aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-08-25 11:27:01 +0200
committerJeff Burdges <burdges@gnunet.org>2016-08-25 11:27:01 +0200
commit334561a07de639bb8c18119c8f42d0312c6953d7 (patch)
treefbc98b3c837f318fa4961fc4cbf9dc6326ed5b9f
parentd9fa78efe20d65c0474da91e993cf7116459f89e (diff)
parent35c42e1f4a6307411eb3dd53294c0fce860c3366 (diff)
Merge branch 'master' of git.taler.net:/var/git/wallet-webex
-rw-r--r--articles/ui/taler.bib4
-rw-r--r--articles/ui/ui.tex83
2 files changed, 50 insertions, 37 deletions
diff --git a/articles/ui/taler.bib b/articles/ui/taler.bib
index b59d43a41..371b90482 100644
--- a/articles/ui/taler.bib
+++ b/articles/ui/taler.bib
@@ -183,10 +183,8 @@
@misc{ECB:TRoCF2014,
title = {Third Report on Card Fraud},
- publisher = {European Central Bank},
+ author = {{\relax European Central Bank}},
month = {February},
year = {2014},
howpublished = {\url{https://www.ecb.europa.eu/pub/pdf/other/cardfraudreport201402en.pdf}},
}
-
-
diff --git a/articles/ui/ui.tex b/articles/ui/ui.tex
index 91e1d77fe..3168558ab 100644
--- a/articles/ui/ui.tex
+++ b/articles/ui/ui.tex
@@ -249,8 +249,8 @@ the same anti-forgery protections that are in place for cash.
Against most attacks, customers and merchants {\em limit} their risks
to the amount of cash that they carry or accept at a given
time~\cite{Bankrate}. Additionally, customers are advised to choose
-the ATMs they use carefully, as malicious ATMs may attempt to
-{\em steal} their customer's credentials~\cite{ECB:TRoCF2014}. Authentication with an
+the ATMs they use carefully, as malicious ATMs may attempt to
+{\em steal} their customer's credentials~\cite{ECB:TRoCF2014}. Authentication with an
TM can involve a special ATM card, or the use of credit or
debit cards. In all these cases, these physical security tokens are
issued by the customer's bank.
@@ -692,7 +692,7 @@ customers, and may help create a competitive market.
% \tinyskip
\begin{figure}[t!]
- \subfloat[Select article][Select article. \\ Generated by web shop.]{
+ \subfloat[Select article][Select article. \\ Generated by Web shop.]{
\includegraphics[width=0.30\textwidth]{figs/cart.png}
\label{subfig:cart}} \hfill
\subfloat[Confirm payment][Confirm payment. \\ Generated by Taler wallet.]{
@@ -735,7 +735,7 @@ merchant, the customer may choose to cover them.
morestring=[b]"
}
-\begin{figure*}[h!]
+\begin{figure*}[t!]
\lstset{language=HTML5}
\lstinputlisting{figs/taler-presence-js.html}
\caption{Sample code to detect the Taler wallet. Allowing the
@@ -746,7 +746,7 @@ merchant, the customer may choose to cover them.
\end{figure*}
-\begin{figure*}[h!]
+\begin{figure*}[t!]
\lstset{language=HTML5}
\lstinputlisting{figs/taler-contract.html}
\caption{Sample code to pass a contract to the Taler wallet.
@@ -769,49 +769,50 @@ detect the presence of a Taler wallet (Figure~\ref{listing:presence}),
so that the selection of alternative payment methods can be skipped if
a Taler wallet is installed (as it is in Figure~\ref{fig:shopping}).
-\begin{figure*}[h!]
+\begin{figure*}[t!]
\lstset{language=JavaScript}
\begin{lstlisting}
{
- "H_wire":"JCDAV...",
- "amount":{"currency":"EUR","fraction":100000,"value":0},
- "auditors":[],
- "exchanges":[{"master_pub":"CQA...","url":"https://myexchange/"}],
+ "H_wire":"YTH0C4QBCQ10VDNTJN0DCTTV2Z6JHT5NF43F0RQHZ8JYB5NG4W4G...",
+ "amount":{"currency":"EUR","fraction":1,"value":0},
+ "auditors":[{"auditor_pub":"42V6TH91Q83FB846DK1GW3JQ5E8DS273W4236AXC397892ESD0B0"}],
+ "exchanges":[{"master_pub":"1T5FA8VQHMMKBHDMYPRZA2ZFK2S63AKF0YTHJZWFKF45K2JGC8H0",
+ "url":"https://exchange/"}],
"expiry":"/Date(1480119270)/",
- "fulfillment_url": "https://myshop/essay/...",
- "max_fee":{"currency":"EUR","fraction":0,"value":3},
- "merchant":{"address":"Somewhere","jurisdiction":"none","name":"Kudos Inc."},
- "merchant_pub":"YDP...",
+ "fulfillment_url": "https://shop/essay/42",
+ "max_fee":{"currency":"EUR","fraction":01,"value":0},
+ "merchant":{"address":"Mailbox 4242","jurisdiction":"Jersey","name":"Shop Inc."},
+ "merchant_pub":"Y1ZAR5346J3ZTEXJCHQY9NJN78EZ2HSKZK8M0MYTNRJG5N0HD520",
"products":[{
"description":"Essay: The GNU Project",
- "price":{"currency":"EUR","fraction":100000,"value":0},
- "product_id":0,"quantity":1}],
+ "price":{"currency":"EUR","fraction":1,"value":0},
+ "product_id":42,"quantity":1}],
"refund_deadline":"/Date(1471522470)/",
"timestamp":"/Date(1471479270)/",
"transaction_id":249960194066269
}
\end{lstlisting}
- \caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}}
+ \caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}. The merchant will pay transaction fees up to \EUR{0.01}. The hash over the wire transfer information was truncated to make it fit to the page.}
\label{listing:json-contract}
\end{figure*}
-\begin{figure*}[h!]
+\begin{figure*}[t!]
\lstset{language={}}
\begin{lstlisting}
HTTP/1.1 402 Payment Required
Content-Type: text/html; charset=UTF-8
-X-Taler-Contract-Url: https://myshop/generate-contract?product=42
+X-Taler-Contract-Url: https://shop/generate-contract/42
...
<!DOCTYPE html>
<html>
...
- You don't seem to have Taler installed, here are
+ You do not seem to have Taler installed, here are
other payment options:
...
</html>
\end{lstlisting}
- \caption{Sample HTTP response for a web resource that requires a payment.}
+ \caption{Sample HTTP response for a Web resource that requires a payment.}
\label{listing:http-contract}
\end{figure*}
@@ -886,25 +887,27 @@ URL in a browser will show the resource associated with the purchase.
This resource can be a digital good such as a news article, or simply
a confirmation for products that are delivered by other means.
-\begin{figure*}[h!]
+\begin{figure*}[t!]
\lstset{language={}}
\begin{lstlisting}
HTTP/1.1 402 Payment Required
Content-Type: text/html; charset=UTF-8
-X-Taler-Contract-Hash: RA67CB1...
-X-Taler-Offer-Url: https://myshop/article/42
+X-Taler-Contract-Hash: 2BAH2AT4GSG5JRM2W4YWTSYGY66EK4X8CX2V69D5VF7XV703AJMG
+X-Taler-Offer-Url: https://shop/generate-contract/42
...
<!DOCTYPE html>
<html>
...
- You don't seem to have Taler installed, here are
+ You do not seem to have Taler installed, here are
other payment options:
...
</html>
\end{lstlisting}
- \caption{Sample HTTP response when the user agent navigates to a fulfillment URL without
- the session state that indicates they have paid for the resource.}
+\caption{Sample HTTP response when the user agent navigates to a
+ fulfillment URL without
+ the session state that indicates they have paid for the resource.
+ Note the minor difference to Listing~\ref{listing:http-contract}.}
\label{listing:http-execute}
\end{figure*}
@@ -928,10 +931,18 @@ contract in their wallet, the wallet redirects the browser to the {\em
useful when a user wishes to share a fulfillment link with another
user to point him to the same resource.
-Note that due to the limited WebExtensions API, the session
-state can only be acquired when the browser navigates to
-the fulfillment URL (without session state), since the session
-state must be set on the same origin as the fulfillment URL.
+Note that due to the limited WebExtensions API, the session state can
+only be acquired when the wallet causes the browser to navigate to the
+fulfillment URL (first without session state), since the session state
+must be set from the same origin as the fulfillment URL. As a result,
+the shop cannot simply return the fulfillment information in response
+to the wallet performing the payment. However, this extra round trip
+is also justified as the wallet needs to inspect the response anyway
+as it may contain error reports about a failed payment which the wallet
+has to handle. Finally, it ensures that the fulfillment page is fetched
+via an HTTP GET request instead of an HTTP POST request, which is
+important to nicely support the use of navigation (``back'', ``forward''
+buttons) and bookmarks.
Various failure modes are considered in this design:
@@ -997,7 +1008,7 @@ it has the following key advantages:
\subsection{Giving change and refunds}
-\begin{figure*}[h!]
+\begin{figure*}[b!]
\lstset{language={HTML5}}
\begin{lstlisting}
<script src="taler-wallet-lib.js"></script>
@@ -1518,8 +1529,11 @@ signed receipts for transactions will become commonplace.
In this way, Taler gives the user full control over the usage of their
transaction history, as opposed to giving control to big data corporations.
+\begin{center}
+ \bf
We encourage readers to try our prototype for Taler
at \url{https://demo.taler.net/}.
+\end{center}
%and to ponder why the billion dollar
%e-commerce industry still relies mostly on TLS for security given
%that usability, security and privacy can clearly {\em all} be improved
@@ -1535,8 +1549,9 @@ This work benefits from the financial support of the Brittany Region
thank Bruno Haible for his financial support enabling us to
participate with the W3c payment working group. We thank the W3c
payment working group for insightful discussions about Web payments.
-We thank Neal Walfield for comments on an earlier draft of the paper.
-We thank Gabor Toth for his help with the implementation.
+We thank Krista Grothoff and Neal Walfield for comments on an earlier
+draft of the paper. We thank Gabor Toth for his help with the
+implementation.
\bibliographystyle{splncs03}
\bibliography{ui,btc,taler,rfc}