Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Payment required #4

Closed
michielbdejong opened this issue Feb 12, 2021 · 12 comments
Closed

Payment required #4

michielbdejong opened this issue Feb 12, 2021 · 12 comments

Comments

@michielbdejong
Copy link
Collaborator

  • The pod server says 'payment required', go there-and-there to buy a ticket.
  • The ticket you buy is linked to:
    • your webid
    • the resource
    • a start and end date/time
  • You send the ticket in a http header
  • You get access
@joepio
Copy link
Collaborator

joepio commented Feb 12, 2021
edited
Loading

Flow

  • User requests access to resource
  • Pod responds with 402 payment required (https://tools.ietf.org/html/rfc7231#section-6.5.2). Response contains payment pointer and ID
  • User makes payment(s) to newly openend payment stream.
  • User requests access to resrouce, proves by linking to payment stream

@michielbdejong
Copy link
Collaborator Author

you can buy the ticket via ILP/STREAM, to the payment pointer. https://interledger.org/rfcs/0039-stream-receipts/

@michielbdejong
Copy link
Collaborator Author

Maybe we want to add a step with W3C-VC, so that the ACL mentions a W3C-VC you need, and as a client you exchange your ILP/STREAM-receipt for a W3C-VC somewhere.

@michielbdejong
Copy link
Collaborator Author

NSS could include the service that converts the stream receipt to the vc, so that it's basically the server trusting itself, and we don't get the question of which third party is allowed to sign there.

@michielbdejong
Copy link
Collaborator Author

See solid/web-access-control-spec#79 for the WAC+VC flow

@michielbdejong
Copy link
Collaborator Author

And https://solid.github.io/authorization-panel/authorization-ucr/#conditional-payment

@michielbdejong
Copy link
Collaborator Author

Continuing the generic VC part here: solid/authorization-panel#79 (comment).
Once that's done we can see how to do it specifically to payment.
And then specifically for ILP/STREAM.

@michielbdejong
Copy link
Collaborator Author

Strictly speaking, for monetization the agent does not have to present the receipt. They could also just make sure their WebID is added to the list of "people who have paid", and then the resource server could just discover that list pro-actively rather than going from a link that the user agent provides. But let's see how far we get.

@michielbdejong
Copy link
Collaborator Author

Making this issue strictly about the 402 response header, i.e. the https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine part of https://solid.github.io/authorization-panel/authorization-ucr/#conditional-payment.

Will fork off separate issues for the other moving parts involved.

@michielbdejong
Copy link
Collaborator Author

Regarding strictly the 402 response then, and what should be in that.
https://tools.ietf.org/html/rfc7231#section-6.5.2 doesn't give us much to go by.
solid/specification#210 (comment) is relevant.

This was referenced Mar 1, 2021
Closed
Closed
Closed
Closed
@michielbdejong
Copy link
Collaborator Author

See also the issue about this at the monetization-tests.
See also the issue about this at node-solid-server.

@michielbdejong
Copy link
Collaborator Author

Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michielbdejong @joepio