W3C

- DRAFT -

Push Payments and PR API

18 Oct 2016

See also: IRC log

Attendees

Present
Regrets
Chair
SV_MEETING_CHAIR
Scribe
Ian

Contents

<Roy> https://github.com/w3c/browser-payment-api/issues/287

https://github.com/w3c/browser-payment-api/issues/224

<scribe> scribe: Ian

Roy: One question is whether this is for payment apps to support or mediator
... another proposal has been a callback URL
... indeed one for the payment app to call the merchant AND a callback for the merchant to pull the payment app

IJ: Can we generalize to talk about the merchant pinging the payment method provider (might be app, might be a server)
... the callback URL is to some entity with the authoritative state (which might be the payment app or a server)

Roy: If you force the payment app to expose a callback URL, this goes into Adam's thread about the semantics of the transaction ID
... if you expect the callback Url to reference the browser-provided ID, then you are expecting something meaningful...@@
... If you are providing a transaction ID from the mediator..it is trivial for people to use that as a safety mechanism to map from browser ID to something in their own system that is meaningful
... but if you create a callback Url at the mediator level, you are forcing people to apply additional semantics on top of that transaction ID
... the thread calls out some issue like SEPA (can't have other parties generating the IDs)

IJ: Are both push and pull callback URLs necessary and what is used in the real world?

AdamR: We have been talking about returning a URL to the merchant to poll...that can be provided per payment-method
... I think that's the right thing to do since how to use that URL (how to GET and format of results) will be specific to that URL.

IJ: When does the handoff happen?

AdamR: Leave that aside for a moment.
... The other way that could be possible (and could be generalizable and would make use of mediator-generated ID)
... app would be able to query the URL with standardized data
... the URL itself becomes an internal matter of the payment app
... I think this approach is cleaner

MattS: One thing that wasn't clear to me was about whether we are polling an instance of an app or a back end server

IJ: I want to frame this as a question of "poll authoritative info"

MattS: So that sounds like the intent is a long-term URL

PROPOSAL #1

- URL for a merchant-callable service for authoritative payment information that is returned in payment response data with a standardized name.

AdamR: I think that's low value. That's a very small part of what needs to happen.
... for any given payment method you need to know how you use the URL and what the response looks like.

IJ: This could vary by service, not even just payment method

AdamR: I am correlating status information with payment method

Roy: I think that for proprietary it may be too much to consolidate responses with status info into something standard.
... A good way to back up here is for us to reach consensus on the first goal

E.g.: Have infrastructure in place to enable someone to get status information (whether easy or hard)
... another goal is "standardization to enable push payment methods"
... for me personally it would be valuable to have facilities in place for someone to figure out "what happened to my payment"

AdrianHB: Regarding the second goal, we've been here before on other topics - when you get to the question of "what implementers have to write" if you only have a bit of standardization, then that bit may not be worth it.

PROPOSAL #2

- URL for a payment service to call a merchant to send status information

AHB: ..but I think that without a standard format that won't be very useful
... Are we thinking of creating a "Basic Push" spec that includes a few terms?

Roy: I propose that we punt on the "Push Payment" part and handle just the error-handling
... I think transaction ID is not contentious but you need to be able to do something with it.

AdrianHB: In card world, if you don't get a response you fail

IJ: I want to posit "We just need one callback URL" since one entity can say "Call me back here"

Pascal: For scalability it matters who starts the communication

AdrianHB: If you are just synchronizing on state, it's a simple matter of chatting back and forth
... an alternative to staying synchronized on state of transaction is for orgs to be able to send reversal requests

MattS: Scope question - synchronization of state has multiple use cases. Is our focus just failure?
... I think we have three use cases we are potentially conflating. Let's nail down the use cases
... I hear thre

1) I want to recover from a failure

2) I want to stay up to speed with an async transaction

(pull)

3) I want to stay up to speed with an async push transaction

<Roy> Proposal: scope ourselves to providing minimal infrastructure to recover from failure at the spec level, iterate on it later

AdrianHB: I think we are just focused on push

MattS: There are payment methods where the merchant contacts the payment providers - the payer gives the merchant credentials and the merchant contacts the PSP...but I think that's out of w3c use case
... so I conclude that our focus should be PUSH
... there may be an interesting split use case - the payment app does the authorization ,but the merchant does the execution. Paypal works sometimes this way.

AdrianHB: I would still call that "pull"...I think the thing we are MOST worried about is that the payment is processed and the merchant doesn't know it.

MattS: When authorization is async and outside of browser view, it would be useful for the merchant to know some intermediate states

PROBLEM: merchant needs authoritative information about whether a payment was processed.

MattS: Often there's three answers: success/failure/pending
... Worth capturing (but not considering now)...you want to know the status of a pending authorization....I agree we should be focused on TRANSFER OF FUNDS and not FUNDS ON HOLD
... the reason it's still worth considering is that CHARGES CAN ACCRUE when funds are put on hold

<Roy> yes

PROPOSAL: Provide infrastructure to enable a payee to determine authoritatively whether there was or will be a transfer of funds

MattS: BACS transfer can take 5 days...during 5 days you might poll PSP and the answer is still pending
... +1

Roy: +1
... I think to get this we want (1) transaction ID and (2) reference to a service that uses it
... I think the transaction ID needs to be routed to the mediator to the payment app

IJ: When is transaction ID handed to merchant? EG when control handed to payment app

Roy: Yes, but I think the merchant should get back the ID when they release payment request data to to the browser.

AdamR: The way the current proposal happens - you get the transaction ID at the creation of the payment object
... we can specify that it's meaningless until you call call() or whatever

<AdrianHB> +1 for having an ID as early as possible

PROPOSAL: Transaction ID generated by the mediator returned at construction time

<AdrianHB> COUNTER-PROPOSAL: Transaction ID generated by the mediator and available via a property of the PaymentRequest object at construction time.

IJ: Question is who should provide the URL: payee or PSP?

<AdrianHB> Payee

Roy: Large PSPs want to push notifications to avoid being pinged a lot

AdamR: I think response data will be payment-method specific

AdrianHB: If there were a single callback URL where the payload is standardized across payment methods that would provide value.
... you don't have to expose new endpoints for new payment methods

AdamR: Sounds reasonable

IJ: So to the data could be something like:

* transaction ID

* Origin

* State (one of success/fail/pending)

(strike Origin)

IJ: Is that useful enough as a starting point?
... I want to answer the question - were funds transferred?

AdrianHB: I think that as a merchant I will be able to determine that based on the payment method.

IJ: But you didn't say anything yet.

AdrianHB: I think the state is payment method specific, and that would be private data
... e.g., paypal might say "we're checking for fraud"
... merchants need to know how to handle that data for integration of that payment method

<MattS> +1 to AHB, perhaps standarise the field name as a string type?

AdrianHB: this is essentially an alternative channel for delivering the payment response data.

<AdrianHB> PROPOSAL: PaymentResponse (from PSP to Merchant callback instead of returned via API) contains: TX ID, payment method id, payment method specific stuff

MattS: We could define a "state" well-known field name, as an opaque string

Adrian: I think we should think of this is sending payment response data via HTTP with in addition a transaction ID.
... the response includes method identifier and response data (which is method specific but MAY BE DIFFERENT) than what was returned via PR API...and add TX ID
... We would not specify the data MUST BE THE SAME because that's payment method specific.

======================

* Problem: enable merchant to know authoritative info on transfer or pending transfer (in case of failure)

* Proposal:

- mediator generates a unique TX ID that is part of the payment request object

- merchants can specify callback URL for PSPs to send TX ID + payment method identifier + any payment method specific data.

IJ: Does this go in basic card or PR API?

(IJ thinks it's PR API given goal of cross-payment-method)

- the merchants would provide this optional callback URL in PR API data because the goal is for them to have a single endpoint cross payment methods.

MattS: One approach is:

- identify the pattern

- do it payment-method specific

- if it's used, elevate to PR API in next version

MattS: We want to determine whether it NEEDS to be in PR API (and thus has impact on API today)

AdrianHB: I think that the TX ID is important to have now...

IJ: I am hearing a split in urgency: TX ID in PR API; then payment method specific callback URLs

AdamR: Are we envisioning that in the future people will have to try both?

IJ: that sounds right
... is that a problem?

AdamR: If we can predict it will happen, I think I would tend to avoid it.

<MattS> +1 to AdamR

IJ: Questions (1) who will write up (2) should we start by having both in PR API as a proposal?

<scribe> ACTION: Roy to write this up and lead discussion at the 20 Oct call [recorded in http://www.w3.org/2016/10/18-wpwg-push-minutes.html#action01]

Summary of Action Items

[NEW] ACTION: Roy to write this up and lead discussion at the 20 Oct call [recorded in http://www.w3.org/2016/10/18-wpwg-push-minutes.html#action01]
 

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.148 (CVS log)
$Date: 2016/10/18 16:07:17 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.148  of Date: 2016/10/11 12:55:14  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found Scribe: Ian
Inferring ScribeNick: Ian

WARNING: No "Topic:" lines found.


WARNING: No "Present: ... " found!
Possibly Present: AHB AdamR Adrian AdrianHB COUNTER-PROPOSAL IJ MattS PROBLEM Pascal Proposal Roy https joined pascal_bazin_ wpwg-push
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

        <amy> Present+


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 18 Oct 2016
Guessing minutes URL: http://www.w3.org/2016/10/18-wpwg-push-minutes.html
People with action items: roy

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report
[End of scribe.perl diagnostic output]