Assets Discovery for Simple Web Payment (openTransact)
Session topic: Asset Discovery for simple web payment (opentransact) (W5I)
Convener: Tom Brown
Notes-taker(s): Tom Brown
Considered three scenarios
- 1. Given an email, discovery of relevant assets in basic e-commerce checkout
- 2. Given a phone number, discovery of relevant assets in point of sale checkout
- 3. Allow a user to easily add a new asset provider to a mobile payment app
1. discovery with email
we considered webfinger.
given email-like address, merchant
- a. merchant fetches /.well-known/host-meta
- b. merchant passes payer's email-like address to lrdd template url
- c. merchant finds wallet links inside xrd document: http://webfingerclient-dclinton.appspot.com/lookup?identifier=tbrown@afternoon-waterfall-33.heroku.com&format=web
- d. merchant fetches a wallet to find payer's asset types: https://picomoney.com/wallets/herestomwiththeweather
- e. merchant chooses compatible asset url to accept payment in: https://picomoney.com/currencies/picopoints
- f. merchant presents payment method selection. for instance, merchant may accept up to 20% of payment in picopoints and the rest dollars
- g. merchant can redirect payer to asset provider to simply submit payment html form (or ask for authorization of oauth token)
2. discovery with phone number
while an email-like address allows xrd document to be fetched from domain of address, this is not a possibility with a phone number.
instead, it was suggested that, similar to how xri resolves inames, a central site resolves phone numbers into urls.
3. add new asset provider to mobile payment app
the differences between UMA's implementation and OpenID Connect's implementation of dynamic client registration are currently being worked out into a combined future IETF draft.
given an email-like address, the mobile app can also use webfinger to populate list of asset providers from wallets.
4. other issues
it seems helpful to at least start off with an unofficial list of asset provider urls. one of the problems with openid attribute exchange was that there was no consistent repository of agreed on urls to start with although axschema.org was an attempt.