|
| 1 | +--- |
| 2 | +dip: 172 |
| 3 | +title: P2M (eCommerce) On-Chain Registration |
| 4 | +authors: Dimitri Roche (@dimroc), David Wolinsky (@davidw) |
| 5 | +status: Draft |
| 6 | +type: Standard |
| 7 | +created: 05/14/2021 |
| 8 | +--- |
| 9 | + |
| 10 | +# Summary |
| 11 | + |
| 12 | +This DIP describes the registration step for VASPs to enable eCommerce peer to merchant (P2M) payments. By writing on-chain a VASP’s P2M configuration, future off-chain P2M VASP activity will have the information needed to complete the payment process. |
| 13 | + |
| 14 | +This DIP builds on previous work in the space of P2M and identity. [DIP-158](https://github.com/diem/dip/blob/main/dips/dip-158.md) describes one approach for supporting P2M leveraging the Diem off-chain protocol defined in DIP-1. DIP-10 defines an on-chain naming service for VASPs, namely the domain portion of a DiemId. |
| 15 | + |
| 16 | +While there might be many P2M flows, three basic elements can be used to construct many of them: |
| 17 | +A flag signifying whether or not the VASP supports the customer flows for P2M payments |
| 18 | +An authentication URL to kick start the peer authentication and authorization within the customer’s VASP of [DIP-158](https://github.com/diem/dip/blob/main/dips/dip-158.md) |
| 19 | +An URL that links to an image representing the VASPs business |
| 20 | + |
| 21 | +--- |
| 22 | + |
| 23 | +# Example Flow |
| 24 | + |
| 25 | +The scenario begins with a customer, Alice, entering the checkout flow of a merchant website: |
| 26 | +1. Alice is presented with several options for payment, one of which is “Pay with Diem”. |
| 27 | +1. Upon selecting that option, Alice is presented with a typeahead to enter their DiemId, e.g., alice@CustomerVASP. |
| 28 | +1. Simultaneously the merchant site initiates [DIP-158](https://github.com/diem/dip/blob/main/dips/dip-158.md) with its VASP, the merchant VASP, which returns to the merchant site a reference id that represents the payment agreement and the merchant VASP’s on-chain account address. |
| 29 | +1. The merchant site leverages the on-chain configuration to translate CustomerVASP into an authentication url for iframe integration and includes the reference id and account address provided earlier. |
| 30 | +1. Alice then authenticates with her VASP (CustomerVASP) and confirms the payment agreement with the merchant resulting in the completion of the [DIP-158](https://github.com/diem/dip/blob/main/dips/dip-158.md) protocol. |
| 31 | + |
| 32 | + |
| 33 | + |
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +# On-chain Data |
| 40 | + |
| 41 | +### P2M Configuration |
| 42 | + |
| 43 | +```rust |
| 44 | +resource struct CustomerVASPConfig { |
| 45 | + enabled: bool, |
| 46 | + authentication_url: vector<u8>, // UTF-8 encoded string |
| 47 | + image_url: vector<u8>, // UTF-8 encoded string |
| 48 | +} |
| 49 | +``` |
| 50 | + |
| 51 | +#### Field definitions: |
| 52 | +* `enabled` -- defines whether or not the VASP is currently supporting P2M checkout. The intent here is that the customer experience should be seamless and not require awkward checks between the merchant VASP and customer VASP to validate whether or not the customer VASP supports merchant checkout. If this is false or the CustomerVASPConfig does not exist, then the customer VASP does not support checkout. |
| 53 | +* `authentication_url` -- an endpoint that provides an authentication and authorization flow for the customer, the expected format is defined in [DIP-158’s appendix](https://github.com/diem/dip/blob/main/dips/dip-158.md#appendix-a---prerequisite-sharing-common-payment-identifier-and-address) |
| 54 | +* `image_url` -- an endpoint that points to a standard image type (png, jpeg, gif) and is expected to be no larger than 100 KB (or maybe 10 KB?, the merchant or merchant VASP can always resize larger images to be smaller). |
| 55 | + |
| 56 | +# On-chain Events |
| 57 | + |
| 58 | +In order to efficiently identify updates to this, every change to a CustomerVASPConfig results in an event being fired from the TreasuryCompliance account (address 0xB1E55ED). |
| 59 | + |
| 60 | +```rust |
| 61 | +resource struct CustomerVASPConfigEventManager { |
| 62 | + events: Event::EventHandle<Self::CustomerVASPConfigEvent>, |
| 63 | +} |
| 64 | + |
| 65 | +struct CustomerVASPConfigEvent { |
| 66 | + enabled: bool, |
| 67 | + authentication_url: vector<u8>, |
| 68 | + image_url: vector<u8>, |
| 69 | +} |
| 70 | +``` |
0 commit comments