I don't think that the Bitcoin URI on its own is sufficient. Bitcoin provides a strong case to make the 402 PAYMENT_REQUIRED HTTP response code much more useful and I would like to solicit further comments from the community on this.
Here is a simplified version of Matt's original proposal:
Current credit card approachThe HTTP traffic surrounding a standard credit card intercept looks like this:
> GET /premium/track/10
> Accept: audio/ogg
< 302 FOUND
< Location:
https://secure.example.org/cc-form.htmlThe above response initiates a chain of requests and responses involving the entry of a number of credentials which culminates in the server accepting that payment has been made and then delivering the content.
What should be noted is that the use of the 302 FOUND is subverting the semantics of the HTTP response code. The resource has not been temporarily moved, rather a new process has been introduced. There is a specific HTTP response code for this scenario but it has not been given sufficient detail in the current HTTP specification.
Proposed internet currency approachThere are many competing technologies in the online payment space. However, Bitcoin has the advantage of having a single URI providing all the information required to make a secure payment.
> GET /premium/track/10
> Accept: audio/ogg; payment/litecoin; q=0.2, payment/bitcoin
Bitcoin response
< 402 PAYMENT_REQUIRED
< Location:
bitcoin:1KzTSfqjF2iKCduwz59nv2uqh1W2JsTxZH?amount=0.5&label=Track10
In the second approach, the client is able to specify a range of preferred payment protocols which the server can negotiate. The above request would be interpreted as "I want audio/ogg, but if payment has to be made then I prefer Bitcoin but Litecoin is acceptable".
Since an appropriate HTTP response code is being given the client knows that it has to initiate a payment. This could trigger additional security measures and warnings to the user. The Location header provides a URI which can be handled by the client, such as a HTTPS URI, or by a dedicated protocol handler such as a Bitcoin client.
I've been in discussion with Michael Leonhard who manages the
http://http402.org/ site and he is of the opinion that Roy Fielding or Tim Berners-Lee
might be interested in this.