misc minor edits
This commit is contained in:
Christian Grothoff
parent
33e7fb56a1
commit
d6c8b73df9
@ -249,8 +249,8 @@ the same anti-forgery protections that are in place for cash.
|
||||
Against most attacks, customers and merchants {\em limit} their risks
|
||||
to the amount of cash that they carry or accept at a given
|
||||
time~\cite{Bankrate}. Additionally, customers are advised to choose
|
||||
the ATMs they use carefully, as malicious ATMs may attempt to
|
||||
{\em steal} their customer's credentials~\cite{ECB:TRoCF2014}. Authentication with an
|
||||
the ATMs they use carefully, as malicious ATMs may attempt to
|
||||
{\em steal} their customer's credentials~\cite{ECB:TRoCF2014}. Authentication with an
|
||||
TM can involve a special ATM card, or the use of credit or
|
||||
debit cards. In all these cases, these physical security tokens are
|
||||
issued by the customer's bank.
|
||||
@ -692,7 +692,7 @@ customers, and may help create a competitive market.
|
||||
% \tinyskip
|
||||
|
||||
\begin{figure}[t!]
|
||||
\subfloat[Select article][Select article. \\ Generated by web shop.]{
|
||||
\subfloat[Select article][Select article. \\ Generated by Web shop.]{
|
||||
\includegraphics[width=0.30\textwidth]{figs/cart.png}
|
||||
\label{subfig:cart}} \hfill
|
||||
\subfloat[Confirm payment][Confirm payment. \\ Generated by Taler wallet.]{
|
||||
@ -735,7 +735,7 @@ merchant, the customer may choose to cover them.
|
||||
morestring=[b]"
|
||||
}
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[t!]
|
||||
\lstset{language=HTML5}
|
||||
\lstinputlisting{figs/taler-presence-js.html}
|
||||
\caption{Sample code to detect the Taler wallet. Allowing the
|
||||
@ -746,7 +746,7 @@ merchant, the customer may choose to cover them.
|
||||
\end{figure*}
|
||||
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[t!]
|
||||
\lstset{language=HTML5}
|
||||
\lstinputlisting{figs/taler-contract.html}
|
||||
\caption{Sample code to pass a contract to the Taler wallet.
|
||||
@ -769,49 +769,50 @@ detect the presence of a Taler wallet (Figure~\ref{listing:presence}),
|
||||
so that the selection of alternative payment methods can be skipped if
|
||||
a Taler wallet is installed (as it is in Figure~\ref{fig:shopping}).
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[t!]
|
||||
\lstset{language=JavaScript}
|
||||
\begin{lstlisting}
|
||||
{
|
||||
"H_wire":"JCDAV...",
|
||||
"amount":{"currency":"EUR","fraction":100000,"value":0},
|
||||
"auditors":[],
|
||||
"exchanges":[{"master_pub":"CQA...","url":"https://myexchange/"}],
|
||||
"H_wire":"YTH0C4QBCQ10VDNTJN0DCTTV2Z6JHT5NF43F0RQHZ8JYB5NG4W4G...",
|
||||
"amount":{"currency":"EUR","fraction":1,"value":0},
|
||||
"auditors":[{"auditor_pub":"42V6TH91Q83FB846DK1GW3JQ5E8DS273W4236AXC397892ESD0B0"}],
|
||||
"exchanges":[{"master_pub":"1T5FA8VQHMMKBHDMYPRZA2ZFK2S63AKF0YTHJZWFKF45K2JGC8H0",
|
||||
"url":"https://exchange/"}],
|
||||
"expiry":"/Date(1480119270)/",
|
||||
"fulfillment_url": "https://myshop/essay/...",
|
||||
"max_fee":{"currency":"EUR","fraction":0,"value":3},
|
||||
"merchant":{"address":"Somewhere","jurisdiction":"none","name":"Kudos Inc."},
|
||||
"merchant_pub":"YDP...",
|
||||
"fulfillment_url": "https://shop/essay/42",
|
||||
"max_fee":{"currency":"EUR","fraction":01,"value":0},
|
||||
"merchant":{"address":"Mailbox 4242","jurisdiction":"Jersey","name":"Shop Inc."},
|
||||
"merchant_pub":"Y1ZAR5346J3ZTEXJCHQY9NJN78EZ2HSKZK8M0MYTNRJG5N0HD520",
|
||||
"products":[{
|
||||
"description":"Essay: The GNU Project",
|
||||
"price":{"currency":"EUR","fraction":100000,"value":0},
|
||||
"product_id":0,"quantity":1}],
|
||||
"price":{"currency":"EUR","fraction":1,"value":0},
|
||||
"product_id":42,"quantity":1}],
|
||||
"refund_deadline":"/Date(1471522470)/",
|
||||
"timestamp":"/Date(1471479270)/",
|
||||
"transaction_id":249960194066269
|
||||
}
|
||||
\end{lstlisting}
|
||||
\caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}}
|
||||
\caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}. The merchant will pay transaction fees up to \EUR{0.01}. The hash over the wire transfer information was truncated to make it fit to the page.}
|
||||
\label{listing:json-contract}
|
||||
\end{figure*}
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[t!]
|
||||
\lstset{language={}}
|
||||
\begin{lstlisting}
|
||||
HTTP/1.1 402 Payment Required
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
X-Taler-Contract-Url: https://myshop/generate-contract?product=42
|
||||
X-Taler-Contract-Url: https://shop/generate-contract/42
|
||||
...
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
...
|
||||
You don't seem to have Taler installed, here are
|
||||
You do not seem to have Taler installed, here are
|
||||
other payment options:
|
||||
...
|
||||
</html>
|
||||
\end{lstlisting}
|
||||
\caption{Sample HTTP response for a web resource that requires a payment.}
|
||||
\caption{Sample HTTP response for a Web resource that requires a payment.}
|
||||
\label{listing:http-contract}
|
||||
\end{figure*}
|
||||
|
||||
@ -886,25 +887,27 @@ URL in a browser will show the resource associated with the purchase.
|
||||
This resource can be a digital good such as a news article, or simply
|
||||
a confirmation for products that are delivered by other means.
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[t!]
|
||||
\lstset{language={}}
|
||||
\begin{lstlisting}
|
||||
HTTP/1.1 402 Payment Required
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
X-Taler-Contract-Hash: RA67CB1...
|
||||
X-Taler-Offer-Url: https://myshop/article/42
|
||||
X-Taler-Contract-Hash: 2BAH2AT4GSG5JRM2W4YWTSYGY66EK4X8CX2V69D5VF7XV703AJMG
|
||||
X-Taler-Offer-Url: https://shop/generate-contract/42
|
||||
...
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
...
|
||||
You don't seem to have Taler installed, here are
|
||||
You do not seem to have Taler installed, here are
|
||||
other payment options:
|
||||
...
|
||||
</html>
|
||||
\end{lstlisting}
|
||||
\caption{Sample HTTP response when the user agent navigates to a fulfillment URL without
|
||||
the session state that indicates they have paid for the resource.}
|
||||
\caption{Sample HTTP response when the user agent navigates to a
|
||||
fulfillment URL without
|
||||
the session state that indicates they have paid for the resource.
|
||||
Note the minor difference to Listing~\ref{listing:http-contract}.}
|
||||
\label{listing:http-execute}
|
||||
\end{figure*}
|
||||
|
||||
@ -928,10 +931,18 @@ contract in their wallet, the wallet redirects the browser to the {\em
|
||||
useful when a user wishes to share a fulfillment link with another
|
||||
user to point him to the same resource.
|
||||
|
||||
Note that due to the limited WebExtensions API, the session
|
||||
state can only be acquired when the browser navigates to
|
||||
the fulfillment URL (without session state), since the session
|
||||
state must be set on the same origin as the fulfillment URL.
|
||||
Note that due to the limited WebExtensions API, the session state can
|
||||
only be acquired when the wallet causes the browser to navigate to the
|
||||
fulfillment URL (first without session state), since the session state
|
||||
must be set from the same origin as the fulfillment URL. As a result,
|
||||
the shop cannot simply return the fulfillment information in response
|
||||
to the wallet performing the payment. However, this extra round trip
|
||||
is also justified as the wallet needs to inspect the response anyway
|
||||
as it may contain error reports about a failed payment which the wallet
|
||||
has to handle. Finally, it ensures that the fulfillment page is fetched
|
||||
via an HTTP GET request instead of an HTTP POST request, which is
|
||||
important to nicely support the use of navigation (``back'', ``forward''
|
||||
buttons) and bookmarks.
|
||||
|
||||
Various failure modes are considered in this design:
|
||||
|
||||
@ -997,7 +1008,7 @@ it has the following key advantages:
|
||||
|
||||
\subsection{Giving change and refunds}
|
||||
|
||||
\begin{figure*}[h!]
|
||||
\begin{figure*}[b!]
|
||||
\lstset{language={HTML5}}
|
||||
\begin{lstlisting}
|
||||
<script src="taler-wallet-lib.js"></script>
|
||||
@ -1518,8 +1529,11 @@ signed receipts for transactions will become commonplace.
|
||||
In this way, Taler gives the user full control over the usage of their
|
||||
transaction history, as opposed to giving control to big data corporations.
|
||||
|
||||
\begin{center}
|
||||
\bf
|
||||
We encourage readers to try our prototype for Taler
|
||||
at \url{https://demo.taler.net/}.
|
||||
\end{center}
|
||||
%and to ponder why the billion dollar
|
||||
%e-commerce industry still relies mostly on TLS for security given
|
||||
%that usability, security and privacy can clearly {\em all} be improved
|
||||
@ -1535,8 +1549,9 @@ This work benefits from the financial support of the Brittany Region
|
||||
thank Bruno Haible for his financial support enabling us to
|
||||
participate with the W3c payment working group. We thank the W3c
|
||||
payment working group for insightful discussions about Web payments.
|
||||
We thank Neal Walfield for comments on an earlier draft of the paper.
|
||||
We thank Gabor Toth for his help with the implementation.
|
||||
We thank Krista Grothoff and Neal Walfield for comments on an earlier
|
||||
draft of the paper. We thank Gabor Toth for his help with the
|
||||
implementation.
|
||||
|
||||
\bibliographystyle{splncs03}
|
||||
\bibliography{ui,btc,taler,rfc}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user