W3C

- DRAFT -

Web Payments IG Publication Administrivia Telecon

17 Jul 2015

See also: IRC log

Attendees

Present
Manu, Matt, Ian, Adrian, Katie
Regrets
Chair
Everyone!
Scribe
collier-matthew, manu

Contents

<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/9e4b80680ccdbe040bf22ace404beed3e66ba637

<github-bot> 13webpayments-ig/06master 149e4b806 15Ian Jacobs: Moved bit about native to scope...

<collier-matthew> scribenick: collier-matthew

<manu> scribenick: manu

Finalization of Charter

manu: What's the plan for sending charter to W3M?

Adrian: Comments are closed, Ian has made a few changes, I'm happy to make a few minor changes - need to stick to deadline, let's get a version out.

Ian: I've been reading through various threads - not read full charter yet, just focusing on sections that are target of various threads, making little adjustments as I go.
... My goal is to finish edits and push to IG an updated charter later today - late afternoon Chicago time, nothing radically different. There is an outstanding question to Zach, one goal about easier integration of payment schemes by service providers.
... That's one area where I think there could be an improvement. Don't know the status of all the threads. So, small tweaks - they feel editorial.
... I haven't touched the deliverables yet - test suites - the WG will allocate test suites... simply, it's a deliverable.
... It was a bit surprising - it will increase workload on the group - good practice.
... Tweaking section on discovery a bit - removed Credentials CG.
... IG should have that liaison.
... The concept of an optional deliverable makes me a bit weary.
... Wondering if formatting was strange for card example.

<Zakim> manu, you wanted to speak to optional deliverables, Credentials CG.

<Ian> manu: Doesn't hurt to include liaison to the credentials cg

<Ian> ...you need to know about endpoints

<Ian> ..and some work will happen around identity

Ian: Credentials are mentioned as high-level goals for the future - expansion of wallet capabilities for the future. My expectation, as I understand it, we're leaving identity/security to the schemes - trying to keep the charter lean. Some people will wonder why there is a liaison if there is no good reason.

<Ian> Manu: It has to do with what goes into the message

<Ian> ..the same goes for security

<Ian> ..note that schemes don't have signature mechanisms and we are likely to want signatures

<Ian> ..if we want to do offers in the future and we don't have signatures, it's a massive security holes

Ian: We have a section on security/privacy considerations, could we put that in there?

<Ian> katie: danger if people don't know we are thinking about this

Katie: I agree, there is a danger in not communicating that we're going to be paying attention to this.
... The point is, for now, we're going to rely on the security of the schemes. Maybe not this WG, but the W3C.

<Ian> Manu: Both specs *could* involve reds.

Ian: We have a payments vocabulary spec, and a web payments 1.0 spec - where does it fit in?

<Ian> Manu:...I'm skeptical that we can do anything interesting that is complete separate from credentials

AdrianHB: I'm not sure, but I think I see Ian's point. We're in v1, leaving the stuff up to the scheme.

<Zakim> manu, you wanted to ask what scheme security we're using.

<Ian> Manu: I think we can do payments without credentials...trying to do the things with credentials will open up the scope that we heard people don't want (from FTF discussion)

<Ian> manu: What security will we use that the schemes use.

<Ian> (Ian hearing both Manu and Adrian speaking about requirements that are IMO below the level detail of this charter)

AdrianHB: I think it'll be difficult to convince card brands to use a new mechanism to secure their information.
... This is phase 1, get a flow and standard message in place that allows the rest of the stuff to evolved.

<Zakim> Ian, you wanted to say that liaison missing based on this statement: "Development of such a standard will require collaboration by the group with the owners of the existing global

Ian: Development of such a standard will require collaboration by the group with the owners of the existing global card schemes. but we don't have that liaison relationship. Is this only EMVCo that you have in mind?

AdrianHB: They're an association of card brands, I don't know if they're exclusive of any associations.
... That could be a very long list.

Ian: We need a liaison w/ EMVCo. We should comment about it in the liaison list.

AdrianHB: There are two ways of solving this - we have a message back and forth w/ sensitive data that needs to be protected - probably needs verification of where it came from. That's what's broken w/ payments today. What I'm suggesting in the card payments scheme - cards already have a way of solving this - they use tokenization, wallet should fetch token to use instead of card number itself. Card schemes are happy with that.
... ApplePay use such a scheme, they get better card rates than card not present transactions.
... Second option is generic scheme specific data goes here, it must be signed and encrypted in this way - generic mechanisms to encrypt and sign data.
... We hope all payment schemes are comfortable with the method and hope they adopt it.

Ian: Should we put 'encryption' and 'digital signatures' in there as considerations?

<Ian> add parenthetically after "While the initial work of the group will leave much of the required security and authentication to the payment schemes"

Ian: What about adding that?

<Ian> "(e.g., encryption, and digital signatures)"

Ian: I feel like we could handle the credentials question in the same way as the security question.
... It feels to me like, one way we could do this in a way that's safe is to put, out of scope "this group will not develop standards for credentials, but should be aware of developments in the space for future enhancements for the payments ecosystem"

Katie: hmm...

Ian: I'm reluctant to mention things that might preclude other things from happening. In general, we should not be overly explicit. People might get nervous about this group doing credentials stuff. We're not doing credentials, but W3C anticipates those discussions continuing w/in W3C and we should be aware of them.
... Nothing against the CG, but we're in the middle of figuring out our strategy around credentials.
... One other way to do this is higher up - credentials is mentioned as a web payments thing, so another answer is that we deal w/ it in the first section of the charter.

<Ian> " The Web Payments Interest Group will continue to guide the W3C in the Web Payments activity and may propose new working groups to cover topics such as identity, credentials and commerce (including invoicing, receipts, loyalty programs, coupons, discounts, offers etc.)."

Ian: That's from the website

<Ian> <p>

<Ian> The Web Payments Interest Group will continue to guide the W3C in the Web Payments activity and may propose new

<Ian> Working Groups to cover topics such as identity, credentials and commerce (including invoicing, receipts,

<Ian> loyalty programs, coupons, discounts, and offers).</p>

Ian: That's from the document text ^
... Putting the Credentials liason in there feels problematic, that the group might need to dive into credentials feels risky.

<Zakim> manu, you wanted to note that we have other things to discuss.

Manu: I'm concerned that someone will use the charter to prevent discussion around Credentials.

Katie: I'm not sure what you mean about face-to-face discussion around Credentials being taken off of the table.

AdrianHB: I think "future functions of wallet service" covers credentials.
... When we design messages/flow - we need to consider future functions that leverage the same function.

<Zakim> manu, you wanted to move on.

Ian: The current sentence I have - additional functions, digital receipts, credentials, etc. Wallet metaphor may become inappropriate.
... This group should be discussing, in liason w/ WPIG, should remain aware of W3C work on payments related topics.

<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/fce67a9dade31c43071d31db0aba424811c9b1f3

<github-bot> 13webpayments-ig/06master 14fce67a9 15Ian Jacobs: IG liaison role in future section

<Ian> Manu: Examples of option specs: JSON-LD moved to CG then re-integrated into the WG

Ian: I'm happy to have prefaced w/ this is new to me :)
... Thanks for the real world example - if I'm asked by W3M, they're interested in resource allocation/deadlines - there is precedent for this, and it worked well. Best Practices document, should that be treated as an optional deliverable?
... Group will document best practices - some expectation set there, presented differently than optional card scheme thing.

AdrianHB: Moving discovery best practice up to optional deliverable makes sense.

Ian: I will go back to editing today, share results.

Manu: What's the plan?

Ian: my expectation - Technology and Society Domain call on Monday, and Chairing w/ Wendy - get T&S support. Monday, I'd like IG sign off on document.
... I may be late for that meeting, but would like IG to give a green light, and then T&S give a greenlight, then will move back to W3.org URL, then will send to management team a request to approve the charter.
... And add a timeline... approval would be on 29th of July by W3M. Then go to AC in early august, approval by mid September, launch by end of September.
... Two week processing of comments, if it all goes well, we should start the group and group should meet first week of Oct, then meet in TPAC.
... I'm hoping we have 8 week notice before , we should announce the schedule early.

Publication of Vision

Manu: You updated the vision, Ian?
... Can we just push it out to the URL?

Ian: I forgot to sync, but had pushed my version to website, so I think it already had my edits in it.
... If you pull, you should find that.

Manu: Nothing to do w/ the vision document.

Publication of Use Cases

Manu: I updated the use cases document last night with all of Ian's requested changes: https://dvcs.w3.org/hg/webpayments/raw-file/default/ED/use-cases/2015-07-15/index.html

https://github.com/w3c/webpayments-ig/commit/ee0e47afbf9834033d26a4b0d083a467ac794ab9

<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/74f6dc796d5c484007ed9171747cfa357ac08236

<github-bot> 13webpayments-ig/06master 1474f6dc7 15Ian Jacobs: Harmonize card payment / best practices...

Manu: We're going to ask Chairs to publish a new WD for this.

Ian: Yes, prior to AC review. W3M can look at them in github/dvcs.w3.org - looking at publishing moratorium now... I'd say if we can have it by the week of the 20th or week of 27th.

Publication of Roadmap

Manu: Can you publish this today at /Payments/IG/Roadmap ?

Ian: yes, will do that once you push changes.

Manu: Since it's an Editor's Draft, we can just push it to IG space and then ask for approval, making it an IG note at some point.

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/07/17 14:59:15 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/liason/liaison/
Succeeded: s/dignatures/signatures/
Found ScribeNick: collier-matthew
WARNING: No scribe lines found matching ScribeNick pattern: <collier\-matthew> ...
Found ScribeNick: manu
Inferring Scribes: collier-matthew, manu
Scribes: collier-matthew, manu
ScribeNicks: collier-matthew, manu
Present: Manu Matt Ian Adrian Katie
Got date from IRC log name: 17 Jul 2015
Guessing minutes URL: http://www.w3.org/2015/07/17-wpay-minutes.html
People with action items:
[End of scribe.perl diagnostic output]