Skip to content

Token Negotiation

Weiwu Zhang edited this page Dec 13, 2019 · 12 revisions

Minimum example:

Without token negotiation With token negotiation
Website: Provide an email address, we will email you the report.
User: type in the email address.
Website: Good. Now we sent you a verification code. Type the code here.
Website: Provide an email address, we will email you the report.
User: use an email address attestation (as a token).
Website: Report sent.

Elaborate example (5 tokens used in one process)

  1. User access Nier: Automata website.
  2. Website: you have to be over 18 years old.
  3. The user provides cryptographic proof of age through an identity attestation.
  4. The website displays a list of products and prices.†
  5. The user activates a subscription token.
  6. The website refreshes (or partially refreshes) with the price for subscribers.
  7. The user clicks "Buy"
  8. The website displays price in USD.‡
  9. The user activates Gamer Credit token payment token.
  10. The website refreshes (or partially refreshes) with the price in Gamer Credit.
  11. The user activates mate-rate voucher.
  12. The website refreshes (or partially refreshes) with the mate-rate applied.
  13. The user activates AusPost Prime for delivery.
  14. The website refreshes (or partially refreshes) to show delivery fee being deducted (also the delivery address is no longer needed as AusPost Prime can provide that).
  15. The user hit "Pay" and signs the transaction. Some or all of the activated tokens (an attestation counted towards a token) are used in the resulting transaction.
  16. The website waits for the transaction and displays the result.

† Behind the scene, the website declares it accepts a list of tokens including subscription token.

‡ Behind the scene, the website declares it accepts a list of tokens for payment.

Filter

On 1st Jan 2018, BWS, a website, requires the buyer to be over 18 years old. It request an identity attestation:

(&(|(objectClass=DriverLicence))(objectClass=Passport))(valid>=2018101)(birthDate<20000101))

That is a filter which means: either Driver's licence and Passport can be used on the website, as long as it isn't expired on that day, and has a birthDate earlier than 18 years ago.

Note that the filter only describes what tokens can be used on the web page, it doesn't dictate whether or not the website should halt the process until a matching token is supplied. In this example, the website halts since it's a legal requirement. But later on the same website, it could provide a filter so the visitor can use American Express membership token, and it would not halt the checkout flow if the user doesn't have such a token.

The website's reaction

  • In the above example, the reaction is simply allowing the purchase to continue. There are more complicated cases. For example, if you use an American Express membership token, the price is $10 off for $100 minimum spent.

  • A website should be designed to allow the user to test the use of a token. e.g. the user can activate the American Express membership token and see if the price is changed (hopefully lower), then deactivate it to proceed on. In many cases, the token's effect is not finalised until used on a transaction.