[DRAFT] Web Payments Working Group Charter

The mission of the Web Payments Working Group is to make payments easier and more secure on the Web.

Start date	21 October 2015
Charter extension	The charter extension history is documented in "about this charter"
End date	31 December 2017
Confidentiality	Proceedings are public
Initial Chairs	Nick Telford-Reed, Worldpay; Adrian Hope-Bailie, Ripple
Initial Team Contacts (FTE %: 50%)	Doug Schepers, Ian Jacobs
Usual Meeting Schedule	Teleconferences: Weekly Face-to-face: 2-3 per year

Join the Web Payments Working Group.

Goals

Fragmentation of the payment landscape is limiting the full potential of the Web, including lack of standards in areas such as:

the high level flow of a Web payment;
the programming interfaces between the various parties (such as between user agent and Web application);
the messages exchanged between these parties over the Web.

If successful, the Recommendations from this Working Group will increase some areas of interoperability between payer and payee systems, producing benefits such as:

A better checkout experience for users, particularly on mobile devices. The standards should facilitate automation, one approach to improving the user experience.
Streamlined payment flow, which is expected to reduce the percentage of transactions abandoned prior to completion ("shopping cart abandonment").
Easier adoption of payment instrument improvements (e.g., related to security) or new payment instruments.
Added value through machine-readable digital payment requests and payment responses.

For more background information about this group, please see the Web Payments Working Group Charter FAQ. For more information about Web Payments activities beyond the scope of this charter, see the Web Payments Interest Group description below.

Under this charter, the Working Group defines Recommendations that allow for a payment to be initiated within a Web application.

Scope

The Working Group will Recommend:

a set of messages that can be used to accomplish a payment,
message flows for the initiation and, where scheme-permitting, confirmation or completion of a payment, and
an API to allow Web applications to participate in these flows.

The Working Group will also Recommend how Web applications and digital payment instruments exchange these messages through a mediating user agent; see the deliverables section for further detail.

This Working Group is chartered to Recommend programming interfaces; not user interfaces.

This Working Group will not define a new digital payment scheme.

Definitions

digital payment scheme: A set of rules for the execution of payment transactions that are followed by adhering entities (payment processors, payers and payees), where transactions take place over networks (such as the Web). Some digital payment schemes make use internally of payment instruments from other payment schemes. How they register and communicate with internal payment instruments is beyond the scope of this charter.
digital payment instrument: An account, token, or other means of fulfilling the payment provider's role in a digital payment scheme.
digital wallet: A logical container for digital payment instruments. A digital wallet affords access to digital payment instruments, providing registration and discovery of digital payment instruments. In this charter, a digital wallet is an entity that provides these functions by fulfilling the specified APIs for registration and discovery. The entity fulfilling the APIs may be a user agent, or a user agent may ultimately locate payment instruments via other more specialized digital wallets.

Required Capabilities

The Working Group will specify the following capabilities, in order to support a payment from a payer to a payee, whether a credit push (payer initiated) or a debit pull (payee initiated):

Pre-Payment

Registration of the payer's digital payment instruments.

Negotiation of Terms

Payment Request, by the payee to the payer providing the terms of the payment including elements such as the accepted digital payment schemes, price, currency, recurrence, transaction type, timeout and requests for any additional data that is required from the payee.

Negotiation of Payment Instruments

Discovery, by the payer, of their available digital payment instruments that can be used to make the payment. This is done by matching those registered by the payer with those supported by the payee (as defined in the Payment Request), while keeping information local to the payer.
Payment Response from the digital payment instrument, which may vary according to digital payment scheme. For example, for a credit push instrument, the response may include a notification or proof of execution of the payment. For a debit pull instrument, the response may include the information necessary for the payee to execute the payment.

In addition to these capabilities, user agents and digital wallets are expected to fulfill a variety of roles (e.g., displaying a selection of payment instruments and enabling the user to select one) that will not be specified in the deliverables of this Working Group.

The Working Group will consider support for deferred payment execution to enable use cases where the actual execution of a payment requires steps that are out-of-band with respect to the message flows and APIs defined by the Working Group.

The Working Group will also address exceptions that may occur during these steps, including payment authorization failure, lack of available digital payment instruments, and lack of suitable digital payment instruments.

Digital Wallets

The Working Group may define APIs that will also be used outside of a user agent context, such as between Web services, or from within a native application (where the proxy between the payer's digital payment instruments and the payee's application is not a browser).

If the Working Group specifies interactions with a digital wallet, the Working Group will assure that users are able to use more than one digital wallet. The phrase "the payer's digital wallet" is shorthand for "the payer's digital wallet(s)."

The Working Group may consider the use case where an aggregation service acts as a more sophisticated digital wallet or provides a wider choice of payment solutions to the payer. For example, the aggregator service might combine the functionality of multiple digital wallets, or apply more complex algorithms to discover and collect the set of digital payment instruments available to the payer.

Recommendations for loyalty schemes and coupons, digital receipts, digital credentials, tickets, and location services are out of scope. Future W3C activities may seek to increase interoperability of these or other additional digital wallet capabilities.

Security and Privacy Considerations

Security is obviously critical in payments.

A key consideration is the ability to prove message integrity and authentication of all message originators. The Working Group will work with the organizations listed in the liaisons section of the charter to help ensure API security.

There are other aspects of security (e.g., authentication of payer identity) that the Working Group will leave to individual digital payment schemes. The Working Group will not define authentication mechanisms (e.g., hardware-based solutions in securing transactions, or authenticating users via biometry or other mechanisms) but should be aware of industry developments to help ensure compatibility with the flows defined by this group.

In addition, W3C might develop additional security-related specifications in other groups that may be adopted in digital payment schemes. This group will follow any such work to help ensure compatibility with the payment flows described in this charter.

Protection of the privacy of all participants in a payment is essential to maintaining the trust that payment systems are dependent upon to function. A payment process defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a loyalty program) by the owner of the information. The design of any API should guard against the unwanted leakage of such data through exploitation of the API.

Relation to Regulatory Requirements

Digital payment schemes define how various parties meet relevant regulatory obligations. The deliverables of this group should not prevent parties from meeting those obligations.

Deliverables

Web Payments Messages Recommendation

This Recommendation will define message formats for:

Digital Payment Scheme Description: used by payees to represent accepted schemes, and by payers to represent their available schemes and instruments.
Payment Terms Description: used to define the terms requested by the payee in the payment request and the terms accepted by the payer in the payment response. It includes information such as amount, currency, payee account information, recurrence, transaction reference and any scheme-specific data that is required.
Proof of Payment: scheme and instrument permitting, a payment authorization from the account provider to the payee. The proof must include information about the payment request (a transaction reference or similar) and the payer's digital payment instrument.

These messages will be exchanged by the APIs described below, but can also be used without them (e.g., for server-to-server communication).

Web Payments APIs Recommendation

This Recommendation will specify request and response messages for:

Registration: A payment provider requests to register a digital payment instrument for use by the payer.
Web Payment Request: The payee passes a payment request through a user agent, causing the payer to be presented with a set of digital payment instruments for selection, and prompting the payer to provide any other required data to pass back to the payee.
Instrument Response: After a payer has selected their chosen payment instrument, the payment instrument sends data back to the payee (either indicating payment has completed, or with information to enable the payee to cause the payment to be completed).

It will specify the delivery mechanism for these messages in at least the following scenarios:

Web application to user agent integration: Where the payment messages may be proxied between a Web application and the payer's digital payment instruments via a JavaScript API hosted by a user agent.
User agent to server-side wallet communication: Where request messages are passed to a server-side wallet, for example via HTTP, JavaScript, or some other approach.
User agent to digital payment instrument communication : For the request and response messages for the digital payment instrument response, the payment messages are sent between a user agent and a registered digital payment instrument.
Inter-app on mobile devices (Optional): If possible the group will Recommend a delivery mechanism for payment messages between apps on a mobile device so that digital wallet applications can seamlessly interface with Websites running inside a mobile device's user agent.

Process and Planning

Preference for Community Developed Specifications

The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions.

Interoperability Success Criteria

The Working Group will fulfill the implementation experience required by the W3C Process as follows:

The Working Group will develop test suites for Recommendation-track specifications.
The group will seek independent interoperable implementations by two user agents and two services that enable payers to use digital payment instruments.
One of the user agent implementations must be native (that is, part of the distributed user agent code).
For implementations cited to establish interoperability success that are not native to the user agent, we will ask user agent developers provide feedback on the suitability and traction of the implementation approach.
For any native implementation cited to establish interoperability success, the Working Group will work with the WAI Protocols and Formats Working Group (or its successor) to help communicate accessibility issues to the user agent developers.

Milestones

Specification	FPWD	CR	PR	Rec
Note: The group will document significant changes from this initial schedule on the group home page.
Web Payments Messages	March 2016	November 2016	September 2017	November 2017
Web Payments APIs	March 2016	November 2016	September 2017	November 2017

Optional Deliverables

Card Payments Working Group Note

A very large proportion of payments on the Web are conducted using payment cards from one of the global card schemes. The group should attempt to define a specialization of the payment flow specifically for payment cards.

A generic card payment Note could:

Demonstrate how a debit-pull digital payment scheme should be implemented using Web Payments APIs.
Take advantage of new security technologies such as EMVco Tokenization to improve on the existing methods of using cards on the Web.
Offer a common approach for payment card schemes globally to kick-start adoption of Web Payments APIs.

Dependencies and Liaisons

Web Payments Interest Group

The Web Payments Interest Group acts as the overall coordinator at W3C of a vision for Web Payments, by gathering Web Payments Use Cases, engaging in liaisons with other payments standards bodies, and developing a high-level architecture. From time to time, the Interest Group will seek feedback from the Working Group on its evolving vision, and share information about the evolution of the Web payments technology landscape. The Web Payments Interest Group also expects to provide technical input to this and other relevant W3C Working Groups, based on a detailed analysis of the relevant Web Payments Use Cases.

Other W3C Groups

Internationalization Core Working Group: Internationalization and localization review.
Privacy Interest Group: For privacy reviews.
Protocols and Formats Working Group (and successor): To help ensure the protocols provide support for accessibility to people with disabilities.
Web Application Security: For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
Web Applications Working Group (and successor): For review of JavaScript APIs.
Web Payments Community Group: Research and incubation of ideas for consideration by this group.
Web Security Interest Group: For security reviews.

This group will also collaborate with future W3C Working Groups developing authentication protocols.

Groups Outside W3C

ASC (Accredited Standards Committee) X9: Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).
EMVCo: EMVCo administers all the original specifications known as EMV, including specifications about card tokenization.
ISO TC 68: Coordination with ISO TC 68 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 20022).

In addition, for the Card Payments specification, the Working Group will need to collaborate with the administrators of existing global card schemes.

Participation

To be successful, the Web Payments Working Group is expected to have 10 active participants for its duration. Effective participation in Web Payments Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.

Communication

This group primarily conducts its work on the public mailing list public-payments-wg@w3.org (archive). Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Web Payments Working Group home page.

Decision Policy

As explained in the Process Document (section 3.3), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

This charter for the Web Payments Working Group has been created according to section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Development of this charter was supported in part by the European Union's 7th Research Framework Programme (FP7/ 2013-2015) under grant agreement nº611327 - HTML5 Apps.

Participants of the Web Payments Interest Group
See the the Editor's Draft of the charter.

$Date: 2015/09/14 20:25:44 $