Split dip 8 to funds pull pre approval and charge + auth/capture #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disclaimer regarding the discovery phase Extended scope for fund pull pre-approval Revoke an authorization in more details
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
davidiw
reviewed
Mar 31, 2021
There was a problem hiding this comment.
Coming along well.
I'm going to leave some crazy ideas here for now and we can setup some time to chat:
- Move as much to the interaction between Web services as possible to speed up UX and to make it less Diem off-chain dependent
- Don't reinvent off-chain protocol, create a new payment command that leverages all the existing fields but results in an auth instead of a payment -- it might be kyc, but we can effectively shoehorn in kyb -- we will work (together) on a better off-chain and make that ideal -- but I don't want to add too much (more) complexity now
- Use off-chain to trigger capture
- Define an on-chain extension for registering a URL for a small logo to represent a VASP on a merchant website -- an parallel resource to the DiemId resource defined in Dip-10 -- but completely VASP managed -- this would also be where the VASP registers if login -- which I didn't actually see mentioned here
dips/dip-8.md
Outdated
| Version 0 of the Off-Chain Protocol is described in [DIP 1](https://dip.diem.com/dip-1/). Version 1 as described here is an extension of the Off-Chain Protocol and adds features to support more advanced functionality - particularly targeted to support merchant use-cases. This is inclusive of pull payments, recurring payments, and auth/capture flows. | ||
| Versions 1/2 of the Off-Chain Protocol are described in [DIP 1](https://dip.diem.com/dip-1/). | ||
|
|
||
| Version 3 as described here is an extension of the Off-Chain Protocol and adds features to support more advanced functionality - particularly targeted to support merchant use-cases. |
There was a problem hiding this comment.
Don't think we need a new version here, this should be a different command, otherwise we have to consider version negotiation, which I'm not convinced is worth it at this point in time.
dips/dip-8.md
Outdated
| This DIP aimed to support a scenario of setting a Diem wallet as a long term payment method in an app or an eCommerce website. | ||
|
|
||
| The high level flow is: | ||
| 1. The user asks to add their wallet to the app as a payment method |
There was a problem hiding this comment.
This seems ... a little too ambiguous to me
- User enters checkout flow
- User clicks "Pay with Diem"
- The user is presented with a list of registered Diem VASPs that support Merchant payments
- The user selects their VASP
- The merchant site opens an iframe sending forwarding the appropriate information for a FPPA request
- The user logins and confirms the transaction
- The VASP sends an FPPA response to the Merchant
Behind the scenes
- The FPPA request sent entirely in the iframe URL
- Upon login, the VASP initiates an off-chain kyc exchange with the merchant
- Upon the conclusion of the off-chain, the VASP and Merchant have agreed upon fppa_id for future pull payments
dips/dip-8.md
Outdated
Comment on lines
71
to
72
| | checkout_data_type | str | Y | The fixed string `FUNDS_PULL_PRE_APPROVAL` | | ||
| | action | str | Y | The fixed string `FUNDS_PULL_PRE_APPROVAL` | |
There was a problem hiding this comment.
I don't understand why we have this twice ... why not make this part of the URL syntax?
dips/dip-8.md
Outdated
|
|
||
| ## Funds pull pre approval request fields | ||
|
|
||
| The following fields should be used to define a funds pull pre approval request. These fields should be encoded into a series of URL parameters appended to the query string. In case of QR code, the image should include the full link with all parameters. |
There was a problem hiding this comment.
so part of me wonders... we're going to have to go off-chain at some point anyway, so should we just pass along a payment_id and a vasp_address
dips/dip-8.md
Outdated
|
|
||
| | Field | Type | Required? | Description | | ||
| |------------------------|---------|------------|------------------------------------------------| | ||
| | vasp_address | str | Y | Address of account from which billing will happen. The address is encoded using bech32 and should uniquly identify the merchant. For Diem addresses format, refer to the "account identifiers" section in [DIP-5](https://dip.diem.com/dip-5/#account-identifiers). | |
There was a problem hiding this comment.
I'm not sure what vasp_address means... maybe this should say psp_account and the right side will actually be one of many possibilities: DiemId, dip-5, or even other identifiers... otherwise we continue to make bespoke diem protocols, yay.
dips/dip-8.md
Outdated
| All requests between VASPs are structured as [`CommandRequestObject`s](https://dip.diem.com/dip-1/#commandrequestobject) and all responses are structured as [`CommandResponseObject`s](https://dip.diem.com/dip-1/#commandresponseobject). For a fund pre-approval command, the resulting request takes a form of the following: | ||
| All requests between VASPs are structured as [`CommandRequestObject`s](https://dip.diem.com/dip-1/#commandrequestobject) and all responses are structured as [`CommandResponseObject`s](https://dip.diem.com/dip-1/#commandresponseobject). | ||
|
|
||
| For a funds pull pre-approval command, the resulting request takes a form of the following: | ||
|
|
||
| ``` | ||
| { |
There was a problem hiding this comment.
since we already sent most of this via a auth framework, why are we sending it again via off-chain protocol? I think this function should purely be about doing a pre auth kyc... so this should largely be a copypasta of dip-1 -- but with the new states rauth / sauth, right?
danprinz
commented
Apr 14, 2021
Disclaimer regarding the discovery phase Extended scope for fund pull pre-approval Revoke an authorization in more details
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: kphfb <kph@fb.com>
Co-authored-by: dahliamalkhi <dahliamalkhi@outlook.com>
Co-authored-by: dahliamalkhi <dahliamalkhi@outlook.com>
Co-authored-by: dahliamalkhi <dahliamalkhi@outlook.com>
Co-authored-by: dahliamalkhi <dahliamalkhi@outlook.com>
Co-authored-by: dahliamalkhi <dahliamalkhi@outlook.com>
Co-authored-by: David Wolinsky <isaac.wolinsky@gmail.com>
Co-authored-by: David Wolinsky <isaac.wolinsky@gmail.com>
Notes: Agreed that we will create new structures for P2M purposes rather than impose changes on existing structures from 0 < DIP < 2 (did not want to use the actual DIP name :)). For example, we will NOT extend or change the PaymentActorObject. Instead, we will create a new object suitable for P2M needs (e.g. BusinessActorObject). Agreed that business_data (i.e. merchant basic details) should be part of the InfoCommand response Agreed that payer_data (i.e. payer information) should be part of the InitCommand(s) request Agreed that, for the time being, there is no support for an additional step to ask for more data. The receiving VASP can either accept or reject the payment based on the information provided. We mentioned that the receiving VASP should be able to state "extra" information that is required on top of the payer_data (e.g. DOB might be required for buying alcohol) as part of the InfoCommand response. This will be achieved by an additional optional element (type will be JSON) A similar optional element will be added to the InitCommand(s) request. This element is to be used by the sending VASP to send the additional information requested (e.g. DOB) Agreed (with a heavy heart...) to stop using the functionality names and stick with the command types Agreed to use two different init command types (for each payment type) to replace the single InitCommand We will change the name of the ReadyCommand to be ReadyNotification Add dual attestation specification for transactions over the limit
Main changes: * Removed DIP-8 fro the pull request * Change InfoCommand name * Added image_url to business_data * Spelling and grammar issues
* Removed usage of statuses
* Naming consistency * Optional redirect URL for QR flow (POS scenario)
Added diagram images
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.