See also: IRC log
<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/9e4b80680ccdbe040bf22ace404beed3e66ba637
<github-bot> 13webpayments-ig/06master 149e4b806 15Ian Jacobs: Moved bit about native to scope...
<collier-matthew> scribenick: collier-matthew
<manu> scribenick: manu
manu: What's the plan for sending charter to W3M?
Adrian: Comments are closed, Ian has made a few changes, I'm happy to make a few minor changes - need to stick to deadline, let's get a version out.
Ian: I've been reading through
various threads - not read full charter yet, just focusing on
sections that are target of various threads, making little
adjustments as I go.
... My goal is to finish edits and push to IG an updated
charter later today - late afternoon Chicago time, nothing
radically different. There is an outstanding question to Zach,
one goal about easier integration of payment schemes by service
providers.
... That's one area where I think there could be an
improvement. Don't know the status of all the threads. So,
small tweaks - they feel editorial.
... I haven't touched the deliverables yet - test suites - the
WG will allocate test suites... simply, it's a
deliverable.
... It was a bit surprising - it will increase workload on the
group - good practice.
... Tweaking section on discovery a bit - removed Credentials
CG.
... IG should have that liaison.
... The concept of an optional deliverable makes me a bit
weary.
... Wondering if formatting was strange for card example.
<Zakim> manu, you wanted to speak to optional deliverables, Credentials CG.
<Ian> manu: Doesn't hurt to include liaison to the credentials cg
<Ian> ...you need to know about endpoints
<Ian> ..and some work will happen around identity
Ian: Credentials are mentioned as high-level goals for the future - expansion of wallet capabilities for the future. My expectation, as I understand it, we're leaving identity/security to the schemes - trying to keep the charter lean. Some people will wonder why there is a liaison if there is no good reason.
<Ian> Manu: It has to do with what goes into the message
<Ian> ..the same goes for security
<Ian> ..note that schemes don't have signature mechanisms and we are likely to want signatures
<Ian> ..if we want to do offers in the future and we don't have signatures, it's a massive security holes
Ian: We have a section on security/privacy considerations, could we put that in there?
<Ian> katie: danger if people don't know we are thinking about this
Katie: I agree, there is a danger
in not communicating that we're going to be paying attention to
this.
... The point is, for now, we're going to rely on the security
of the schemes. Maybe not this WG, but the W3C.
<Ian> Manu: Both specs *could* involve reds.
Ian: We have a payments vocabulary spec, and a web payments 1.0 spec - where does it fit in?
<Ian> Manu:...I'm skeptical that we can do anything interesting that is complete separate from credentials
AdrianHB: I'm not sure, but I think I see Ian's point. We're in v1, leaving the stuff up to the scheme.
<Zakim> manu, you wanted to ask what scheme security we're using.
<Ian> Manu: I think we can do payments without credentials...trying to do the things with credentials will open up the scope that we heard people don't want (from FTF discussion)
<Ian> manu: What security will we use that the schemes use.
<Ian> (Ian hearing both Manu and Adrian speaking about requirements that are IMO below the level detail of this charter)
AdrianHB: I think it'll be
difficult to convince card brands to use a new mechanism to
secure their information.
... This is phase 1, get a flow and standard message in place
that allows the rest of the stuff to evolved.
<Zakim> Ian, you wanted to say that liaison missing based on this statement: "Development of such a standard will require collaboration by the group with the owners of the existing global
Ian: Development of such a standard will require collaboration by the group with the owners of the existing global card schemes. but we don't have that liaison relationship. Is this only EMVCo that you have in mind?
AdrianHB: They're an association
of card brands, I don't know if they're exclusive of any
associations.
... That could be a very long list.
Ian: We need a liaison w/ EMVCo. We should comment about it in the liaison list.
AdrianHB: There are two ways of
solving this - we have a message back and forth w/ sensitive
data that needs to be protected - probably needs verification
of where it came from. That's what's broken w/ payments today.
What I'm suggesting in the card payments scheme - cards already
have a way of solving this - they use tokenization, wallet
should fetch token to use instead of card number itself. Card
schemes are happy with that.
... ApplePay use such a scheme, they get better card rates than
card not present transactions.
... Second option is generic scheme specific data goes here, it
must be signed and encrypted in this way - generic mechanisms
to encrypt and sign data.
... We hope all payment schemes are comfortable with the method
and hope they adopt it.
Ian: Should we put 'encryption' and 'digital signatures' in there as considerations?
<Ian> add parenthetically after "While the initial work of the group will leave much of the required security and authentication to the payment schemes"
Ian: What about adding that?
<Ian> "(e.g., encryption, and digital signatures)"
Ian: I feel like we could handle
the credentials question in the same way as the security
question.
... It feels to me like, one way we could do this in a way
that's safe is to put, out of scope "this group will not
develop standards for credentials, but should be aware of
developments in the space for future enhancements for the
payments ecosystem"
Katie: hmm...
Ian: I'm reluctant to mention
things that might preclude other things from happening. In
general, we should not be overly explicit. People might get
nervous about this group doing credentials stuff. We're not
doing credentials, but W3C anticipates those discussions
continuing w/in W3C and we should be aware of them.
... Nothing against the CG, but we're in the middle of figuring
out our strategy around credentials.
... One other way to do this is higher up - credentials is
mentioned as a web payments thing, so another answer is that we
deal w/ it in the first section of the charter.
<Ian> " The Web Payments Interest Group will continue to guide the W3C in the Web Payments activity and may propose new working groups to cover topics such as identity, credentials and commerce (including invoicing, receipts, loyalty programs, coupons, discounts, offers etc.)."
Ian: That's from the website
<Ian> <p>
<Ian> The Web Payments Interest Group will continue to guide the W3C in the Web Payments activity and may propose new
<Ian> Working Groups to cover topics such as identity, credentials and commerce (including invoicing, receipts,
<Ian> loyalty programs, coupons, discounts, and offers).</p>
Ian: That's from the document
text ^
... Putting the Credentials liason in there feels problematic,
that the group might need to dive into credentials feels
risky.
<Zakim> manu, you wanted to note that we have other things to discuss.
Manu: I'm concerned that someone will use the charter to prevent discussion around Credentials.
Katie: I'm not sure what you mean about face-to-face discussion around Credentials being taken off of the table.
AdrianHB: I think "future
functions of wallet service" covers credentials.
... When we design messages/flow - we need to consider future
functions that leverage the same function.
<Zakim> manu, you wanted to move on.
Ian: The current sentence I have
- additional functions, digital receipts, credentials, etc.
Wallet metaphor may become inappropriate.
... This group should be discussing, in liason w/ WPIG, should
remain aware of W3C work on payments related topics.
<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/fce67a9dade31c43071d31db0aba424811c9b1f3
<github-bot> 13webpayments-ig/06master 14fce67a9 15Ian Jacobs: IG liaison role in future section
<Ian> Manu: Examples of option specs: JSON-LD moved to CG then re-integrated into the WG
Ian: I'm happy to have prefaced
w/ this is new to me :)
... Thanks for the real world example - if I'm asked by W3M,
they're interested in resource allocation/deadlines - there is
precedent for this, and it worked well. Best Practices
document, should that be treated as an optional
deliverable?
... Group will document best practices - some expectation set
there, presented differently than optional card scheme
thing.
AdrianHB: Moving discovery best practice up to optional deliverable makes sense.
Ian: I will go back to editing today, share results.
Manu: What's the plan?
Ian: my expectation - Technology
and Society Domain call on Monday, and Chairing w/ Wendy - get
T&S support. Monday, I'd like IG sign off on
document.
... I may be late for that meeting, but would like IG to give a
green light, and then T&S give a greenlight, then will move
back to W3.org URL, then will send to management team a request
to approve the charter.
... And add a timeline... approval would be on 29th of July by
W3M. Then go to AC in early august, approval by mid September,
launch by end of September.
... Two week processing of comments, if it all goes well, we
should start the group and group should meet first week of Oct,
then meet in TPAC.
... I'm hoping we have 8 week notice before , we should
announce the schedule early.
Manu: You updated the vision,
Ian?
... Can we just push it out to the URL?
Ian: I forgot to sync, but had
pushed my version to website, so I think it already had my
edits in it.
... If you pull, you should find that.
Manu: Nothing to do w/ the vision document.
Manu: I updated the use cases document last night with all of Ian's requested changes: https://dvcs.w3.org/hg/webpayments/raw-file/default/ED/use-cases/2015-07-15/index.html
https://github.com/w3c/webpayments-ig/commit/ee0e47afbf9834033d26a4b0d083a467ac794ab9
<github-bot> [13webpayments-ig] 15ianbjacobs pushed 1 new commit to 06master: 02https://github.com/w3c/webpayments-ig/commit/74f6dc796d5c484007ed9171747cfa357ac08236
<github-bot> 13webpayments-ig/06master 1474f6dc7 15Ian Jacobs: Harmonize card payment / best practices...
Manu: We're going to ask Chairs to publish a new WD for this.
Ian: Yes, prior to AC review. W3M can look at them in github/dvcs.w3.org - looking at publishing moratorium now... I'd say if we can have it by the week of the 20th or week of 27th.
Manu: Can you publish this today at /Payments/IG/Roadmap ?
Ian: yes, will do that once you push changes.
Manu: Since it's an Editor's Draft, we can just push it to IG space and then ask for approval, making it an IG note at some point.
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/liason/liaison/ Succeeded: s/dignatures/signatures/ Found ScribeNick: collier-matthew WARNING: No scribe lines found matching ScribeNick pattern: <collier\-matthew> ... Found ScribeNick: manu Inferring Scribes: collier-matthew, manu Scribes: collier-matthew, manu ScribeNicks: collier-matthew, manu Present: Manu Matt Ian Adrian Katie Got date from IRC log name: 17 Jul 2015 Guessing minutes URL: http://www.w3.org/2015/07/17-wpay-minutes.html People with action items:[End of scribe.perl diagnostic output]