techno

Shaking Marseille e-commerce !

Last week, Marseille made a great digital move: the first e-commerce conference was held in one of the most amazing place of this harbor ‘Le Pharo’ (picture coming soon). That one day conference was organized by Hervé Bourdon @valvert and Jacques Froissant @Altaide_JF under the name of SHAKE14. It gathered actors from different perspectives, solution providers, consulting, retailers, merchants, investors… and some shining names of the digital intelligentsia (@catbarba, @momboisse, @HerveKabla, @carlosdiaz, @manueldiaz, @oliviermathiot , …). That event had some remarkable merits, such as, high quality speaker, relevant content (from technical to marketing), constructive spirit (avoiding complain, promoting solutions and positive attitude), innovation oriented. And I probably missed some others, provided the smile that all participants had during the entire day. What did I learn on e-commerce ? Well, a lot !

Opening session #shake14 with @cathbarba and @fmomboisse Shake your body folks ! pic.twitter.com/weKTBbYuKx

— Manuel Diaz (@manueldiaz) June 24, 2014

–
Shake your soul
What is behind e-commerce ? Well, surprisingly, 9 times out of 10, a merchant – with shops and physical goods. Most of the e-commerce revenue is operated by traditional players and not pure digital players. During that conference, the message was clear : merchants should come back to the basics. What makes your bakery your best friend ? he has what you expect (e.g. all sort of breads, plus cakes, plus little sweets and sandwiches), he welcomes you with a smile, he knows you take usually one baguette during the week and two on Saturday, with 4 croissants, he follows you, years after years. Why would not an e-merchant duplicate that behavior ? Digital should not be a barrier to be a merchant. How to make your customer forget he is not (yet) in your nice shop, but over his screen in our crazy word ? By offering a large catalog (and maintaining it). By communicating with empathy (key words for Catherine Barba), energy and kind words (yes, even in invoice e-mail). By suggesting your customers some relevant items, based on history, location and current basket (yeap, up selling or cross selling are the e-merchants best friends). Looking at what @digimood and @nuukik are saying about it.

–
Shake your shop
Who said that e-commerce and commerce in a shop were exclusives? One should benefit from the other. Off course this is not natural. In big corporation, digital activities are often developed aside, in dedicated organization. I learned that one of the major question there was : who gets the income when the deal is done on line, who to reward in the company for that deal ? the shop which will serve the order, the digital office, the IT (I’m not trolling here). That question is about big companies and networks. But whatever is your size, as a natural consequence of web and shop co-existence, rethinking the customer experience is strategic major question. The web to store notion (or how to make sure your customer go to a store, where margins can be higher, and gets benefit of the web and vice versa) should be dealt at high level, and should be serious enough to force corporation to : i) work transversally and break silos, ii) organize training to change culture, iii) spray some agility inside the company. In other words, change your habits, your organization say @emakina. Promote shops on web site homepage, and instead of fearing the web in shops, give to vendors and customers some tablets – this would make your customer’s life easier as he would not have to hide in the toilets or changing room to check prices on his smartphone.

–
Shake your brand
Who are you on the web ? A wonderful merchant, yes. But technically, you are an IP node that needs traffic. How to find you ? Via Google, most of the time. So, don’t make your website a labyrinth. Google algorithms will not index it correctly. And by the way, we are in 2014, so if you want to be considered, you cannot afford not to be responsive design (able to be read on a mobile, a tablet, a computer) and connectivity agnostic (wifi, 3G, 4G, same experience, but keep in mind that data rate may be different and you have to save your customer’s data subscription on the last ones). If you have lots of competitors, and want to make sure you are visible and accessible to customers, play the brand and identity advantage. This is a way to make your customer finding you in one click, because they want precisely your product, your nice story, your unique value proposition. They will look for you specifically, typing your brand name in their browser, and not vague key words. In addition to develop a real identity that makes you unique in the web, you can manage a customer community, to have direct communication with them independently from Google (and we fall here into the community management, that allows also to have ‘ real life events’, strengthening the customer relationship, but this should deserve another post).
Use market places. If you cannot afford to maintain a website, make sure you are anyway referenced. Yes, there are Amazon, Rakuten, EBay, LaFnac, Carrefour or Cdiscount to help your customer to place orders on your valuable goods and services. But there are some dedicated market places, by theme or category, and one should consider the idea to multiply its presence on the web.

–
Shake your money
In e-commerce, pleasure, fun, cool are important, but e-payment is really the point where you want to bring your customer. And actually only 2% of visitors do buy, in France. Don’t miss them. First, payment must be seamless for the customer and risk-less for the merchant. The presentation from @be2bill was interesting on that point. Demonstrating their capability to evaluate risk (based on customer profiles, including habits, localization, score) and provide appropriate payment means to the customer (no payment possible, banking card, with or without 3D secure, …) with a wide technical coverage. And what if you lose your customer during payment ? Well, you can always track that failure and re-offer him later an easy payment mean, or contact him smartly to understand what happened. Re-target, don’t lose the tiny 2% that do buy… Second, reconciliate payment and advertising. Are you sure that you have the appropriate KPI to measure your advertising investments? While being the most natural, well marketed ones, google suite with adword is not the only way deliver and measure advertising. Try to think other means and channels : social media, TV, print (yes, print advert has prices decreasing, and specialized press will welcome your budget). Third. Eveyone deserves some kindness, one day. If you have a good idea, get funded. Here or elsewhere. Some interesting conversations were held about the way to get money from venture capitalist and business angels. From the discussion on stage, one could understand that it is also a matter of network and faith, but also critical mass –if your reach is low (understand how many potential users do you have), or if your revenue is negative don’t even think about it.

–
Shake your network and innovation
Bringing local and national speakers one day to share their knowledge, improve your network is important. But promoting the local associations and making sure the dialog facilitated here gets prolonged is another challenge. SHAKE14 offered the various associations to be on stage, to promote their objective and recruit members. Several associations were present : ecom provence gathering e-merchants (including the super heros @valvert), ShakinProvence to promote all innovative initiative that would strengthen Provence dynamic, Medinsoft gathering 150 local integrators and software editors.
In the same spirit, in order to value innovation, SHAKE organized a competition for e-commerce innovative idea and web to store categories, the so called Marius as oposed to Cesar, a famous provence character). After pitching in front of a jury, the winners were selected : Roaming by me (to roam mobile everywhere at best prices) (https://www.roamingbyme.com/roaming/travel-connected.php) and Tap Value (http://www.tapvalue.com/) to suport e-merchant communication.

That event was rich, and positive, hoping the team will make us the gift to have a 2015 edition… Marseille deserves that energy. E-commerce deserves that attention.

W3C Advisory Board election result (cuvée 2014)

Congrats to our 5 new W3C Advisory Board folks: Dave Singer, @afbarstow, @poulpita, @natpt, & Jay Kishigami http://t.co/ftRy2BOEqg #reform

— Doug Schepers (@shepazu) June 3, 2014

Digital art exists, there is a trading place for that

Interesting conference this week in Mozilla office in Paris. Chris Messina @chrismessina stopped by, invited by FivebyFive, to share his current hobby. Digital art.

“How do we support artists in a post-digital age?” “I don’t have all the answers” @chrismessina #scarcity

— Five by Five (@fivebyfiveio) May 20, 2014

He discussed several aspects of digital art : what is it, what does it look like, how could it be tomorrow, provided that the technology evolve. And the essential question behind : in the era of pixels and beats being multiplied in one click at no (visible) cost, how could digital artist survive and get paid for their creations.

Well. First it is a matter of faith and value. Either you don’t care, and you copy like hell. Or you believe that artists have a special role to play in our society, and deserve your support. Second, you need to have a place where digital artists are offering their work to a public. Reproducing the principles of commercial gallery. Third, to refrain the hacking, you may enable a versioning of the art pieces. Versioning will create scarcity, which is a fundamental for value creation for art.

Let’s say. I am a fan of unicorn drawing, I buy a digital drawing on the internet, I get a place to store it and a certificate. When I get bored owning it, I can sell it to another unicorn addict. Chris Messina presented to us a platform which enables that scenario. It is named Neonmob https://www.neonmob.com/ and is in beta version. With Neonmob, you acquire art piece, for free or for money, it comes with a certificate – limited editions are stamped, thanks to a bitcoin-like crypto operation. The platform allows you to track if your art piece is extremely rare, or very common, which helps you to define a value to your collection.

#scarcity for art in the digital world – love the symbols from @neonmob pic.twitter.com/ajY8LIqD6T

— Chloé Bonnet (@chhhloe) May 20, 2014

Note that @marklor reminded his friends that ‘deviant art’ http://www.deviantart.com/ is also a platform allowing to do more or less the same. I let you benchmarking both solutions.

That evening was really interesting cause it covered at the same time the question of what is digital art (a drawing, an animated GIF, a programmable image, a piece of music created with movement sensors, an image animated via wind sensor, …), why is it necessary to create scarcity in digital art, how to collect and enjoy your digital art… This is certainly just the beginning of the questions technologist and art lovers will have to think about and share.

Ordering an orange juice at W3C bar

Little tiny things that would make my W3C life better…

Those who contribute to W3C know that it is a real experience, mixing technical, human and procedural aspects. Trying to think about a better W3C, there a few things I’d like to share, hoping the next W3C Advisory Board will fix it –with or without me. As this requires several posts, here is the episode 1 season 1 on little tiny things that would make our W3C life better. And it is named ‘Ordering an orange juice at W3C bar’

Bars. We all know what it is to enter the first time in a bar, lets say in a new town, or even an unknown country. If this place is really really new, you don’t know what are the customs. You may wonder how to get your orange juice (or beer, or wine, or sake, or tomato juice, whatever you drink in bars). Can you get a table on your own, or will someone allocate you one ? Do you get served by a kind waiter, do you need to order at the bar, or do you place order from the electronic table itself ? Do you need to pay directly, or later. It may not be the most natural thing to shout ‘call me the director of this bar, I need to understand how things are ruling here’. In that case you may look at the others, try to read announcement, observing the ambiance. And that is part of the discovery adventure.

W3C. If you want to contribute in W3C, you may enjoy the same experience. When rambling from one working group to another, you discover different spirits (more or less rock and roll) but also different tools. Example. You wanna track bugs on a spec ? Several options. Use W3C tracker, suitable for issue, action. Use W3C bugzilla for bugs. Use github for everything. WABTC ! What a barrier to contributors. If you combine this with the fact that survival kit is not always provided, contributor may spend a lots of time understanding the working rules of a specific working group. They may call the director to get explanation about how things are ruling. But W3C should also help them to enter smoothly in the working group.

What to do to make W3C a place you naturally order your orange juice? I would not wish to have all W3C working group adopting the same tools. People want freedom there. But what would help would be.

– When creating a new working group, train the team (chair and editors) to the entire set of tools, with a rationale for their specific advantage. This should include the github platform, which is widely used in W3C, popular to some developers, but not the usual framework for all of them (and I don’t even talk about non-developers, like me who are also reasonable part of the working force and contributors in W3C). But it could also include platforms such as Discourse that some poeple like Robin Berjon is experiencing.

– Document accurately working group customs and working methods, including some of the process to follow up on the specifications. How to open a bug (who, when, where), how to contribute to a bug (who, when, where), how to close a bug (who, when, where). This should be made in an easy place to find, with cool design… And if all answers to those questions is ‘it depends’, then the working group team should revise its working method.

Lets make W3C a cool place to contribute, lets make contributors life easier !

Note : picture by Mista Boos in Creative Commons https://www.flickr.com/photos/mistaboos/

More web developers in W3C !

W3C Advisory Board elections are getting lots of traction from W3C members. Questions, suggestions, initiatives are multiplied and when being part of the candidates, you need to take position, agreeing disagreeing… For example voting system discussion (see the W3C public process mailing list thread). But there is behind this voting question, the question of W3C participants. Who are they ? Do they really represent the web ? Do they really represent the web developer comunity.

But first, why would we need more web developers ? Actually, we do have some smart and brilliant ones. But most of the time, the ones working for big companies, big structures or universities. But they might not represent the actual developer who will be torturing the features and APIs embedded in browsers. Some of them are present, but a majority is not.

As a tourist. Since I entered the web community, I am going into web developers conferences to learn, meet people, evangelize also security. And each time I am explaining I am representing my company in W3C, I can see stars in the eyes of my interlocutor. “Such a great job, so lucky to be there ?”. And I am always thinking. “Well, if I can do it, you should be able to do it, especially because you have already designed a super-nice-smart-cool web app, something I have never done in my life, but which is on my to do list “.

As a chair. In the working group I am chairing, we are in theory 50 people, but 10 of them are driving the work. They are mainly browser vendors and there is one service provider. Off course all those guys are educated and connected with web developers community. But it happens that W3C needs also to design APIs which is not going to be used by the 3 or 4 use cases that group participants are thinking about, for them, and for their own developer community. And it happens also that sometimes we miss a feedback from the real life (as an example, in the web crypto API, we asked, please mister or mrs web dev, give me your opinion on the best design, but reviews are always hard to get).

What I think. I think that W3C needs to interact more with the web developers community, not only during events and conferences (which is already something great, see http://www.w3.org/Talks/), but also *in* W3C. We need fresh blood. To review and challenge the spec. To make sure the feature designed will be actually widely used, wider than initially thought. To help in prioritizing the features we want to develop (we may call our mate, our mum, our brother to decide which feature is the most urgent, but they may have exactly the same opinion as ours). To edit specifications (see the very good post from Robin Berjon explaining how it is difficult to have editors). To beta-test API prior it is shipped. To counter balance the opinion of the super-hyper-expert who maybe lost his or her freshness.

How to have more web developers ?

With a 2 steps approach.

One. Make sure that all working group participants, chairs, editors are always ambassadors of the W3C. Getting traction from web developers they meet, convincing them to look at the spec, comment, be involved. This is very easy for popular specifications like EME (everyone has something to say about EME, right ?), WebRTC (which is so powerfull that it pulls entire conferences), Service Workers (which is promoted by charismatic people). This can only happen if all W3C participants are educated on a regular basis on what is going on, by receiving training, regular reviews on domain activities. The quest here is information for all,…

Two. Make sure there is a structure to welcome the web developers. W3C has different members status. You can be a startup, you can be an invited expert, but the individual membership is not yet available. When Brian Kardell pointed me on a group of people in W3C setting up the basis of a web developer individual membership, I realized that it was exactly the missing piece. This ‘webizen’ task force https://www.w3.org/wiki/Webizen will share the result of its thinking in June 2014, during the W3C Advisory Council meeting, where all W3C members representatives meet. Webizen brainstorming is open to anyone, so if you feel you have ideas, do not hesitate. The quest here is W3C membership for all.

I really hope that W3C and its current members will succeed in lowering the entry barrier to W3C and benefit from having all players around the table, including web developers. Integration of web developers into W3C circles, getting them more involved in discussions and decisions, as candidate to AB election, I support that !

Note : picture ‘Gamme’ by Romain https://www.flickr.com/photos/xyotiogyo/

Running for W3C Advisory Board, again…

May is the season where W3C organizes election for its Advisory Board, the group of 10 people representing W3C members and helping improving W3C process and advising W3C management on strategy. My regular readers know that last year I was part of the candidates, and they may be happy to know that I’ll try again this year. Talking with my colleagues from gemalto, they were challenging me.

“Why are you doing that ? Representing gemalto in different W3C working groups may be enough, isn’t it ?” Well. Yes. And no.

That is true that I am spending more than half of my time supporting W3C activities. That includes my chairmanship position in web crypto and web security IG (a public security experts community), monitoring W3C deliverable to report to my colleagues when there is something interesting happening, supporting W3C workshops (automotive, payment and soon security related). Believe me, that job is not always easy, especially in a company which is not directly getting revenues from web applications and services, yet. In other words, if you don’t like that job, you can’t make it.

So that is said, I like W3C. Why ?

I have been in standard for a while now, experiencing different governance, different group size, involved with different positions (observer, contributor, editor, chair), always in technology and international contexts. And after all those years I must confess that W3C has been the most welcoming house, with a goal and framework that really makes sense to me. Supporting W3C development and helping to transform the open web platform into a widely adopted platform, suitable to any services is a great objective, to my opinion. Process and governance questions are part of that challenge, as more and more members are joining, and more an more members are needed to make that platform relevant.

And I want to be part of that move.

Well, once you say ‘I wanna join the party’, you have to think about your own value proposition. Who am I to run for AB ? Well. I am experienced in standards. I am a hard working person. I am a consensual person, listening to problem, looking for advice and conflicting opinion, and always targeting decision making (I hate vague and unknown status and I know it’s sometimes terrible for my relatives and colleagues).

And I have a plan.

Based on what I have seen those last two years and half in W3C, I have drafted a kind of program, things I believe would benefit from my energy. Like everyone, I want a better world, but more precisely, I ‘d like to :

(1) Increase visibility of W3C deliverables for members and non-members, by supporting the creation of dashboard (I wrote about it, yet)

(2) Improve web developers community feedback, involvement and representation in W3C (leveraging openness of W3C with public event and webizen-like project)

(3) Maintain motivation of contributors, including education and supporting tools, with a specific focus on editors and chairs.

(4) Ensure that securing the web sits at the core of the evolution of the consortium, as required by device manufacturers and security-sensitive companies

All is said. Let’s see if this plan looks good enough for the 389 W3C members to vote for me and help me to get one of the 5 open seats in the W3C Advisory Board. The voting period is all May and results are in June. If you know some of the voters, and like the idea to see me elected, just tell them.

If you just want to encourage me, you can advert that post or leave comments, suggestions …

I will keep you informed about the results, for sure.

Update: some others are also campaigning, you can read the posts from Brian and Boaz.

Update : other porst related to that W3C AB election on my blog : More web developers in W3C and all other posts related to W3C

Note : picture Runner and Dancer by Claus Tom, under creative common license https://www.flickr.com/photos/claustom/

About the very simple question of identity, security and privacy in Web Payment

Again, about the W3C Web Payment Workshop in Paris. Two weeks ago, discussion went on the definition of payment, the notion of user experience, the architecture of back end systems and the end to end picture. The main objective for such workshop was to identify web related topics on which all parties (merchants, banks, payment schemes, regulating government, payment service processors, ….) would agree to get more standard. This will take time as I already mentionned in a previous post. The conversation was structured, but it happened that for each of the scheduled sessions, after one hour of talk, the questions related to identity, security was systematically raised. How can you garantee that the payee is the one he pretends to be ? How can you you garantee that the money is safely transferred, stored ? As moderator of the Identity, Security and Privacy, I felt like my panel would be an interesting piece of the workshop.

Throwing the question ‘how can you garantee your system is secure ?’ is a little bit unfair. Obviously, no one can garantee a system to be 100% secure (at a certain point of time, someone will break it), so you have to think about risk evaluation, tools to help implementing security, indicators to monitor trust… And this is what the poeple from the panel shared : good practices, feedbacks and valuable advices to build a common solution to bring with payment some notion of identity, security and privacy. Here is my take away from the discussions.

Identity, what is it ? With Louise from British Computer Science and Tim from Microsoft, we explored the notion of identity with two different perspective. Tim, involved in the e-commerce platform of Microsoft shared with the participants a notion of commerce identity, that would encompass our usual personal information, but also our friend, our relatives, our payment means, our interactions, our reputation. The idea suggested here was to build one identity, based on the principle of aggregating our identities and make it available to services providers via APIs. The direct consumers of this meta-identity could be banks, merchants, but also anti fraud banking system, government, locally or international. Obviously the question of user control and privacy was raised. And this is where Louise made a great speech about the way identity, privacy, anonymity, traceability were major topics that companies, citizen and regulation should take care of. The rationale for this special care was the coming explosion of peer to peer financial transaction enabled by the web. This use case would multiply the needs to protect peers, regulates fraud and balance privacy aspects.

Identity, who should manage it ? Several participants gave a view on that notion of handling identity. Natasha Rooney, from GSMA mentioned in her contribution that they had a program named GSMA Mobile Connect, which would allow service providers to use mobile network operators users database and trust the identify of those users. This offer completed with a strategy of direct billing on subscribers bills would position them as ideal identity providers in mobile commerce. Another view, Ripple Labs, the ones maintaining Ripple Network, mentioned that identity should be managed in a decentralized way. What does it mean ? Ripple Network is a network payment solution, which relies on a network of Ripple Gateways. Those gateways are disseminated all around the world, and this is where each user willing to transfer money should register, providing with email and banking details. Choosing a gateway suiting his constraints in terms of currency, transaction operation … Each Ripple Gateway implements the Ripple Transaction Protocol which allows to transfer money from any currency from one user to another, provided that this one owns a Ripple Wallet. In that case, identity is managed by registering to Gateways. The case of Facebook and Google managing the user’s identity was not directly discussed but raised on a regular basis. One could conclude that several identity provider profiles could be defined, from traditional kinda official (MNO) to decentralized email based (Ripple network).

Identity, how to convey it ? Lets say you are an identity provider. You need to offer services to consume your user’s identity to service providers. The next questions you would have to answer would be : which protocol should support exchange of identity related information? which piece of the identity should be shared ? how to make sure that the user agrees with sharing his identity ? Most of the presenters mentioned the recently published Open ID Connect as the technology that makes the job. First, it relies on the recent version of OAuth, an authorization protocol that Hannes Tschofenif, co-chair or IETF OAuth WG exposed to the audience. Hannes concluded saying that OAuth was a good enabler for identity scheme, provided that security recommendations were implemented and that proprietary plug-in were not killing the interoperable nature of it. Second, Open ID Connect includes an flexible authentication mechanism (how do you make sure the user authorizing access is the right user). Stefan from Ripple Labs confirmed, adding that Ripple Network was using it, allowing a good granularity in rights and flexibility in user authentication. Ripple made password and game with cryptography, but one could imagine to have the FIDO Alliance UAF technology used for such authentication.

Payment, identity and security, what promise ? About the actual enablers for security in web payment, we heard several voices promoting different types of perspectives. On the device side, Giri from Qualcom said that mobile payment security scheme could get benefit of user’s contextual information, combined with trusted enablers, listing technologies the web payment could benefit from : geolocalization, multiple factor authentication, hardware token and fingerprinting. On the protocol side, Hannes recalled the audience that state of the art in security as promoted in IETF should be implemented to avoid failure. There was a consensus on the fact that cryptography was a great enablers of trust and security (trusting someone could be translated as sharing a cryptography secret with him). This is what Harry Halpin from W3C promoted the recent Web Crypto API (that my readers all know went to Last Call last week). This API will allow developers to manage and use keys in their web applications. Last but not least, Gregory from Lyra Network among other good feedbacks for promoting a decentralized web traffic to increase trust, reminded that users were to be educated in order to have a better control on their identity data and data in general. He also highlighted the idea of building identity of users on multiple devices, including the ones belonging to the wearable IoT wave, feeding the *what you have* factor to authenticate users.

This session did not bring any direct conclusion on the complex problem of identity, security and privacy, but drove the audience on different perspectives. The excellent minutes and presentations from that session are available on http://www.w3.org/2013/10/payments/minutes/2014-03-25-s6/ . All the web community is now waiting for the W3C report on that workshop, which will sum up and prioritize the possible actions that could happen in W3C.

Two days of W3C workshop about web and payment

This week W3C Web Payment workshop was amazing: one hundred registered people, representing all the chain of web payment. From merchants to banks, including payment system providers, from established financial institutions to challenging startupers, from browser makers to mobile network operators. All those delegates agreed to spend 2 days in Palais Brongniard in Paris, to discuss how standardization should be driven in W3C, to improve the integration of web payment in the open web platform. During two days, the audience tried to identify the minimum common agreement to ease end user experience when buying something on the web, and imagine how payment systems could be more efficiently integrated in the the web. In addition to the usual suspects (Google, Mozilla, GSMA, Yandex), the lucky attendees could hear opinion from less talkative companies such as : PCI (payment security certification), BPCE (french bank), SWIFT (Society for Worldwide Interbank Financial Telecommunication), Federal US Reserve (the big us wallet), BCS, Rabobank, EU delegate, Ripple Labs, HubCulture pomoting Ven, NACS US merchants. New faces giving their opinion, to usual suspects from W3C.

What can we expect from such event ?
First. Build a tribe. And I think that the workshop was a success. Interaction was key, breaks and dinner also helped people to meet and understand each other. Second. Decide where the tribe wants to go. This is less straightforward. Once everyone understood that it was quite complex to find the right balance between standard and competition, the key mission that became natural to everyone was to understand the roles and concepts handled in the story of a payment transaction. Questions : what is the ideal user experience, what are merchant roles and boundaries, what characteristics define a payment service provider, do intermediaries count, is payment a single service, or does it include quotation management… Understanding the payment steps and splitting that journey into a reliable description. This is for the business and flow side. Another domain identified to be explored collaboratively was related to the technology. When one asked ‘what is a token for you’, depending where you come from, the token answer could have different taste (actualy four different definitions were found). Same for the wallet… So in the end, it was obvious that the tribe needed to build a common understanding.

The necessary consensus.
Lets be clear. Any payment standardization work will not happen if disruptive Ripple Labs promoting decentralized network, does not understand mobile network operators, if Microsoft promoting an e-commerce identity does not listen to EU on privacy, or if merchants are not making their mind clear on virtualized money advantages (a la bitcoin). Off course the matrix of mutual understanding is infinite. But one should note that extreme should carefully listen each other. And this will be a challenge that may take some time. At the same time, it was highlighted that neither Visa or Mastercard or MCX merchants were present, and their voice should definitely be heard, there.

The coming battles.
When covering such a large topic as the payment is, involving so much actors, and when you increase the complexity by taking into account new comers such as bitcoin promoters, decentralized network designers, you can easily identify the big, big, blockers on which this community may fight. The following words sound to me like burning the brains: system interconnection and fee harmonization (right, this could be kept away from W3C landscape), user convenience versus security, user data owner (ouch, that one is the business basement, right ?), privacy by design, identity scheme (fragmented and contradictory visions here).

Where could the tribe start ? small pieces of technology.
During the discussion, it appeared that it would not be possible to build a complete standard solution, to leave a room to existing models and integrate the disruptive ones. So the opposite view was considered: why not designing very small pieces of enablers, such as transaction definition, a transaction flow and related states, a simple intent to pay framework, some auto-filling functions, … This primary list are just ideas, and will definitely enrich during the coming discussions.

Where do we meet next ?
That recently born web payment tribe must follow up. It could gather again either re-using the Web payment community group chaired by Manu Sporny, attached to (but not belonging to) W3C. Or a new group could be created. That plan will be made in the coming weeks, once all the W3C staff had brainstormed on the minutes of the workshop (slides and minutes). Lets wait the official take away from W3C.

You can also read my post related to the Identity, Security and Privacy session, that i moderated here : https://poulpita.com/2014/04/04/about-the-very-simple-question-of-identity-security-and-privacy-in-web-payment/

Web Crypto API entering Last Call !

Good things must end. The polishing, fine tuning, cocooning of the Web Crypto API is over. The Web Crypto WG felt that it was shiny enough to go for Last Call. So if you have any interest in using it, just read it, and send us your comments. This is your last chance to influence it before it is shipped into browsers !

The specification is available here : http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/

Anyone can send comments to: public-webcrypto-comments@w3.org

Enjoy !

The W3C Needs a Dashboard

I recently had some discussions with mozillians on ways they could contribute to the W3C working group I am chairing [1]. This question made me rethink about the magic path individuals have to go through to contribute to W3C work.

W3C is a place where contributions are welcome, free, easy to do. For my readers not familiar with the W3C process, most working groups, interest groups, business groups have public mailing lists for member contributions, but also mailing list dedicated to comments – the lists managed by W3C can be found here : http://lists.w3.org/. In addition, there always are contacts given for editors, chairs, W3C staff, aiming to ease the direct exchange.

But. If you wish to contribute, it means that you have to solve another bigger problem. It means that you have to be able to identify that something is going on in W3C, expecting your review, expertise and nasty comments.

For individuals belonging to W3C member companies, that is relatively easy. Members are represented by Advisory Committee representatives. All AC reps gather twice a year, in nice places, where the W3C staff share both status and hugs. The meeting content is tailor-made for members, with overviews, and focus on specific topics. And this is usually ok. So, if the AC rep attends that meeting, if the AC rep reports to his team(s), that is the perfect situation. But if not…

For non-W3C members, curious individuals, start-ups, geeks, this is another story. They must monitor the W3C’s activities on their own. They can make sure they register to the excellent newsletter that the W3C team issues on a weekly basis. Press, blog and actual publication or specification transitions are collected here http://lists.w3.org/Archives/Public/public-w3c-digest/. They can visit all working groups blogs, wikis, githubs praying that they are maintained. They can also subscribe to the public mailing lists and read (thousands of emails). If they have time. But who has that time ?

I am paid to be an AC rep’, I love W3C; as chair, I am trying as much as possible to spread the word to the public. I am also reporting inside my company, making status updates, consolidating information I am grabbing on different media, creating dashboards, explaining trends, mentioning implementations… This takes time. This costs money to small companies.

This is why I think it would be worth having nice and structured dashboards for each domain handled by W3C, made available to anyone, contributors, developers, but also decision makers. Giving a global view on what is going on in W3C, what are the current priorities. Something like for the mobile area here : http://www.w3.org/Mobile/mobile-web-app-state/ but for all the domains.

I know. This is easy to ask, less easy to deploy. But I’d be happy to help, to make sure all the potential contributors can actually be aware of what is going on in the W3C kitchen.

—

[1] initial conversation about contribution blockers in W3C : https://twitter.com/annevk/status/444069161321242624
Note : photo credit: Jodaur via photopin cc