See also: IRC log
<jyrossi> https://www.w3.org/Payments/IG/wiki/RegulatoryLandscape/FlowAnalysis
jyrossi: Welcome!
Mark: Thanks!
jyrossi: I have been busy and not
as productive as I would have liked to be. We've also made some
changes in the Canton team involved in w3c
... I will be able to devote more time to this effort between
now and the FTF meeting
jyrossi: At previous meeting we
discussed how to tackle this question of ensuring alignment
with regulations
... we are planning both a top-down (gathering relevant regs)
and bottom-up (characterizing the spec) approach
... the bottom up approach will involve people reviewing
materials (the spec or higher level summary) and raising issues
that might hinder adoption.
... the top down approach is to review regulation and thinking
from a regulatory point of view (for a few main
jurisdictions)
... the goal of this approach is to create an inventory of
regulations that people need to be aware of
... Ian brought materials today relevant to the bottom-up
approach
... we will come back to the inventory approach and how to
enlarge the network of experts
... and how to list issues that we will want to check (in the
specs) and help us determine if there may be challenges wrt
those issues
<vkuntz> +1 on the approach
(No comments on the approach)
mark: My only concern about the
approach is that rendering an opinion about regulations may be
perilous
... we don't want people to rely on our opinions
... we are not a legal authority and don't want to put
ourselves in that position.
jyrossi: +1.
... My suggestion today is that we start with the bottom up
approach and keep 15 mins at the end to talk about
top-down
... and look at "how to progress" on that parallel effort
jyrossi: We discussed last time
how to help reviewers understand the spec
... Ian wrote up a draft
https://www.w3.org/Payments/IG/wiki/RegulatoryLandscape/FlowAnalysis
<jyrossi> Ian : I had a call with William. Through this conversation, it appeared necessary to show how the flow happen
<jyrossi> It is a non graphic description, so far but it could to understand what is designed and what happens before, during and after payment.
<jyrossi> Ian: this drives to show how the ecosystem interact with such steps
<jyrossi> Ian: this drives to show how the ecosystem interacts with such steps
<jyrossi> We could consider for instance how PCI-DSS could impact our process, on key steps
<jyrossi> it is not exhaustive but could be a useful start and way to progress
<Zakim> dezell, you wanted to ask about high-level themes
dezell: I think there is overlap with JY's themes
<jyrossi> https://www.w3.org/Payments/IG/wiki/Main_regulatory_topics_about_payment_services
jyrossi: In the top-down approach
we have established as a possible deliverable a similar list of
regulatory topics
... I changed the page recently, trying to organize the
questions and sub-levels to get closer to the steps of the flow
in Ian's doc
(+1 to convergence)
jyrossi: it would be possible to
correlate the way we order the relevant regulatory questions of
main jurisdictions
... I'd like to review the list with Ian (e.g., by phone)
q
IJ: +1 for your list...I think
some things are quickly integratabtle as "outside the flow"
(e.g., related to enrollment)
... but the labels are also helpful to remembering regulatory
topics that are relevant within the scope of the spec
<vkuntz> Need to be careful not to put something out of scope too quickly
(Agreed, vincent)
jyrossi: The limit of the
transaction is relevant to the flow
... if you miss checking AML requirements, you miss some
constraints that are relevant to the transaction
... this is just to illustrate the value of looking at
regulatory themes as well as looking (bottom up) at the
spec
vkuntz: We need to be careful not to put some regulations out of scope too quickly
<jyrossi> +1 for a distinction between notes for spec authors and notes for Spec users
dezell: +1 to the phrase
"theme"
... let's create a list that can be shared by both the top-down
and bottom-up approach
<scribe> ACTION: Ian to review Jean-Yves' list and propagate the themes through his flow analysis [recorded in http://www.w3.org/2017/02/16-wpay-reg-minutes.html#action01]
jyrossi: Ian, would it be possible to add to the flow analysis page some graphics?
(Yes, but I am bad at that)
scribe: also, you linked to the
web payment overview document
... is there an update to that?
https://www.w3.org/2017/Talks/ij_payments_201701/w3c.pdf
(cf diagram on slide 28)
+1 to graphics; I am bad at them
jyrossi: I would like to
encourage Ian to work on a diagram
... Here are some thoughts on the flow analysis:
1) It's very positive how you ordered the flows...helps suggest very precise questions
scribe: it's easy to assign
precise regulatory references in front of some steps in the
process
... regarding credentials, for example, there are articles
66/67 of PSD2 that come to mind
... so I think that there is some heuristic added value of the
flows you introduced
2) The point where we should be cautious is that the description of what we are doing
scribe: has been done starting
from a statement about the fact that PSPs are out of scope
because they are conflated with the Payee
... so this simplification of "payee" raises some questions for
me
"Note that the payee may delegate part of the checkout experience to its service providers. Indeed, the payee may never see payment response information that is sent directly to its service providers. In the description below, we simplify by referring only to the payee. "
jyrossi: This might strike regulators as strange. Regulators want to understand the kind of service provider
IJ: Nothing changes from the status quo in this regard by virtue of the API
jyrossi: Regulation has changed, even if it's the status quo
IJ: It doesn't affect us specially; we should not focus on it because there is nothing different via the API
jyrossi: I'm not convinced yet
jyrossi: Regarding building an
inventory of regulations
... as you know, we started to list main jurisdictions
<jyrossi> https://www.w3.org/Payments/IG/wiki/Main_regulatory_topics_about_payment_services
jyrossi: I invite others to add to this list
[/me has to go
IJ: Proposed 2 March
jyrossi: +1
<vkuntz> +1
kris: Regrets for that date