Beautiful Payment Systems w/OAUTH
Session topic: Beautiful Payments with OATH (W31)
Convener: Tom Brown
Notes-taker(s): Tom Brown
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
In “Beautiful Trade: Rethinking E-Commerce Security,” Ed Bellis notes that the fundamental problem in the card-not-present case on the web is that cardholder data becomes a shared secret passed along many parties. Furthermore the incentives to protect the data do not align who with has control.
We discussed a simple OAUTH based protocol called OpenTransact. See http://opentransact.org for a simple spec and videos. Using this simple framework, we diagrammed one way payments could be handled across financial service providers (FSP). Also, it was shown that the asset class can be specified using Oauth scope when requesting a token.
Whiteboard snapshot: http://www.flickr.com/photos/tbbrown/5688317438
Sid mentioned previous work he had done: http://tootallsid.blogspot.com/2006/12/infocard-and-e-commerce.html
Outstanding Questions: FSP discovery