Chuck,
Thanx for the very elaborate descriptions on the previous topic.
I will try not to monopolize the list but one of the sub-subjects
of the P-Card discussion was about how you authenticate the
buying/paying employee individual.
There is the technical part which we can discuss forever, but
maybe we should look on the "soft" side of authentication and
authorization? Regarding the latter I have a "theory" on that.
The essence is that for the *majority* of business activities
performed within an organization,
authorization stays within the company borders.
Why is that you may rightfully ask?
To take a common example: A purchase order received by
a selling party is (to some extent) only verified as being authentic,
as it is *implicitly assumed* to have been issued by an authorized person
of the buying organization. If this is based on pure laziness, a
feeling of trust in the buying organization, or just that it is not that
easy to find out who is authorized is maybe debatable.
There are those who believe that this should be "solved" using
sophisticated technical solutions like SPKI. I think common
sense is more efficient, easier to deploy, and may have some
other applications as well. :-)
Anders
----- Original Message -----
From: "Chuck Wade" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 03, 2001 16:34
Subject: Re: The end of P-Cards?
Folks,
The recent discussion thread on p-cards has surfaced many
interesting points. I hope that subscribers to this list have
found the discussions enlightening. Let me thank Anders for
starting this thread, and Emory, Todd, Lynn, Geoff, David, Russ,
and Scott for their contributions and insights.
As the moderator for this list, I'd like to suggest that this
discussion thread be broken into several new threads, as we've
strayed a bit from Anders' original posting. From what I've seen,
the following issues have surfaced during this discussion:
* The role of p-cards (or "commercial cards") in B2B payments.
There appears to be interest in further evaluating how this
payment option works, and how it compares to other B2B
payments. It would also be good to hear from folks outside the
United States on this topic.
* Authentication of p-card users to sellers and other parties.
This topic could include discussion of suitability of Visa's
3-D Secure, MasterCard's SPA, Microsoft passport, and X9.59
for B2B payment transactions. Let me suggest that further
discussion on this topic address requirements of the actual
users, and lets try to avoid evaluating technologies, since
there are other forums more appropriate for technical debates.
* Related to authentication, is the question of who or what
gets authenticated to whom? So, is it important that a seller
authenticate a buyer as an individual (whether using a p-card
or not), or is it more important to authenticate the buyer as
an agent (employee) of an authenticated enterprise?
* Discussion of the various business models used in B2B trading,
and how payments could or should be applied to these models.
For example, David Goldberg pointed out that for many B2B
transactions, a PO-Invoice model is important, and payment
services that can exist in a rich information exchange between
businesses are needed. Anders has also proposed models
appropriate for SMEs trading with each other and larger
enterprises.
* Another topic worth exploring is the suitability of peer-to-
peer business transactions and the viability of the portal
model. Todd has introduced some interesting ideas, and I get
the impression that he and Anders have as many points of
agreement as disagreement. Certainly, the idea that all B2B
transactions (where payments are just one step in the overall
cycle) should automatically update general ledgers is
intriguing.
Aside: The CommerceNet survey on P2P use within and between
enterprises has been extended to October 12th. Go to
http://www.peerintelligence.com/p2psurvey/ to participate
in this survey and receive the summary report.
* The role of payment service providers (e.g., card associations,
banks) in facilitating B2B trade has also come up, and probably
deserves further exploration and discussion. For example,
there is a tradeoff between the functionality offered with
p-cards and what suppliers offer through their web services.
Similarly, the question of whether or not payment service
providers have a long-term role in B2B transactions has come up.
Even if this question appears a bit radical on the surface, it
is probably worth exploring.
I invite anyone who feels a strong interest in one of these
topics (or another payments-related topic) to post a new message
(not a reply) to this list under an appropriate subject line to
begin a new, more focused thread. The value of this list is that
it can serve as a means for sharing our collective expertise.
Since answers to many of the important questions about modern
payment systems cannot be found in a text book, this sort of
forum can help develop answers that can be shared broadly and
critiqued by experts.
I should also point out that questions from subscribers are
welcome. There has been a lot of terminology thrown around in the
past few days, and I suspect that not everyone out there knows
what is meant by levels 2 and 3 in a p-card context, or even what
a SKU is. So, please feel free to ask for clarification. There
are no 'dumb' questions on this list, although I can't vouch for
all the answers. :-)
And finally, please remember that this list is about payments,
especially payments that can be transacted over the Internet or
in an eCommerce (or mCommerce) context. I appreciate everyone's
help in keeping our discussions on topic.
Regards...
--
...Chuck Wade
CommerceNet
"Setting the business agenda for global electronic commerce"
+1 508 625-1137 Office Phone/Voice Mail
+1 309 422-9871 Fax Service
http://www.Commerce.Net/initiatives/sipayment/
