See also: IRC log
<Ian> https://www.w3.org/Payments/IG/wiki/Vision2017
Ian: New focus of this work is to bring proposals for new work for IG to develop in 2017
<scribe> scribe: manu
Ian: Some work has begun to take
hold in Community Groups, in the case of Verifiable Claims, has
been proposed to the members. The IG is looking for other
standardization opportunities. People that have signed up for
the TF have helped identify and will help prioritize items for
2017.
... I have a task for reviewing proposals for face-to-face
meeting. Right now, we're trying to finalize meeting space on
22nd March.
... We'd like to do enough work to have something interesting
to discuss in March.
... I've asked folks to prepare slides, we will get preliminary
proposals discussed today, hope to have more in the
future.
... I have not spoken w/ all of you in advance wrt. what each of
you will be bringing, but we'll find out today what we can
cover and what will be on the agenda for the next time.
... Any questions/thoughts on scope and focus of initial six
weeks.
manu: I'm clear on what we're doing for the next couple of weeks.
jeff: In the general area of
digital marketing, ecommerce, web payments, there is a lot
going on in the Web and very little standardization. There is a
huge area of opportunity. I think what we'll need to do over
the next several weeks is sort out some of the most promising
topics. We need a path to move these topics forward.
... To achieve success, we have to specify a well thought out
path. What's the incubation task, what are the use cases,
etc.
... We should be thinking of not only topics, but how we move
them forward and achieve success.
<Ian> manu: On the question of how we go from topic to incubation to proposed WG charter...we've learned a lot in the IG over the past couple of years about what's necessary to start work and keep it on track
<Ian> ...would it help to have a template that groups can follow?
<Ian> ...processes that have been used to start different groups have shifted
<Ian> ...not so much the W3C process, but the "different things that need to be produced" to start work
<Ian> ...the amount of work we are doing is expanding, but the number of experienced people we have at W3C is not expanding as quickly
<Ian> ...so we need to be sure that people understand what's required..and we also risk spreading people thin
<Ian> ...I have some concerns about resources
Ian: I think there are a few issues in there that we should identify - for example, resourcing - mature proposals, we should be explicit about resource expectations, I think before then, we may have fewer resource constraints before prioritization. There is the question of how familiar people are with starting work at W3C. I wouldn't want that consideration to hinder us from the phase of brainstorming. These are all good topics, we should emphasize different things and different times.
Ian: From my initial plans, I think it's getting subjects on the table and seeing who we can/need to have in the discussions to fully understand the topics. That is the earliest phase of the work.
dezell: Welcome to John Carrier, our colleague from IFSF.
<dezell> members -> problems -> use cases -> straw spec -> charter
dezell: I think it's helpful to
have templates
... We wanted to figure out who the right people were, develop
the problems, then come to use cases, propose a straw
specification (being incubated), and then to a charter.
... If we're lucky, we have implementations of the straw
specification.
... I welcome discussions on how to make this faster/more
streamlined.
... There are a number of things on our list for this year.
Hearing John here makes me aware that we have specifications
that are widely adopted and in vertical, I'm here because W3C's
global reach is larger than the vertical consortium can get to.
This is a slightly different vision, global standards that
benefit ALL activities on the Web. I don't think my list is
great, some of those are aligned with mechanics of open web
platform. I think we have to examine all facets of these ideas.
Ian: I want to make sure we have an opportunity to hear from everyone on the call and what they'd like to cover, if not on today's call, on the upcoming calls.
Ian: Let's go around the table and ask if folks have topics.
Amy: Vision is a monumental task,
focusing on "do no harm"
... There is a need for "rules of the road" that enables all of
this exciting stuff to take place are known, there are so many
other groups and activities, I hope that there is a way we can
leverage what is going on and share the information to figure
out reasonable path going forward.
<Ian> [Ben Smith, Amex]
Ian: There is an opportunity to put more focused items on the table in the upcoming weeks.
<Ian> "Securing CNP Transactions"
Ben: I'm a product development
manager at Amex, participant in mobile and payments WG as well.
There is an area around security, more specifically, securing
card not present transactions. That applies to web payments
work, thinking further ahead, CNP transactions and underlying
payment instruments will change.
... Security measures to protect against fraud will change. So
a couple of thoughts wrt. W3C.
... Do we have a good feeling what current security measures
look like to protect the ecosystem (attacks on card data). How
do we see W3C positioned within that landscape. Do we feel more
can be done? What are the approaches? FIDO, EMVCo, etc. What
are the emerging products and who is emerging them.
... This has to do with the right tension, ease of the customer
transaction - vs. making that transaction secure. As an
industry, how is security being viewed.
... Then there are specifics around regulation, PSD2, SEPA, SC
Auth, what other regulatory factors exist?
<Ian> ("what are the problems"? "Who is involved in solving them as a whole?" "What are the regulatory pressures?")
Ben: Then, once a lot of that is
understood, better understanding of landscape, what areas are
relevant to W3C?
... How does W3C want to go into that, how that translate into
the Web Payments WG.
<Ian> [David Ezell, NACS]
dezell: I split the topics into 3
areas.
... General transaction requirements
... Financial industry requirements
... Common requirements to payment transaction and financial
industry.
... General requirements - #1 digital receipts
<Ian> (There are digital receipts standards, e.g., ARTS)
dezell: For any topic that I
mention, the first thing to do is state the problem and check
parallel work. There are probably digital receipts elsewhere,
reference them, produce something that fulfills something more
effectively.
... This is not necessarily suggestions for new work.
... #2 - a transaction data model - the federal government
wants to know what fuel products are being bought, being able
to aggregate purchase information.
... so, refining capacity can be tailored... all of that
information, the decentralized locus of control is payment
network. For financial industry, these are things that don't
have to do with mining goods/services in browser, but
organizations like Bloomberg, purchase orders, invoices,
account advice, those are data model items.
... How do we make purchase orders, invoices, account advice
available to broader Web ecosystem.
... #3 real-time regulatory reporting - we could do research on
that.
... One of the biggest things - identification of security
gaps. sensitive data or PII that should be private is exposed.
HTTPS type encryption is not adequate in a lot of environments,
that inadequacy is coming soon in our direction.
... Ancillary topics - point to point encryption, tokenization,
and those sorts of things. Finally, clearer support for push
payments. Mobile web applications have the ability to
communicate with issuer and issuer communicates with
acquirer.
... We want to make sure they're useful, help level the playing
field on these topics.
Jeff: That outline of topics is supportive of what I said in the beginning, what we could do, I think a possible approach to this task force is to accumulate topics and then prioritize 3-4 of them that seem most promising and do some more detailed analysis, how big are the stakeholders, how many of them are there? That's a possible approach to filtering down from a universe of things we could do to a small number of tangible things we can focus on.
<Ian> ===
<Ian> * What specific problem are we solving?
<Ian> * How big is the problem?
<Ian> * Why is W3C in a unique position to help solve it?
<Ian> * Who needs to be involved?
<Ian> * What work is going on elsewhere?
Ian: Yes, as we hear other questions we should take back and use/answer the questions above as we analyze each one.
<dezell> without interrupting - segregating "what could be a standard" from "what should be research" can also help.
Ian: For example, for digital
receipts, there are standards for that, but what is missing
from specific use cases where W3C could add value. If only we
had the means to do X, the Web could benefit in way Y.
... W3C is well positioned to help end-users. There are a lot
of organizations that help back-end processes, so focus on
users is not exclusive, but it's a good starting point.
<Ian> [Ted Guild, W3C]
Ted: Ted from W3C, I lead the standards effort that's taking place around connected vehicles.
<dezell> also 1 note - I didn't mention Regulatory issues since we have a current Task Force.
Ted: Back at TPAC in Sapporo,
Automotive and Web Payments met, Jaguar did a presentation on
use cases for handling payment transactions from vehicles, both
the activities reached a level of maturity where we want to
look at these things in more detail.
... There is some momentum here that's worth exploring.
Ian: Can you say a word around payment scenarios and vehicles (the most interesting ones)?
Ted: Fuel, Charging, Tolls, usage and congestion fees, etc.
<Ian> (interesting: electric may reduce fuel tax revenue; need new revenue models)
Ted: Car sharing scenarios, subscribing to ride sharing services, avoid distractability, etc.
Ian: That suggests another items to the list "incentives" - what are the new incentives to drive these business cases?
<ted> Automotive Web Payments notes
<Ian> [Ken Mealey, Amex]
Ken: From a purely parochial
perspective, we have a particular way of looking at payments in
general (from a holistic lifecycle perspective).
... We are trying to align with other WG members with how they
look at payments lifecycle. I don't know if there is an
opportunity to put project management relationship between IG
and WG?
... If WG comes up with poorly defined requirements, those get
kicked back to IG for further refinement.
... Amex tends to look at a roadmap, two general buckets that
are getting in scale - regulatory activity at a global basis,
and then how authentication is working together - biometric
authentication is being mandated in india, how will that impact
the work we're doing, should we incorporate a regulatory review
of trends happening? How will that impact requirements? Roadmap
- as Web Payments are involving, is there a way to incorporate
that type of view into the IG deliberations? How would it be integrated
into overall work we're doing?
<Ian> [Manu Sporny, Digital Bazaar]
<Ian> Manu: How can we bring work going on at W3C today so that the user experience is seamless? What is the relation to digital wallets?
<Ian> ...payment request API, digital offers, verifiable claims...digital wallets make use of all of these
<Ian> ...merchants want users to be able to fulfill certain conditions, some of which can be expressed via verifiable claims
<Ian> ...what we see missing is linking all of these things
<Ian> ...there are broader ecosystems considerations that we need to take into account
<Ian> ...digital bazaar lens is that people will use digital wallets
<Ian> ..so analyzing those use cases, specifically with W3C technology and how end user is affected is what we'd like to do this year
<Ian> [Dapeng Liu, Alipay]
Max: Some initial thoughts - in
the Lisbon meeting, we invited some Chinese vendors to
demonstrate their payment products to show the user
experience.
... We haven't had enough time to discuss new requirements for
different kinds of payment scenarios, we can continue this
activity in this payments interest group - more vendors, not
limited to Chinese vendors to demonstrate their product,
develop use cases and identify problems, that would be
useful.
... Second one, in Payment WG, we have PaymentRequest API, the
specification can support both web-based and native payment
apps. The truth is that we haven't spent enough time on the
native payment apps. So, maybe in this payments IG, we can
develop requirements and use cases for native payment
apps.
... For example, how do native payment apps interact with web
and how does native app interact with web?
<Ian> "Virtual Reality Payments"
Max: The third thing I want to discuss - Virtual Reality payments - this is a hot topic right now. Alipay has a VR payment product.
<Ian> (See the recent Virtual Reality Workshop => https://www.w3.org/2016/06/vr-workshop/ )
<Ian> ( Report => https://www.w3.org/2016/06/vr-workshop/report.html )
Max: In this product, the users
can buy things in a Virtual ecommerce shop, and they can do the
payment using the VR ecommerce shop. If the user uses the web
browser as the VR platform, there will be requirements for VR
payments.
... The fourth one is security, as many colleagues mentioned -
security is important. There was an effort in W3C that is
trying to standardize interface between web and trusted
execution environment.
... There was no result coming from that effort?
... So, how does interaction with a Trusted Execution
Environment and the Web work?
... Those are initial thoughts.
<Ian> [Natasha Rooney, GSMA]
<Ian> * PSD2 changes
<Ian> * Developing world payments
<Ian> * Mobile Money API from GSMA (connects merchant to mobile money platforms)
Natasha: Changes are going to happen in Europe, PSD2 stuff, use cases for payments in developing world. Mobile money transfer is important in developing world, maybe work can be done there wrt. W3C. GSMA has launched mobile money platform - this is more about how merchant takes money and handles it after that.
<Ian> [Pascal Bazin, Gemalto]
Pascal: Security is a big topic
for us.
... Card present on the Web, maybe there is no big demand from
industry, but CNP on the Web is possible, maybe we could
investigate a bit on that.
Ian: perhaps we can meet at least two more times, are people okay for a next call?
<Ian> Proposal next call: 3 February at 9am ET
manu: +1
<dezell> +1 (I'll be at ISO TG1, but will step out)
Ian: I will send out information for that call.
<Ian> ===
<Ian> * What specific problems need to be solved? What user story illustrates this problem?
<Ian> * How big is the problem?
<Ian> * How will users benefit?
<Ian> * What are the various incentives?
<Ian> * Who needs to be involved in discussions?
<Ian> * What work is going on elsewhere?
<Ian> * Why is W3C in a unique position to help solve it?
<Ian> ====
Ian: I think what will help us make progress is to answer these questions wrt. the topics that have been raised. Internal topics for IG, how do we develop a Roadmap, how do we interact with the WG?
<dezell> I believe creation of WGs is one of several goals for the IG.
Ian: Those are less the sorts of
topics that I had in mind, can W3C develop standards that can
advance the Web, we should be prepared to compare internal IG
topics from what the Web needs and how it needs to
expand.
... These are all in scope, but we don't yet know how we should
pursue them.
... I'll come back with Agenda and specific requests so people
can prepare for Feb 3rd call. I'll send further meeting details
out.
Jeff: Given the breadth of what
there is to do, and short timeframe before Face-to-Face, what
gets done between the phone calls?
... There are something like 20 different things we can pursue,
we may want to narrow down what we want to prioritize what we
do soon. We assemble 20 topics, figure out what are the most
promising, do more structured work between calls.
dezell: I'm trying to look up related work on topics. If we can formulate problem statements, might be good work for next week.
Ian: Stay tuned, will have thoughts via email.