>...the same limitation is actually applicable to just about > all on-line systems, as both on-line "receipts" and automatic > client-side archival of "evidence" are usually missing.
In my opinion this is the fatal flaw. First of all the device must be owned and controlled by the individual. We have a reasonable simulation of that, with the cellphone. What is lacking is a transaction archive in the cellphone or computer.
Perhaps I'm a bit biased by having spent a few years on the OMG's AR/AP project, the ebXML core components and lesser things like XBRL. What seems obvious to me is that the entire economy may be viewed as a collection of ledgers, each representing the resources of persons, and that the ownership of almost every resource of interest (such as money) is defined under the law. Thus the universe is inherently, a closed system, inherently reconciled. It is no mystery to me, why humans hide their lists from one another but it is TRULY amazing that they do not even permit standardization of semantics and behaviors of ledgers to reconcile them in cases where they want them reconciled. Such as to record mutual obligations. Do you see that your quest for a payments solution is just a special case of the problem of alignment of records of title on any arbitrary thing? Thank you for your patience,
Todd Boyle CPA 9745-128th Ave NE Kirkland WA 98033 425-827-3107 - http://www.ledgerism.net/
At 12:08 AM 11/12/2003, Anders Rundgren wrote:
Extract from an FAQ for an on-line e-signature standards proposal in progress:
...
That is, DRY Signatures are neither useful nor intended to be used where the signature requester is unknown or maybe even untrusted by the user.
Does not the "trusted service provider" limit usability?
Although this may be considered as a serious disadvantage of DRY Signatures, the same limitation is actually applicable to just about all on-line systems, as both on-line "receipts" and automatic client-side archival of "evidence" are usually missing. That is, the user must indeed rely on the service provider to cater for trustworthy handling of the data involved. Newer on-line payment systems, like VISA's 3D Secure, address this in a very elegant fashion by instead of requiring users to sign transactions directly to possibly unreliable merchants, instead routes payment requests to the user's own trusted and known bank (issuer). By doing that, users can be reasonably assured that transaction requests are archived, and that signature requests will always be in the same format as well as in a language that the user understands. This scheme even allows fraudulent merchants to be automatically blocked by the bank.
Regards Anders Rundgren (Editor)
