Alan, I would totally be interested in a project like this! And I would love to see it on github so I could easily fork it, send pull requests, etc.
Somewhat related is the question I posted on StackOverflow about payment gateway libraries: http://stackoverflow.com/questions/2870255/open-payment-gateway-libraries-for-java-python-ruby-node-js-and-php >From what I've seen, there are not really any decent Java-based payment gateway libraries out there. Other languages have robust solutions that support many different gateways. So my plan at the moment is to run ActiveMerchant (ruby-based) or PayNode (node.js-based) with a REST api that my Java service layer can talk to. What you are describing really sounds to me more like a "vault" service that would be independent of the gateway you choose to use. I'm going to use a 3rd-party vault service, such as Authorize.Net's CIM so that I don't have to handle credit card information locally. That way, my java app only needs to store a token that represents a customer's credit card. But having an open source vault implementation would be very nice. As an organization grows, it would make sense to bring that in-house. So having the solution be a full payment gateway library would really make sense and would give the user an upgrade path from a 3rd-party vault service to a local PCI compliant vault service. The biggest issue I have with 3rd-party vault services is vendor lock-in. If I no longer want to use Authorize.Net, but all my customer's credit cards are stored in CIM, how can I easily switch to Braintree or something else? All my customers would have to enter their credit cards again. That's a big motivator to use your own vault service. Unfortunately, being PCI compliant is expensive, so I would think this really would only make sense for larger organizations. In the meantime, paying $20/mo for CIM isn't too bad. Having an easy upgrade path would give peace of mind. Tauren On Thu, Jan 20, 2011 at 2:17 PM, Les Hazlewood <[email protected]> wrote: > Hi Alan, > > I'm very much interested in a project like this, but I fear that it > might be out of scope for the Shiro project itself: Shiro's mission > is to be a development framework that is used to create applications - > if we build and distribute full-fledged applications using Shiro, it > feels like we've stepped beyond the bounds of our mission statement. > > Now, what I would think appropriate is that any code that is written > in the course of building such a project that is thought to be > re-usable for other projects - that could very easily roll back into > Shiro so others can benefit from it (and so the respective project(s) > don't need to maintain it). > > Does that make sense? I think it's a great idea, but probably better > suited to it's own project space (maybe an Incubator or GitHub > project?). > > My .02, > > Les > > On Thu, Jan 20, 2011 at 6:49 AM, Alan D. Cabrera <[email protected]> wrote: >> I think it will be useful to build a server that manages credit cards and >> hosts payment requests in a secure manner so that websites can be PCI >> compliant. This is something that all websites that take payments >> eventually have to accommodate. A REST/JSON based server that you can put >> behind a firewall would be just the ticket. >> >> I was wondering if this would be a good project to do the work in. >> >> Thoughts? >> >> >> Regards, >> Alan >
