is, for example, some banks may not be allowed to change their constraints or adjust the request. in some cases you could imagine it is better to process the payment 06:28:51 ??: In this case, if you have real time payments you need to process the constraints 06:29:18 AdrianHB: so an example might be a separate credit transfer? the payment instrument that’s installed is my bank’s implementation of that standard? 06:30:17 q- 06:30:29 Laurent: most of what Ian said I wanted to say, but to reinforce two points 06:30:34 ack Laurent 06:31:00 Laurent: on CyrilV’s side the instrument is linked to your account, on rbarnes side the instrument is really your credit card number inside the browser…these are two very different views of instruments 06:31:02 dbaron has joined #wpay 06:31:08 Laurent: maybe we need to find common ground on definitions in the wg 06:31:24 Laurent: there’s a common set of issues like plumbing between merchants / PSPs / instruments, discovery selection... 06:31:39 Laurent: the spec should leave flexbility for comlpex instruments, be extensible 06:32:02 Ian: for the chair, it feels like the sooner you can as a group converge on the sense of boundaries and explicitely say “this is being left” with rationale…keep the scope explicit 06:32:04 AdrianHB has joined #wpay 06:32:07 AdrianHB: it’s clear in my head 06:32:12 AdrianHB invites us into his head 06:32:12 rrsagent, make minutes 06:32:12 I have made the request to generate http://www.w3.org/2015/10/28-wpay-minutes.html Ian 06:32:33 jystewart has left #wpay 06:36:55 AdrianHB has joined #wpay 06:39:38 zkoch has joined #wpay 06:40:41 ShaneM has joined #wpay 06:40:42 hfujisawa has joined #wpay 06:41:59 dannyjeo_ has joined #wpay 06:42:38 hfujisawa has joined #wpay 06:48:06 dannyje__ has joined #wpay 06:48:55 dbaron has joined #wpay 06:50:13 kimwooglae has joined #wpay 06:52:08 zkoch has joined #wpay 06:52:13 shepazu has joined #wpay 06:52:16 ShaneM has joined #wpay 06:58:43 hfujisawa has joined #wpay 06:59:49 hfujisawa has joined #wpay 07:02:41 sam has joined #wpay 07:03:12 kimwooglae has joined #wpay 07:06:12 shepazu has joined #wpay 07:07:48 akitsugu has joined #wpay 07:09:29 m4nu has joined #wpay 07:10:19 rbarnes has joined #wpay 07:10:34 rbarnes has left #wpay 07:10:50 chaals has joined #wpay 07:11:33 jystewart has joined #wpay 07:11:37 Rouslan has joined #wpay 07:12:04 dsr has joined #wpay 07:12:40 ShaneM has joined #wpay 07:14:07 dbaron has joined #wpay 07:16:09 dannyjeo_ has joined #wpay 07:16:33 Karen has joined #wpay 07:25:35 shevski has joined #wpay 07:25:53 zkoch has joined #wpay 07:27:44 shepazu has joined #wpay 07:28:15 AdrianHB has joined #wpay 07:28:37 jystewart has joined #wpay 07:33:16 Karen has joined #wpay 07:43:59 AdrianHB has joined #wpay 07:49:54 yaso has joined #wpay 08:03:10 zkoch has joined #wpay 08:05:22 sam has joined #wpay 08:06:05 hfujisaw_ has joined #wpay 08:08:39 rrsagent, bye 08:08:44 rrsagent, set logs public 08:08:45 rrsagent, bye 08:08:45 I see no action items