[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [ietf-trade Home]
Subject: RE: Questions about Withdrawal and Deposit Transaction on IOTP
David, Re. Question 1 At 01:31 98/10/08 +0100, David Burdett wrote: > >>>There is an assumption that, when you are making a deposit, you > know what type of electronic cash you want to deposit. It doesn't > quite make sense to go to a bank web site and then to be asked which > Brand do you want to deposit. For example a Financial Institution > wouldn't ask "Do you want to deposit your electronic cash as Mondex, > as Visa Cash or as GeldKarte?". If a Financial Institution supports multiple brands of electronic cash such as Mondex and VISA cash, I don't think it is strange to ask which brand of electronic cash you want to deposit or withdraw. If it is necessary for a consumer to select a brand to deposit or withdraw, I think that the tpo message and the tpo selection message should be used for brand selection in order to make the deposit and withdrawal consistent with the purchase. Additionally, it may be an implementation issue, but if only one brand is included in a brand list component, an OTP client software can omit asking brand selection to the consumer. However, in order to finalize OTP spec V1.0 shortly, I think we can discuss this issue in OTP V2.0. Re. Question 2 > In baseline it is assumed that the Authentication Method is known > since there is authentication method selection is not supported. > * include authentication method selection as a possible enhancement > for version 2.0 I agree with adding authentication method selection in ver 2.0. I thought that if the TpoBlk and AuthReqBlk could be sent separately, we could select authentication method depending on the selected brand. (Tpo message -> TpoSelection message -> AuthReq Message -> AuthResp message -> OfferResp message -> ...) But if authentication method selection is added to OTP as you mentioned, I think that would be better. Masaaki At 01:31 98/10/08 +0100, David Burdett wrote: > Masaaki > > See comments below. > > David > > ---------- > From: Masaaki Hiroyo > Sent: 07 October 1998 10:46 > To: David Burdett > Subject: Questions about Withdrawal and Deposit Transaction on IOTP > > > David, > > I have two basic questions about baseline withdrawal and baseline > deposit. > > > Question1 > > According to the IOTP specification (Figs 20 & 21), in baseline > deposit > a brand to be used is selected on HTML page but not TPO selection > message. > > I think it is inconsistent with baseline withdrawal and baseline > purchase > because both of them use TPO selection message for brand selection but > baseline deposit doesn't. > > Is there any reason why tpo selection is not used in baseline > deposit? > >>>There is an assumption that, when you are making a deposit, you > know what type of electronic cash you want to deposit. It doesn't > quite make sense to go to a bank web site and then to be asked which > Brand do you want to deposit. For example a Financial Institution > wouldn't ask "Do you want to deposit your electronic cash as Mondex, > as Visa Cash or as GeldKarte?". > > However the TPO selection message is used to select the *payment > protocol* to use since you may have several different ways of > depositing Visa Cash for example. So the TPO Selection is used for > this purpose only. If you read step 3 in figures 20 and 21 it says > this. So what I suggest is that: > * we add clarification to section 7.2.2 on the fact only the payment > protocol is selected, and > * we also need to remove payment method selection from Deposit with > Authentication (see the answer to the next question for the reasons > why). > <<< > > > Question 2 > > In baseline withdrawal, TpoBlk and AuthReqBlk are sent in the first > message. > > If authentication methods depends on payment brand (payment > instrument), > we cannot send TpoBlk and AuthReqBlk cannot send at the same time. > > I think brand independent authentication and brand depend > authentication > are necessary just like brand independent purchase and brand > dependent > purchase. > > What do you think about it? > >>> I agree that authentication may depend upon payment brand. However > it is also possible that authentication is done using a method which > is independent of a payment brand using, for example, a pass phrase. > > The point is that really the approach should be as illustrated in the > diagram below (view it in a fixed font). > > CONSUMER MERCHANT > ------------------Auth Method > | List > v > Consumer selects > Auth Method > | > v > Auth Method > Selection--------------- > | > v > Merchant generates > Auth Request for > selected Auth Method > | > v > Authentication > ---------------------Request > | > v > Consumer generates > Auth Response > | > v > Authentication > Response > | > ----------------------- > | > v > Merchant checks > Auth. Response > > > In baseline it is assumed that the Authentication Method is known > since there is authentication method selection is not supported. > > On a withdrawal, it is likely that the Consumer knows which brand of > electronic cash she wants to withdraw, therefore there the Financial > Institution (aka the Merchant) will know which method of > authentication to apply. > > Therefore suggest that: > * in Baseline we: > * change "withdrawal with authentication" to work like a deposit in > that the brand of electronic cash being withdrawn and the payment (and > hence authentication method) protocol is known in advance > * leave "withdrawal without authentication" unchanged > * include authentication method selection as a possible enhancement > for version 2.0 > > <<< > Masaaki > > ----- > Masaaki Hiroya > Systems Development Laboratory > Hitachi, Ltd. > email: hiroya@sdl.hitachi.co.jp > tel: +81-44-966-9111 > fax: +81-44-966-1796 > > > > > 復元された添付ファイル:"c:\program files\eudora\attach\RE Questions about Withdrawal " > ----- Masaaki Hiroya Systems Development Laboratory Hitachi, Ltd. email: hiroya@sdl.hitachi.co.jp tel: +81-44-966-9111 fax: +81-44-966-1796 ----------------------------------------------------------------------- Message addressed to: ietf-trade@lists.elistx.com Archive available at: http://www.elistx.com/archives/ietf-trade/ To (un)subscribe send a message with "subscribe" or "unsubscribe" in the body to: ietf-trade-request@lists.elistx.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [ietf-trade Home]
Powered by eList eXpress LLC