Payments and the ability to exchange value efficiently and securely over the web are critical to global commerce. Open standards for payments and value exchange help ensure open access and interoperability to financial systems for all the people that use the Web. This document describes a set of capabilities and key top-level architectrual principles that, if standardized, will improve payments on the Web.

Introduction

Overview

In October of 2014, the W3C chartered the Web Payments Interest group with the goal of providing a forum for Web Payments technical discussions to identify use cases and requirements for existing and/or new specifications to ease payments on the Web, and to establish a common ground for organizations providing payment services on the Web Platform. The overall objective of this group is to identify and help create the conditions for greater uptake and wider use of Web Payments through the identification of standardization needs to increase interoperability between the different stakeholders and the different payment methods.

The Web Payments Interest Group's scope covers payment transactions using Web technologies on all computer devices (desktop, laptop, mobile, tablet, etc.) running a Web user-agent (a Web browser, a hybrid app, or an installed Web application) and using all possible legal payments methods across a variety of scenarios including Web-mediated Business-to-Consumer (B2C), Business-to-Business (B2B), Business-to-Business to Consumer (B2B2C), and Person-to-Person (P2P) transactions in the case of physical (payment at physical shops) and online payments for physical or digital goods, including in-app payments.

Due to the fundamental importance of payments to the web and the intricate relationship with other core aspects of the open web platform such as identity and commerce, the Web Payments IG created this document with the following goals in mind:

Provide a common place to capture and document key capabilities that are necessary for payments on the web
Communcate important architectural principles related to payments on the web and how they relate to other standards such as identity and commerce
Increasing visibility and improving coordination of various payments and related standardization efforts within the W3C Interest, Working, and Community groups and other standards bodies

Audience of this document

This document is intended to broadly inform discussions on standardization of key capabilities and high level architecture of payments on the web. The intended audience for this document includes:

Participants in W3C Activities
Other groups and individuals designing technologies to be integrated into the Web
Implementers of W3C specifications
Web content authors and publishers

Scope of this document

This document presents the general capabilities and architecture of payments on the Web and is one part of a greater body of work around Web Payments that the W3C is producing. These other documents include:

Web Payments Interest Group Documents

A Vision for Web Payments describes the desirable properties of a Web Payments architecture.
Web Payments Use Cases 1.0 is a prioritized list of all Web Payments scenarios that the Web Payments Interest Group expects the architecture to address in time.
Web Payments Capabilities 1.0 (this document) derives a set of capabilities from the use cases that, if standardized, will improve payments on the Web.
Web Payments Roadmap 1.0 proposes an implementation and deployment plan that will result in enhancements to the Open Web Platform that will achieve the scenarios outlined in the Use Cases document and the capabilities listed in the Capabilities document.

Web Payments Community Group Documents

Web Payments Community Group Use Cases - Final Report, November 29, 2014

Capabilities in Detail

Core and Security

Key Management
1. All participants require an interchangeable mechanism for creation, management, storage, and exchange of cryptographic keys
2. Key management capabilities are required to:
  1. Securely communicate unique identifiers of payment process participants
  2. Digitally sign and authenticate information exchanged as part of the payments process (e.g., payments, receipts, invoices, etc.)
  3. Provide reference key for independent elements of the payments process to compose/link transactions and related data across asynchronous segments of the payment process
Cryptographic Signatures
1. Information transferred should be cryptographically signed to ensure
  1. Authenticity of the participants and ownership of value/asset being transferred or exchanged
  2. Nonrepudiationof participants intent related to information / communication being exchanged

Key Concepts:

(describe any key concepts/relationship to other capabilities here)

Suggested Deliverables:

Data model with a concrete syntax for expressing data in the architecture
Web-based key public key infrastructure data formats and protocols
New normalization mechanisms for data model serialization (if necessary, for digital signatures)
Digital signature mechanism for data model

Related Specifications:

Data models: Graph (RDF), Document/Tree (JSON, XML)
Syntaxes: XML, JSON, JSON-LD
Normalization: XML Canonicalization, RDF Dataset Normalization
Signatures: Linked Data Signatures, Javascript Object Signing and Encryption, XML Digital Signature

Responsible Working Group(s) or Standards Bodies:

Linked Data Signatures Working Group (W3C)
JOSE (IETF)

Identity and Credentials

The word identity means different things to different people and is often discussed as a problem waiting to be solved on the Web. In the physical world, we have many identities. We have an identity for work life and home life. We have an identity that we use when we talk with our friends and one that we use when we talk with our families. The concept of identity is as nuanced as it is broad.

There are aspects of our identities that have very little consequence to others, such as whether we have dark brown hair or black hair. There are also aspects of our identities that are vital for proving that we should be able to perform certain tasks, like a drivers license or a medical board certification. Then there are aspects of our identities that are important for social reasons, such as the rapport that we build with our friends over our lifetimes.

Many aspects of our identity are often expressed via credentials, which can be seen as verifiable statements made by one person or organization about another. There have been multiple attempts at formalizing credentials on the Web; each one of them have been met with varying degrees of mild success, but mostly failure. The rest of this section focuses on the goals of a healthy identity and credentialing ecosystem as well as capabilities that would enable such and ecosystem to thrive.

Goals

A healthy credentialing ecosystem should have a number of qualities:

Credentials should be interoperable and portable. Credentials should be used by as broad of a range of organizations as possible. The recipient of a credential should be able to store, manage, and share credentials throughout their lifetime with relative ease.
The ecosystem should scale to the 3 billion people using the Web today and then to the 6 billion people that will be using the Web by the year 2020.
The process of exchanging a credential should be privacy enhancing and recipient controlled such that the system protects the privacy of the individual or organization using the credential by placing the recipient in control of who is allowed to access their credential.
Implementing systems that issue and consume credentials should be easy for Web developers in order to lower barriers to entry and increase the amount of software solutions in the ecosystem.
Creating systems that are accessible should be a fundamental design criteria, as 10% of the worldâ€™s population have disabilities and the solution should be usable by as many people as possible.
The solution should follow a number of core Web principles such as being patent and royalty-free, adhering to Web architecture fundamentals, supporting network and device independence, and being machine-readable where possible to enable automation and engagement of non-human actors.

Capabilities

Identity
1. Entities in the System are able to access Identity information of other parties it is interacting with if specifically required by law, or if consented to by owner of the information
2. Identity and credentials of an entity are able to be linked/associated with Accounts and payments to satisfy requirements for Account Providers and Payments Service Providers to comply with KYC/AML requirements.
Credentials
1. Entities in the system are able to be associated with 1 or more credentials. A credential is a qualification, achievement, quality, or piece of information about an entity's background such as a name, home address, government ID, professional license, or university degree, typically used to indicate suitability. This allows for the exchange of suitable qualities of the entity (ex. over age 21) without divulging sensitive attributes/details about the entity (ex. date of birth)
2. Payer is able to exchange standard format credentials withPayee to validate attributes necessary to complete the payment
3. Entities in the system may store a credential at an arbitrary identity provider after it has been issued by an arbitrary issuer. This helps create a level playing field for all actors in the ecosystem.
4. A protocol for migrating from one identity provider to another without the need to reissue each credential. This promotes a healthy identity provider ecosystem.
Data Model
1. The data model should be extensible such that it supports an entity making an unbounded set of claims about another entity. This enables a very broad applicability of credentials to different use cases and market verticals.
2. The data model should be capable of being expressed in a variety of data syntaxes. This increases interoperability between disparate credentialing systems and increases the long-term viability of the technology.
3. A formal mechanism of expressing new types of claims without centralized coordination. This promotes a high degree of parallel adoption and innovation.
Rights
1. An entity should be able to express what "allowable use" of a credential is when providing it to another entity such that there is recourse if a credential is misused. For example, when providing an email address credential an assertion is made such that the email address cannot be used as a destination for marketing material.
Authentication
1. Participants are able to authenticate the validity of identifiers presented by entities that they are interacting with
2. A digital signature mechanism that does not require out-of-band information to verify the authenticity of claims; instead it should enable public keys to be automatically fetched via the Web during verification. It should not render the signed data opaque because opaque data is harder to learn from, program to, and debug. This makes the digital signature mechanism easier to use for developers and system integrators.
3. An issuer should be able to revoke a previously issued credential. This enables issuers to ensure that the credentials they have issued accurately represent their claims throughout the lifetime of the credential.
Authorization

Entities may use credentials to get access to protected resources or get approval to perform protected tasks.

Privacy
1. All capabilities in this document should be standardized in a way that minimizes the inclusion/exchange of personal or other sensitive metadata that are part of the payments process unless specifically required by law, or consented to by the owner of the information.
2. A protocol that enables the recipient to share their credentials without revealing the intended destination to their identity provider. This enhances privacy.
Discovery
1. Payer is able to securely locate public identifier ofPayee to be used as part of payment process
2. Payee is able to obtain public identifier of Payer participating in payment process
3. Payer identifier is persistent across devices
Registration
1. Payer and Payee able to register with payment service provider to obtain credentials used for payments process
Enrollment
1. Payment service provider is able to perform the necessary steps during payer/payee enrollment to collect required identity and credential information about the payer/payee and associate it with an Account.
Regulatory and Legal
1. Entities should be able to detect when the collection of particular data would violate personally identifiable information regulations. For example, collecting the name and home address of a minor should be detectable and avoided in jurisdictions where that is not allowed.
2. Entities should be able to easily request credentials and prove that they performed the required regulatory checks before allowing a transaction to complete. Ideally, this process should be automated.

Key Concepts:

TO DISCUSS: Trust Agent???

Suggested Deliverables:

Data format and vocabularies for expressing cryptographically verifiable credentials
Protocol to issue credentials to a recipient
Protocol to store credentials at an arbitrary location as decided by a recipient
Protocol to request and transmit credentials, given a recipient's authorization, to a credential consumer
Protocol to strongly bind an identifier to a real world identity and a cryptographic token (ex: two-factor hardware device)
Protocol to request and deliver untraceable, short-lived, privacy enhancing credentials.
Protocol to discover entity's credential service

Related Specifications:

SAML (OASIS)
OpenID Connect (IETF)
Identity Credentials (Credentials WG)
Credentials Vocabulary (Credentials WG)

Responsible Working Group(s) or Standards Bodies:

Credentials Working Group (W3C)
Authentication Working Groups (W3C)

Accounts and Ownership

Accounts

Manage Accounts
1. Payers and Payees (account owners) require the capability to create accounts at an account provider.
2. Payers and Payees require the capability to authorise access to their accounts by third parties such as Payment service providers.
3. Payers, Payees and other authorised entities require the capability of checking the current balance on an account.
Account Registration/Enrollmentat Payments service providers
1. Payers and Payees are able to register accounts that will be used as part of the payment process with Payment Services Providers of their choice
2. Payers and Payees are able to delegate access to specific account functions to Payment service providers of their choice
Receive Funds
1. Payees are able to receive funds into theiraccounts
Send funds
1. Payers are able to transfer funds from their accounts

Key Concepts:

(describe any key concepts/relationship to other capabilities here)

Suggested Deliverables:

(include suggested/needed deliverables here)

Responsible Working Group(s) or Standards Bodies:

Related Specifications:

(Insert relevant related existing or in progress standards for capability segment)

Ledgers

Discovery of Ledger services
1. Participants require the capability to locate the endpoints at which ledger services are offered by an account provider
2. Participants require the capability to discover which services are available against a ledger at an account provider
Capture transactions in ledger
1. Participants in the settlement process require the capability to capture a transaction in a ledger transferring value from one account to another on the same ledger.
Monitor a ledger
1. Participants in the settlement process require the ability to monitor a ledger for new transactions that impact a specific account.
Reserve funds in an account
1. To execute settlement across ledgers a counterparty may require the ability to request that an account provider temporarily reserve funds in an account while settlement is finalised on the other ledger(s).

Key Concepts:

TODO

Suggested Deliverables:

Standardised data model for accounts and ledgers
Standardised interface for account management
Standardised interface for ledger services
Protocol for discovering ledger services
Protocol for executing settlement between participants on the open Web

Related Specifications:

ISO20022 / X9 specs
Web Commerce Formats and Protocols (Web Payments WG)
Web Payments Vocabulary (Web Payments WG)

Responsible Working Group(s) or Standards Bodies:

Web Settlement Working Group (W3C)

Clearing and Settlement

Payment Instrument Discovery and Selection
1. Payer and payee are able to discover payment instruments/schemes which they have in common and may be used in the payment process
2. Payer is able to establish the different costs of making the payment using the various combinations of payer andpayee instruments and schemes (payment methods)
3. Payer is able to select payment instrument for use in the payment process
4. Payee is able to communicate requirements(or preference) to payer as to whether a specific instrument is accepted and the payment terms for using that instrument
Payment Initiation
1. Payer is able to initiate a payment using selected payment instrument
2. Payer is able to identify Payee via:
  1. Information received via Invoice
  2. Individual contact information
  3. Information from past payees
3. Payee is able to initiate a request for payment to payee's designated account provider
4. Account provider is able to initiate a payment on behalf of the Payee based on Payee's requested schedule and frequency (recurring payment)
Payment Authorization
1. Payment service provider or payee is able to get authorization from payer to execute payment either in real-time or using a preloaded authorization mechanism
2. Payment service provider is able to demonstrate to payer account provider that payment is authorised
Payment Execution
1. Payment orchestrator is able to evaluate that all requirements have been met to execute the payment including authorization(s) and compliance checks as required.
2. Payment orchestrator is able to instruct all participants to execute the payment and perform any roll-back steps that may be required in case of a failure by any participant to complete the payment.
Payment Acknowledgement
1. Payee is able to receive confirmation that payment has been successfully completed
2. Payer is able to receive verification that payment has been successfully received
3. Account provider is able to receive confirmation that payment is complete
Regulatory/Legal Compliance
1. Regulator is able to access/view required payment, payer, and payee details for payments that take place within their jurisdiction
2. Regulator is able to intervene in payments meeting or exceeding certain thresholds or criteria in order to comply with jurisdictional laws and requirements
Payment Settlement and Clearing
1. Payment service provider is able to provide payer with quotesto settle payee via all payee supported payment schemes

Key Concepts:

TODO: Payment Agent

Suggested Deliverables:

Protocol for discovering all payment instruments available to a payer.
User Agent API and REST API for initiating a payment and protocol for routing an invoice to a payment service
Protocol for authorizing payment via regulatory API
User Agent API and REST API for completing a payment and protocol for routing payment acknowledgement to payer

Related Specifications:

ISO20022 / X9 specs
Web Commerce Formats and Protocols (Web Payments WG)
Web Commerce User Agent API (Web Payments WG)
Web Payments Vocabulary (Web Payments WG)

Responsible Working Group(s) or Standards Bodies:

Web Payments Working Group (W3C)

Commerce

Offers

Generate Offer
1. Payee is able to generate a standard format offer which provides information on specific products or services being offered, and additional information on payment instruments accepted, or terms of the offer.
2. Payer is able to generate a standard format offer which can be accepted or declined by the payee.
3. Payee is able to create scheduled/recurring offers
Receive Offer
1. Payer is able to receive offer in machine readable format and use it to initiate payment request
2. Payeeis able to receive offer in machine readable format and use it to create invoice

Discounts

Payee is able toable tocommunicate discounts which may be applied to Offers
Payee is able to receive and apply discount to offer
Payee is able to apply standard loyalty identifiers to offers

Coupons

Payer is able to apply coupons to offers
Payee is able to issue general use coupons
Payee is able to issue coupons specific to payer identifier

Key Concepts:

Suggested Deliverables:

Data format and vocabularies for expressing offers and coupons
User Agent API for using an offer to initiate a payment

Related Specifications:

Web Commerce Formats and Protocols (Web Payments WG)
Web Commerce User Agent API (Web Payments WG)
Web Payments Vocabulary (Web Payments WG)

Responsible Working Group(s) or Standards Bodies:

Web Payments Working Group (W3C)

Invoices

Invoice creation
1. Payee is able to generate a standard formatted invoice and communicate to Payer as part of the negotiation of payment terms
Invoice receipt
1. Payer is able to receive standard formatted invoice
Invoice data
1. Invoice provides payer with Payment instructions for making payment to Payee
2. Invoice identifier is returned to Payee via payment process to verify payment is complete

Key Concepts:

Suggested Deliverables:

Data format and vocabulary for expressing an invoice
User Agent API for initiating a payment and protocol for routing an invoice to a payment service

Related Specifications:

Web Commerce Formats and Protocols (Web Payments WG)
Web Commerce User Agent API (Web Payments WG)
Web Payments Vocabulary (Web Payments WG)

Responsible Working Group(s) or Standards Bodies:

Web Payments Working Group (W3C)

Receipts

Create Receipt
1. Payee is able to create receipt and communicate receipt to Payer following completion of payment
Receive Receipt
1. Payer is able to receive receipt and persist for future use (ex. returns, reimbursement, etc)

Key Concepts:

Suggested Deliverables:

Data format and vocabulary for expressing a receipt
Protocol for routing an receipt to a payer's receipt storage service

Related Specifications:

Web Commerce Formats and Protocols (Web Payments WG)
Web Payments Vocabulary (Web Payments WG)

Responsible Working Group(s) or Standards Bodies:

Web Payments Working Group (W3C)

Loyalty

Payer is able to register with Payee's loyalty program by requesting loyalty identifier from Payee.
Payee can 'opt-in' to loyalty program by providing program specific public identifier

Key Concepts:

Suggested Deliverables:

Same as 'Trust' deliverables

Related Specifications:

Identity Credentials (Credentials WG)
Credentials Vocabulary (Credentials WG)
Web Commerce Vocabulary (Credentials WG)

Responsible Working Group(s) or Standards Bodies:

Credentials Working Group (W3C)

Guiding principles and key considerations

Due to the breadth of the capabilities that will require standardization, it is important to outline certain guiding principles which are expected to be incorporated across each of the defined capabilities in this document as they are undertaken by standards teams. The principles include:

Extensibility

Because the Web payments architecture will accommodate a great variety of payment schemes (existing and new), we expect to future standards to support interoperability on a minimal set of features and also support scheme-specific extensions. Therefore, data formats must be easily extensible.

Composability

Different parties will want to add information to messages that are forwarded.

Identifiers

Payment schemes define identifier syntax and semantics (e.g., primary account numbers (PANs) for credit cards, or bitcoin account identifiers). We expect to support scheme-specific identifiers. But where global identifiers are required and are not scheme specific, we expect to use URIs.
Due to the nature of payments and the fundamental challenge of preventing 'double-spending' as part of the payments process, it is important that every actor/system be uniquely identifiable to other actors and systems participating in the payments process. While each actor must be identifiable, a number of use cases that need to be addressed include low value or less-sensitive payments which do not require the knowledge of a participant's identity as a part of the transaction. Because of this, it is important to de-couple the identification (non-identity based unique ID) of each participant in the Architecture from the Identity data (sensitive/private data about the participant) which describes information about a participant taking part in the system

Security

Messages must not be altered in transit, but may be included as part of encapsulating messages created by intermediaries.
It must be possible to provide read-only access to transaction information to third parties (with user consent).
Signatures must be non-forgeable.

Identity, Privacy, and Consumer Protection

To satisfy regulatory requirements and financial industry expectations, some use cases will require strong assurances of connections between a Web identity and a real-world identity.
At the same time, any source of information that can lead to the unintended disclosure or leakage of a user's identity (or purchasing habits) is likely protected in a jurisdiction somewhere in the world by a legal/regulatory entity having responsibility for its citizens.
For discussion: the role of per-transaction pseudo-anonymous identity mechanisms for some use cases. These mechanisms would make it much more difficult for an unauthorized party to track a user's purchasing habits from 1 transaction to another transaction. This will also eliminate the loss of that identity from affecting other services that user is enrolled in.
Regulations in several jurisdictions require the consumer to be notified every time their personal information/credentials are accessed. To discuss: cryptography requiring a user's input/knowledge to open that information.
Some purchases in combination (e.g., products accommodating prenatal care needs) will leak sensitive information. To discuss: dynamic key construction can be applied to each line item in a receipt to help prevent unauthorized data mining of individuals, legal & regulatory snooping. Even if the protected information is stolen or accidentally forwarded to unauthorized parties they will not have the correct tokenized inputs to recreate the dynamic keys to unlock access to the protected information.
Role based access controls when applied to dynamic key construction for each individual credential or large sets of data will help facilitate interoperable access without needless duplication and encryption of information for each authorized party. For discussion: Use dynamic keys to protect a static key where various dynamic keys can be used to unlock the static key that protects the sensitive content.
The system should support privacy by requiring only the minimal amount of information necessary to carry out a transaction. Additional considerations (e.g., marketing initiatives with user consent, or legal requirements) may lead to additional information exchange beyond the minimum required.
Payment account providers must take measures to ensure that account identifiers are not, on their own, sufficient to identify the account holder.
Another suggestion: 'Don't require personal authentication, but make sure it can be done properly'

Legal and Regulatory

In some jurisdictions legal or regulatory entities may need to be granted 'time-limited access' to a transaction to view specific credentials and purchased items of the user. The system should limit what is viewed to the minimum necessary. Examples: Government subsidies such as food stamps, controlled substances. In these cases those particular line items in the receipt may be required to be viewable via individuals or computers charged with the responsibility to prevent abuse of those programs (e.g., unauthorized reselling). There may also be a requirement to view identities or credentials.
For certain classes of payments, such as high value or international, it must be possible to provide role-based access controls to pierce a pseudo-anonymous identity mechanism so the transaction can be counter signed by a legal, regulatory, or KYC/AML system yet safeguard against disclosing unnecessary information. It must be infeasible for the piercing of this mechanisms to leak enough information for those authorities to forge user information.

Accessibility

Web payment schemas, interfaces, data and the architectures that enable them need to be made accessible for people with disabilities. Web APIs and applications must be developed and implemented with accessibility-in-mind and allow for accessibility features. If not, developers, payees, providers and retailers may be in violation of disability laws.

Discovery and instrument selection

Default expectation for privacy reasons is that payee will present accepted schemes and computation of intersection (or other compution) will happen on the payer side.
There are other scenarios to discuss that would presumably involve user consent (e.g., computation done on payee side, or by a third party platform).
Manual card entry will be with us for a while. When there is no digital wallet, the working group should discuss (and possibly recommend good practice) for dealing with the case where there is no registered digital wallet. For example, one idea was for browsers to offer a sort of "transient digital wallet" that acts within the protocol to handle manual data entry.
Quoting Adrian Hope-Bailie idea: 'The algorithm MUST not prevent any scheme from being available as a candidate for registration AND for this matching/discovery process. i.e. It shouldn't be possible for the browser (or any other component that executes this discovery process) to exclude schemes or instruments on the basis of anything but technical incompatibility.'
The standard should not hard-code a selection process. Regulatory and cultural preferences may vary (e.g., the Alibaba escrow use case).

Introduction

Overview

Audience of this document

Scope of this document

Web Payments Interest Group Documents

Web Payments Community Group Documents

Terminology

Capability Domains

Core and Security

Identity and Credentials

Accounts and Ownership

Clearing and Settlement

Commerce

Key Principles

Capabilities in Context

Capabilities in Detail

Core and Security

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Identity and Credentials

Goals

Capabilities

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Accounts and Ownership

Accounts

Key Concepts:

Suggested Deliverables:

Responsible Working Group(s) or Standards Bodies:

Related Specifications:

Ledgers

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Clearing and Settlement

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Commerce

Offers

Discounts

Coupons

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Invoices

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Receipts

Key Concepts:

Suggested Deliverables:

Related Specifications:

Responsible Working Group(s) or Standards Bodies:

Loyalty

Key Concepts:

Suggested Deliverables:

Related Specifications:

Identity Credentials (Credentials WG)

Responsible Working Group(s) or Standards Bodies:

Guiding principles and key considerations

Extensibility

Composability

Identifiers

Security

Identity, Privacy, and Consumer Protection

Legal and Regulatory

Accessibility

Discovery and instrument selection