Payment required

[michielbdejong]

• The pod server says 'payment required', go there-and-there to buy a ticket.
• The ticket you buy is linked to:
  • your webid
  • the resource
  • a start and end date/time
• You send the ticket in a http header
• You get access

[joepio]

Flow

• User requests access to resource
• Pod responds with 402 payment required (https://tools.ietf.org/html/rfc7231#section-6.5.2). Response contains payment pointer and ID
• User makes payment(s) to newly openend payment stream.
• User requests access to resrouce, proves by linking to payment stream

[michielbdejong]

you can buy the ticket via ILP/STREAM, to the payment pointer. https://interledger.org/rfcs/0039-stream-receipts/

[michielbdejong]

Maybe we want to add a step with W3C-VC, so that the ACL mentions a W3C-VC you need, and as a client you exchange your ILP/STREAM-receipt for a W3C-VC somewhere.

[michielbdejong]

NSS could include the service that converts the stream receipt to the vc, so that it's basically the server trusting itself, and we don't get the question of which third party is allowed to sign there.

[michielbdejong]

See https://github.com/solid/web-access-control-spec/issues/79 for the WAC+VC flow

[michielbdejong]

And https://solid.github.io/authorization-panel/authorization-ucr/#conditional-payment

[michielbdejong]

Continuing the generic VC part here: https://github.com/solid/authorization-panel/issues/79#issuecomment-787838852. Once that's done we can see how to do it specifically to payment. And then specifically for ILP/STREAM.

[michielbdejong]

Strictly speaking, for monetization the agent does not have to present the receipt. They could also just make sure their WebID is added to the list of "people who have paid", and then the resource server could just discover that list pro-actively rather than going from a link that the user agent provides. But let's see how far we get.

[michielbdejong]

Making this issue strictly about the 402 response header, i.e. the https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine part of https://solid.github.io/authorization-panel/authorization-ucr/#conditional-payment.

Will fork off separate issues for the other moving parts involved.

[michielbdejong]

Regarding strictly the 402 response then, and what should be in that. https://tools.ietf.org/html/rfc7231#section-6.5.2 doesn't give us much to go by. https://github.com/solid/specification/pull/210#issuecomment-727820134 is relevant.

[michielbdejong]

See also the issue about this at the monetization-tests. See also the issue about this at node-solid-server.

[michielbdejong]

Done