Beautiful Payment Systems w/OAUTH

From IIW

Session topic: Beautiful Payments with OATH (W31)

Convener: Tom Brown

Notes-taker(s): Tom Brown

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


In “Beautiful Trade: Rethinking E-Commerce Security,” Ed Bellis notes that the fundamental problem in the card-not-present case on the web is that cardholder data becomes a shared secret passed along many parties. Furthermore the incentives to protect the data do not align who with has control.

We discussed a simple OAUTH based protocol called OpenTransact. See http://opentransact.org for a simple spec and videos. Using this simple framework, we diagrammed one way payments could be handled across financial service providers (FSP). Also, it was shown that the asset class can be specified using Oauth scope when requesting a token.

Whiteboard snapshot: http://www.flickr.com/photos/tbbrown/5688317438

Sid mentioned previous work he had done: http://tootallsid.blogspot.com/2006/12/infocard-and-e-commerce.html

Outstanding Questions: FSP discovery