From 741fc3f88ea20520719d3391d07ce6fb88f609dd Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Fri, 30 Oct 2015 22:24:26 +0100 Subject: acknowledge leaking a bit --- api-merchant.rst | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 6555a494..05256d0f 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -53,8 +53,13 @@ may want to make the Taler payment option visible `only if` the user has the Tal wallet active in his browser. So the notification is mutual: * the website notifies the wallet (`s -> w`), so it can change its color -* the wallet notifies the website (`w -> s`), so it can show Taler as a - suitable payment option +* the wallet notifies the website (`w -> s`) by modifing the page's DOM, so + it can show Taler as a suitable payment option + +We acknowledge that notifying the website leaks the fact that Taler is installed, +which could help track or deanonymize users. We believe the usability gained by +leaking this one bit represents an acceptable trade off. It would rapidly become +problematic though if several payment options take this approach. Furthermore, there are two scenarios according to which the mutual signaling would succeed. For a page where the merchant wants to show a Taler-style payment @@ -62,9 +67,8 @@ option and, accordingly, the wallet is supposed to change its color, there are two scenarios we need to handle: * the customer has the wallet extension active at the moment of visiting the page, or -* the customer activates the wallet extension - (regardless of whether he installs it or simply enables it) - `after` downloading the page. +* the customer activates the wallet extension `after` downloading the page, + regardless of whether he installs it or simply enables it. In the first case, the messaging sequence is `s -> w` and `w -> s`. In the second case, the first attempt (`s -> w`) will get no reply; however, as soon as the -- cgit v1.2.3 From 48a64e2a994760118d69c9206b36c94bca5f9ac5 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Sat, 31 Oct 2015 10:51:43 +0100 Subject: Minor grammer stuff --- api-merchant.rst | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 05256d0f..0ebd5f78 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -99,11 +99,11 @@ using coins in the form of a `deposit permission`. This signature using the coins signifies both agreement of the customer and represents payment at the same time. The `frontend` passes the `deposit permission` to the `backend` which immediately verifies it -with the mint and signals the `frontend` the success (or failure) of +with the mint and signals the `frontend` the success or failure of the payment process. If the payment is successful, the `frontend` is responsible for generating the fullfillment page. -The contract format is specified in section `contract`_. +The contract format is specified in the `contract`_ section. +++++++++ @@ -229,15 +229,15 @@ The HTML page implements all interactions using JavaScript signals dispatched on the HTML element `body`. When the merchant wants to notify the availability of a Taler-style payment -option (for example on a "checkout" page), it sends the following event: +option, such as on a "checkout" page, it sends the following event: .. js:data:: taler-checkout-probe This event must be sent from a callback for the `onload` event of the `body` element, otherwise the extension would have not time to register a listener for this event. It also needs to be sent when -the Taler extension is dynamically loaded (if the user activates -the extension while he is on the checkout page). This is done by +the Taler extension is dynamically loaded, like when the user activates +the extension while he is on the checkout page. This is done by listening for the .. js:data:: taler-load @@ -259,8 +259,8 @@ visiting a checkout page, the page should listen for the event to hide the Taler payment option. -Secondly, when the Taler extension is active and the user closes (or navigates -away from) the checkout page, the page should listen to a +Secondly, when the Taler extension is active and the user closes or navigates +away from the checkout page, the page should listen to a .. js:data:: taler-navigating-away @@ -406,7 +406,7 @@ cookies to identify the shopping session. :reqheader Content-Type: application/json :` of this merchant. The wallet takes this value as-is from the contract - :`. The wallet can choose whether to take this value from the gotten contract (field `h_contract`), or regenerating one starting from the values it gets within the contract + :`. The wallet can choose whether to take this value obtained from the field `h_contract`, or regenerating one starting from the values it gets within the contract : Date: Sat, 31 Oct 2015 11:02:24 +0100 Subject: Parenthetical comment --- api-merchant.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 0ebd5f78..6be78c14 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -481,4 +481,5 @@ The following API are made available by the merchant's `backend` to the merchant **Failure Responses:** - The `backend` will return error codes received from the mint verbatim (see `/deposit` documentation for the mint API for possible errors). If the wallet made a mistake (for example, by double-spending), the `frontend` should pass the reply verbatim to the browser/wallet. (This is pretty much always the case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online.) + The `backend` will return error codes received from the mint verbatim (see `/deposit` documentation for the mint API for possible errors). If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. + -- cgit v1.2.3 From 7df646855907cfe68e3fcceca64c83e4a296688f Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Mon, 2 Nov 2015 17:15:53 +0100 Subject: Minor correction and cross linking --- api-merchant.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 6be78c14..426f49a7 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -473,7 +473,7 @@ The following API are made available by the merchant's `backend` to the merchant :reqheader Content-Type: application/json - The `frontend` passes the deposit permission received from the wallet, by adding the field `max_fee` (see `contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal + The `frontend` passes the deposit permission received from the wallet, by adding the field `max_fee` (see :ref:`contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal **Success Response: OK** @@ -481,5 +481,5 @@ The following API are made available by the merchant's `backend` to the merchant **Failure Responses:** - The `backend` will return error codes received from the mint verbatim (see `/deposit` documentation for the mint API for possible errors). If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. + The `backend` will return verbatim the error codes received from the mint's :ref:`deposit` API. If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. -- cgit v1.2.3 From 47aab2b85b89d265b0cf1705e5532edd59062a49 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Tue, 3 Nov 2015 17:11:10 +0100 Subject: Backwards explinations --- api-merchant.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 426f49a7..e82fd158 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -145,9 +145,9 @@ successful response to the following two calls: :>json object merchant: the set of values describing this `merchant`, defined below :>json base32 H_wire: the hash of the merchant's :ref:`wire details `; this information is typically added by the `backend` :>json base32 H_contract: encoding of the `h_contract` field of contract :ref:`blob `. Tough the wallet gets all required information to regenerate this hash code locally, the merchant sends it anyway to avoid subtle encoding errors, or to allow the wallet to double check its locally generated copy - :>json array auditors: a JSON array of `auditor` objects. To finalize the payment, the wallet should agree on a mint audited by one of these auditos. + :>json array auditors: a JSON array of `auditor` objects. The wallets might concievably insist on sharing using only a mint audited by certian auditors. :>json string pay_url: the URL where the merchant will receive the deposit permission (i.e. the payment) - :>json array mints: a JSON array of `mint` objects. The wallet is encouraged to agree on some of those mints, in case it can't agree on any auditor trusted by this merchant. + :>json array mints: a JSON array of `mint` objects. The wallet must select a mint that the merchant accepts. :>json object locations: maps labels for locations to detailed geographical location data (details for the format of locations are specified below). The label strings must not contain a colon (`:`). These locations can then be references by their respective labels throughout the contract. The `product` object focuses on the product being purchased from the merchant. It has the following structure: -- cgit v1.2.3 From 1a295029028853507c0a833864e2840f3512a678 Mon Sep 17 00:00:00 2001 From: Marcello Stanisci Date: Thu, 12 Nov 2015 23:24:34 +0100 Subject: adding interaction wallet-bank (#4047) --- api-merchant.rst | 14 +----- api-mint.rst | 1 - banks.rst | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ index.rst | 1 + 4 files changed, 149 insertions(+), 14 deletions(-) create mode 100644 banks.rst (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index e82fd158..daf94c4f 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -252,25 +252,13 @@ for example by updating the DOM to enable the respective button. The following events are needed when one of the two parties leaves the scenario. -First, if the Taler extension is unloaded while the user is +If the Taler extension is unloaded while the user is visiting a checkout page, the page should listen for the .. js:data:: taler-unload event to hide the Taler payment option. -Secondly, when the Taler extension is active and the user closes or navigates -away from the checkout page, the page should listen to a - - .. js:data:: taler-navigating-away - -event, and reply with a - - .. js:data:: taler-checkout-away - -event, in order to notify the extension that the user is leaving a checkout -page, so that the extension can change its color back to its default. - The following source code highlights the key steps for adding the Taler signaling to a checkout page: diff --git a/api-mint.rst b/api-mint.rst index 02a06a29..81f000a5 100644 --- a/api-mint.rst +++ b/api-mint.rst @@ -718,7 +718,6 @@ Administrative API: Bank transactions :>json string error: the error message (`permission denied`) :>json string hint: hint as to why permission was denied - ------------ The Test API ------------ diff --git a/banks.rst b/banks.rst new file mode 100644 index 00000000..27ab6bc0 --- /dev/null +++ b/banks.rst @@ -0,0 +1,147 @@ +=================================== +Interaction with banks Web portals +=================================== + +This section describes the interactions that should occur between +a wallet and a bank which chooses to adapt its Web portal to interact +with the Taler wallet. This interaction is supposed to occur when +the user is sending a SEPA transfer to some mint (i.e. he is creating +a new reserve). + + .. note:: + For its being in early stage of development, the following protocol is + implemented inside the mint code, through a ad-hoc website. + +Through this interaction, the wallet can generate a new reserve's public +key and insert it into the 'subject' field of the transfer without manual +copy&paste. Secondly, the wallet is then able to fetch the amount to be +tranferred to the mint directly from the Web form, in order to poll the mint +to check if the desired amount has been transferred. + +---------------------- +Mutual acknowledgement +---------------------- + +The mutual acknowledgement between a wallet and a bank portal occurs when +the user is on the page which hosts the SEPA form, and is realized by the +mean of JavaScript signals issued on the `body` HTML element. + +When the bank wants to notify to a wallet, it sends the following event: + + .. js:data:: taler-wire-probe + +This event must be sent from a callback for the `onload` event of the +`body` element, otherwise the extension would have not time to +register a listener for this event. It also needs to be sent when +the Taler extension is dynamically loaded, like when the user activates +the extension while he is on the SEPA form page. This is done by +listening for the + + .. js:data:: taler-load + +event. If the Taler extension is present, it will respond with a + + .. js:data:: taler-wallet-present + +event. The handler should then activate its mechanism to trigger the generation +of a new reserve key in the wallet, for example by updating the DOM to enable a +dedicated button. + +If the Taler extension is unloaded while the user is visiting a SEPA form page, +the page should listen for a + + .. js:data:: taler-unload + +event, in order to hide the previously enabled button. + +------------------------- +How to trigger the wallet +------------------------- + +This interaction will make the wallet generate a new reserve public key as +well as paste this information inside the SEPA form. Lastly, it allows the +wallet to fetch the desired amount to be transferred to the mint from the +SEPA form. Typically, it is initiated by the user pushing a button. + +The wallet listens to a + + .. js:data:: taler-create-reserve + +event, through which it expects to receive the following object: + +.. sourcecode:: javascript + {input_amount: input-amount-id, + input_pub: input-pub-id} + +`input-amount-id` is the `id` attribute of the HTML `input` element which +hosts the amount to wire to the desired mint. Please note that the wallet will +only accept amounts of the form `n[.x[y]] CUR`, where `CUR` is the ISO code +of the specified currency. So it may be necessary for the bank's webmaster to +preprocess this data to give it to the wallet in the right format. The wallet +will fetch this element through the following event, triggere by the `onsubmit` +attribute: + + .. js:data:: reserve-submitted + +`input-pub-id` must be the `id` of the `input` element which represents this +SEPA transfer's "subject". + +The following source code highlights the key steps for adding the Taler button +to trigger the wallet on a SEPA form page: + +.. sourcecode:: javascript + + function has_taler_wallet_callback(aEvent){ + // This function is called if a Taler wallet is available. + // suppose the radio button for the Taler option has + // the DOM ID attribute 'taler-wallet-trigger' + var tbutton = document.getElementById("taler-wallet-trigger"); + tbutton.removeAttribute("disabled"); + }; + + function taler_wallet_load_callback(aEvent){ + // let the Taler wallet know that this is a SEPA form page + // which supports Taler (the extension will have + // missed our initial 'taler-wire-probe' from onload()) + document.body.dispatchEvent(new Event('taler-wire-probe')); + }; + + function taler_wallet_unload_callback(aEvent){ + // suppose the button which triggers the wallet has + // the DOM ID attribute 'taler-wallet-trigger' + var tbutton = document.getElementById("taler-wallet-trigger"); + tbutton.setAttribute("disabled", "true"); + }; + +.. sourcecode:: html + + + ... + + +Finally, the following snippet shows how to trigger the wallet to make it +fetch the amount from the DOM + +.. sourcecode:: html + +
+ .. +
+ + diff --git a/index.rst b/index.rst index 597bb96d..991da528 100644 --- a/index.rst +++ b/index.rst @@ -31,6 +31,7 @@ Protocol Specification: api-mint api-merchant + banks Implementation: -- cgit v1.2.3 From 6442b830e572026247abfa44127784d2202b9c07 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Fri, 13 Nov 2015 17:47:39 +0100 Subject: Fix the logical OR between auditors or mints --- api-merchant.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index daf94c4f..22d8b148 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -145,11 +145,13 @@ successful response to the following two calls: :>json object merchant: the set of values describing this `merchant`, defined below :>json base32 H_wire: the hash of the merchant's :ref:`wire details `; this information is typically added by the `backend` :>json base32 H_contract: encoding of the `h_contract` field of contract :ref:`blob `. Tough the wallet gets all required information to regenerate this hash code locally, the merchant sends it anyway to avoid subtle encoding errors, or to allow the wallet to double check its locally generated copy - :>json array auditors: a JSON array of `auditor` objects. The wallets might concievably insist on sharing using only a mint audited by certian auditors. + :>json array auditors: a JSON array of `auditor` objects. Any mints audited by these auditors are accepted by the merchant. :>json string pay_url: the URL where the merchant will receive the deposit permission (i.e. the payment) - :>json array mints: a JSON array of `mint` objects. The wallet must select a mint that the merchant accepts. + :>json array mints: a JSON array of `mint` objects that the merchant accepts even if it does not accept any auditors that audit them. :>json object locations: maps labels for locations to detailed geographical location data (details for the format of locations are specified below). The label strings must not contain a colon (`:`). These locations can then be references by their respective labels throughout the contract. + The wallet must select a mint that either the mechant accepts directly by listing it in the mints arry, or for which the merchant accepts an auditor that audits that mint by listing it in the auditors array. + The `product` object focuses on the product being purchased from the merchant. It has the following structure: :>json string description: this object contains a human-readable description of the product -- cgit v1.2.3 From 3bb33cefa9226230244957b1c4e82c8b44b1a275 Mon Sep 17 00:00:00 2001 From: Marcello Stanisci Date: Thu, 19 Nov 2015 16:18:50 +0100 Subject: Indicating redirection to fullfillment page --- api-merchant.rst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 22d8b148..647b603f 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -413,10 +413,7 @@ cookies to identify the shopping session. **Success Response:** - :status 200 OK: the payment has been received. - :resheader Content-Type: text/html - - In this case the merchant sends back a `fullfillment` page in HTML, which the wallet will make the new `body` of the merchant's current page. It is just a confirmation of the positive transaction's conclusion. + :status 301 Redirection: the merchant should redirect the client to his fullfillment page, where the good outcome of the purchase must be shown to the user. **Failure Responses:** -- cgit v1.2.3 From e640b72ef66e14e533793939bd6dad5d76aee75b Mon Sep 17 00:00:00 2001 From: Marcello Stanisci Date: Thu, 19 Nov 2015 23:12:43 +0100 Subject: 'amount' field in deposit permission sent to backend --- api-merchant.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'api-merchant.rst') diff --git a/api-merchant.rst b/api-merchant.rst index 647b603f..93aba42e 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -389,6 +389,8 @@ cookies to identify the shopping session. :status 500 Internal Server Error: In most cases, some error occurred while the backend was generating the contract. For example, it failed to store it into its database. +.. _deposit-permission: + .. http:post:: /taler/pay Send the deposit permission to the merchant. Note that the URL may differ between @@ -460,7 +462,7 @@ The following API are made available by the merchant's `backend` to the merchant :reqheader Content-Type: application/json - The `frontend` passes the deposit permission received from the wallet, by adding the field `max_fee` (see :ref:`contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal + The `frontend` passes the :ref:`deposit permission ` received from the wallet, by adding the fields `max_fee`, `amount` (see :ref:`contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal **Success Response: OK** @@ -468,5 +470,5 @@ The following API are made available by the merchant's `backend` to the merchant **Failure Responses:** - The `backend` will return verbatim the error codes received from the mint's :ref:`deposit` API. If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. + The `backend` will return verbatim the error codes received from the mint's :ref:`deposit ` API. If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. -- cgit v1.2.3