Re: [apps-discuss] Proposal for a Finance Area Mailing List
Walter <walter.stanish@gmail.com> Fri, 09 March 2012 07:23 UTC
Return-Path: <walter.stanish@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFCF21F8466 for <apps-discuss@ietfa.amsl.com>; Thu, 8 Mar 2012 23:23:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.281
X-Spam-Level:
X-Spam-Status: No, score=-1.281 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_20=-0.74, RCVD_IN_DNSWL_LOW=-1, SARE_FWDLOOK=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id App0n0Ee4QIU for <apps-discuss@ietfa.amsl.com>; Thu, 8 Mar 2012 23:23:38 -0800 (PST)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 06ABC21F8657 for <apps-discuss@ietf.org>; Thu, 8 Mar 2012 23:23:37 -0800 (PST)
Received: by bkuw5 with SMTP id w5so1095233bku.31 for <apps-discuss@ietf.org>; Thu, 08 Mar 2012 23:23:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=o8z1+8LtcdEjMvJox5GjSr+5tnfc0/KbXjFRdNMChdo=; b=gwk551XTFo4VVJAc2/HRn1PVCnPnnAzBlj8HAfnRWogPh0WflFpo9NoiCym+iqG/1+ 83JrDm9hFBvsFWZikCGLifKyhW/lwU4oDPJOac2sRK0M0USCsuhDFZnnyG2JoShP1QDT HLdFLReK1pLqmysWzgdaXFTBm/yAZlaMK4s8RAi/NpDCrUaAziQd/PkRGIom9CJd2xvh Zl/eO1FG3SIYpuZEZaWmj7VKurkF01YZJfnxjW2QMm7HOJ+kf+ndBXYypJfCgbYkN5q2 w9UNazNH+KkhjFZPorlFwLB9/BhLKU8R/hGDXCgHZUnI0BwdVI39jmgCZafxseoq/vKS EqGw==
MIME-Version: 1.0
Received: by 10.204.153.28 with SMTP id i28mr454310bkw.48.1331277816980; Thu, 08 Mar 2012 23:23:36 -0800 (PST)
Received: by 10.204.184.17 with HTTP; Thu, 8 Mar 2012 23:23:36 -0800 (PST)
In-Reply-To: <4F58DB05.9020901@dcrocker.net>
References: <CACwuEiOPeym2Ro6WffhAg__nzkiKmBXu7woKV3kWLodX11b1Qg@mail.gmail.com> <CAC4RtVA_aQcSF6-vzuW6z0vHdgx8cWwpMFw_6twZL6ijukHJ8A@mail.gmail.com> <CACwuEiOP8ct661taViFJP6sNCEEfe7PyZrO2OBUg1tiB9d0vZQ@mail.gmail.com> <CA+9kkMAo0c7e5SWmQHSy6DmJ7s0fNfv8WRThwHZGSN_fCBs4YA@mail.gmail.com> <20776EAF-5ADB-40B8-A31E-DBA329A61CF8@vpnc.org> <4F58DB05.9020901@dcrocker.net>
Date: Fri, 09 Mar 2012 14:23:36 +0700
Message-ID: <CACwuEiN9fDv=XfkvQud9SnHKEuHvRB7JzvrU5jL+w2x-7y1sMg@mail.gmail.com>
From: Walter <walter.stanish@gmail.com>
To: dcrocker@bbiw.net, Jeff.Hodges@kingsmountain.com
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Proposal for a Finance Area Mailing List
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2012 07:23:39 -0000
> A separate but related question is whether "financial-protocol" folk need > different underlying protocols, for transport/transfer of this particular > type of data and notifications, than what is extant (and implemented & > shipping) today (e.g., HTTP, TLS/SSL, SCTP, XMPP, etc.). > > If not, then perhaps they might concentrate on the stuff at their > "financial" layer and concoct "bindings" to the existing underlying stuff > (eg, as we did in SAML & Liberty (to HTTP)) as appropriate, and they then > could perhps more easily work on their "financial" layer whereever (eg, W3C, > OASIS, SomeNew.org, etc). I agree wholeheartedly with the suggestion of transport neutrality, which I believe I raised earlier on this thread (possibly indirectly through allusion to arbitrary topology support). Each of the transports mentioned above offers different properties in terms of at least security, topology, wire-level efficiency and latency and for this reason alone it would appear to be unwise to mandate one or more possible transports for all deployment environments (whose requirements will vary). However, I am not certain that I can agree with the apparent(?) notion presented that perhaps it then follows that the IETF is not an appropriate venue for this development. The rest of this email will address each of the previous efforts raised by Dave and Jeff (thanks for taking the time to point these out!) and summarize briefly why from my perspective they appear to differ significantly from the proposed scope. > The early EDI work produced a working group and a successor working group, > participation and specifications: > > RFC6362, Multiple Attachments for Electronic Data Interchange - Internet > Integration (EDIINT) K. Meadors, Ed. August 2011 ASCII INFORMATIONAL > > RFC6359, Datatracker Extensions to Include IANA and RFC Editor Processing > Information S. Ginoza, M. Cotton, A. Morris September 2011 ASCII > INFORMATIONAL > > RFC6017, Electronic Data Interchange - Internet Integration (EDIINT) > Features Header Field > > RFC5402, Compressed Data within an Internet Electronic Data Interchange > (EDI) Message T. Harding, E > > RFC1865, EDI Meets the Internet Frequently Asked Questions about Electronic > Data Interchange (EDI) on the Internet W. Houser, J. Griffin, C. Hage > January 1996 ASCII INFORMATIONAL > > RFC1767, MIME Encapsulation of EDI Objects D. Crocker Scope is EDI. Without passing judgement on any one of the various EDI standards that are apparently floating about these days, my own perspective is that at its core EDI tends to differ significantly in scope from the proposed scope of financial transactions, largely because EDI's focus appears to be on "big corporate" and government business level metadata and processes (invoicing, purchase orders, etc...) that do not necessarily apply to all or even most financial transactions on the internet today, such as those involving individual consumers. As a result of this key difference, EDI systems tend to prevent or constrict the expression of possible financial settlement level concerns, and have little motivation to accomodate or consider alternative systems that may be based upon either non-currency value exchange or non ISO4217 currency exchange such as Ripple, CES, LETS, Bitcoin, etc. In short, from an EDI perspective, it would seem that (in *most* cases?) the settlement of financial transactions is essentially an external process. In addition, documents like http://tools.ietf.org/html/rfc5402 delve in to concerns such as security (authentication, integrity and encryption) that an alternative protocol designed now (from a message-oriented perspective) might well be able to delegate in whole or in part to the transport layer. The proposed scope could be seen to support EDI in that it could potentially provide higher reliability, lower cost, transparently redundant (supporting business continuity / disaster recovery goals), or otherwise more attractive settlement functionality to complement existing EDI systems. In addition, EDI information could potentially be bundled within financial transaction related messages in order to provide both information relevant to settlements and higher level metadata where appropriate. > In addition to the previously mentioned EDI and IOTP work, there was also > this back in the late 1990s.. > > CyberCash Credit Card Protocol Version 0.8 > http://tools.ietf.org/html/rfc1898 Scope is basically credit cards. It is also interesting to note that, apparently at the time of writing, their centralized registry of message types exceeded 100 (getting rather messy... maybe the approach was not high level enough to be portable to an internet sized community, re: most of these were probably necessitated by legacy system integrations and there was no mechanism for abstracting them away at the higher conceptual level of a 'financial transaction'...). > ECML v1: Field Names for E-Commerce > http://tools.ietf.org/html/rfc2706.txt > > ECML v1.1: Field Specifications for E-Commerce > http://tools.ietf.org/html/rfc3106.txt Scope is HTML (user interface) oriented; a totally different problem domain. Also limits scope further to credit cards. > ..and then fwiw, it's not clear what happened to these expired I-Ds.. > > http://tools.ietf.org/html/draft-eastlake-internet-payment-01 > http://tools.ietf.org/html/draft-eastlake-universal-payment-02 > http://tools.ietf.org/html/draft-hallam-micropayment-00 'draft-eastlake-internet-payment-01' is one of the most relevant historic efforts under review to the proposed scope. It specifies a character string syntax to (1) indicate prices and acceptable methods of payment, (2) tender payment, and (3) issue a receipt acknowledging payment or notification if payment fails. It could be considered an early attempt at the same problem space. Some issues: ISO4217 limited. Includes settlement path specification with boolean 'or' logic (no other). Encourages payment information to be sent over insecure transports. Vague (re: partial payment, what is a 'payment system', estimates, ceilings, receipt delivery mechanisms, etc.). HTML integration concept predates the tendency towards pixel-perfection in the modern 'browser as a platform'-world and would be harder to propose today. Receipt implementation appears to have skipped consideration of non-realtime settlement (ie: ACH, SWIFT, etc.). 'draft-eastlake-universal-payment-02' attempts to provide header-based negotiation of common 'payment systems' between clients and servers (merchants) to facilitate simple payments, mostly in the language of online shopping from a browser. This is potentially interesting but has issues: Confuses actual financial connectivity and payment systems (which often act as gateways to others), strong B2C + centralized settlement system (legacy) focus, examples appear to request that consumers might provide personally identifiable information prior to purchase, lack of metadata. 'draft-hallam-micropayment-00' is one of the most relevant historic efforts under review to the proposed scope. It is an unfinished proposal for a payments system based upon a customer-(single)broker-vendor model, primarily concerned with micropayments. It is relatively holistic and well considered, but appears to fail to delineate clearly between aspects of financial instruments (eg: currencies) and those of financial settlement networks (eg: party authentication, message non-repudiation) in its incomplete risk model. Its forward looking proposal to formally describe multiple settlement paths with different temporal, risk, or other characteristics is very much similar to the approach that we have had under consideration and have been developing at Payward Inc. since late 2011. However, the proposal also descends in to specific cryptographic algorithms instead of maintaining a pluggable architecture which is apparently often considered 'bad practice' in higher level protocol design today. It is also rather centralized and insecure: "requires perfect trust between servers acting as brokers. Compromise of one server compromises all others." Considering all of the above proposals, at one end we have EDI focused on business level metadata surrounding actual financial transactions, and at the other we have draft-eastlake-internet-payment-01 that attempts to strip out all metadata and simply negotiate prices and paths for external execution of settlements through a finite vocabulary of intermediary 'payment systems', conveniently ignoring the potentially complex realities of said systems. In summary - whilst interesting at points - none of the historic financial related proposals target the same problem domain. Most importantly, none can adequately describe the breadth of financial transactions occurring over the internet today. >From my perspective, what is sorely needed is instead an adequately descriptive (yet extensible/flexible) protocol based not upon a specific integration point within the existing standards infrastructure (examples in the historic documents above included HTTP headers, SMTP, etc.) but rather a transport neutral message-oriented protocol that is concise and minimalist enough to be deployed readily yet robust enough to be deployed for any conventional (interbank payments, credit card payments), specialist (high frequency trading, non-currency value exchange such as the Energy Working Group member's idea regarding possible use for energy costs and trading, 'exotic' (ie. non US / credit card centric)) or emerging (mobile, digital currencies such as bitcoin, ripple) use case. There has clearly been thought in this direction previously but nothing adequately broadly based and flexible with the potential to tie things together without excluding significant, interesting, valuable and emerging parts of the community. Perhaps it is now the right time to solve this problem? Regards, Walter Stanish Payward, Inc.
- [apps-discuss] Proposal for a Finance Area Mailin… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Barry Leiba
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Ted Hardie
- Re: [apps-discuss] Proposal for a Finance Area Ma… Paul Hoffman
- Re: [apps-discuss] Proposal for a Finance Area Ma… Dave Crocker
- Re: [apps-discuss] Proposal for a Finance Area Ma… Dave Crocker
- Re: [apps-discuss] Proposal for a Finance Area Ma… =JeffH
- Re: [apps-discuss] Proposal for a Finance Area Ma… Barry Leiba
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… John Levine
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Murray S. Kucherawy
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Dave Crocker
- Re: [apps-discuss] Proposal for a Finance Area Ma… John Levine
- [apps-discuss] Running code ... Scott Kitterman
- Re: [apps-discuss] Proposal for a Finance Area Ma… Barry Leiba
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Dave Crocker
- Re: [apps-discuss] Proposal for a Finance Area Ma… Stephen Farrell
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… =JeffH
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Nico Williams
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Peter Saint-Andre
- Re: [apps-discuss] Proposal for a Finance Area Ma… Carsten Bormann
- Re: [apps-discuss] Proposal for a Finance Area Ma… Jorge Timón
- Re: [apps-discuss] Proposal for a Finance Area Ma… Peter Saint-Andre
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Jorge Timón
- Re: [apps-discuss] Proposal for a Finance Area Ma… Jorge Timón
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Peter Saint-Andre
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Barry Leiba
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Barry Leiba
- Re: [apps-discuss] Proposal for a Finance Area Ma… Walter
- Re: [apps-discuss] Proposal for a Finance Area Ma… Carsten Bormann
- [apps-discuss] Payment Protocols -- was Re: Propo… Hannes Tschofenig
- Re: [apps-discuss] Payment Protocols -- was Re: P… SM
- Re: [apps-discuss] Payment Protocols -- was Re: P… Tschofenig, Hannes (NSN - FI/Espoo)