docs: enrich core-concepts with comprehensive UCP protocol overview#336
docs: enrich core-concepts with comprehensive UCP protocol overview#336amithanda wants to merge 7 commits intoUniversal-Commerce-Protocol:mainfrom
Conversation
- Replace "consumer surfaces/platforms" with "consumer platforms" and "businesses" with "business platforms" for consistency. - Enhance the definitions of consumer and business platforms, emphasizing their roles in capability consumption and exposure. - Revise key goals and responsibilities to reflect updated terminology and clarify the interaction dynamics within the UCP framework. - Introduce a new section on capabilities, detailing their structure and examples to improve understanding of UCP's functionality.
amithanda
requested review from
MitkoDeyanovMitev,
aksbro-gpu,
igrigorik,
richmolj and
westeezy
igrigorik
left a comment
igrigorik
left a comment
There was a problem hiding this comment.
Nice update! Some suggestions and bugfixes...
| way without building custom integrations for every platform. | ||
| * **Payment & Credential Providers:** To securely exchange tokens and | ||
| credentials to facilitate transactions. | ||
| * **Consumer Platforms:** To dynamically discover and consume the capabilities business platform exposes. |
There was a problem hiding this comment.
We're now reusing platform across consumer and business, which is confusing. I think previous headings were better, but new text is good.
- Platforms: ...
- Businesses: ...
- Payment & Credential Providers: ...
There was a problem hiding this comment.
I tend to agree with @igrigorik that we should avoid using "platform" as an optional qualifier for a Business if there is the definitive "Platform" (the consumer of capabilities) that is already established above.
There was a problem hiding this comment.
The reason I was planning to move away from just Platforms & Businesses is that for future B2B use cases, it is going to be confusing when one business is a consumer of a service and other business is a provider of service. Many businesses consider themselves "Platforms" so it does not disambiguate clearly. Take a B2B example of Logistics provider and retailer, both are businesses, so the platform v/s business separation is not clear enough but if we use consumer platform / business platform, we can highlight the relationship rooted in consumer/provider of capabilities. This helps both B2B, B2C scenarios and in our documentation we can stick to the direction of capability exchanges and make it more generic. Open to more suggestions and thoughts.
There was a problem hiding this comment.
Switched to using Platforms and Businesses.
gsmith85
left a comment
gsmith85
left a comment
There was a problem hiding this comment.
Added some additional comments that push on clarity, but overall looks great.
| [Schema Reference](../specification/reference.md). | ||
|
|
||
| !!! note "Terminology" | ||
| Throughout this documentation, **Platform** (or *consumer platform*) refers to any entity that *consumes* capabilities — an app, an AI agent, a procurement system, or another business. **Business** (or *business platform*) refers to any entity that *exposes* capabilities — a retailer, a supplier, a service provider, or any other participant offering commerce functionality. These roles are defined by direction of capability flow, not by industry vertical, making UCP equally applicable to B2C, B2B, and agent-to-agent commerce. The terms *consumer surface* and *merchant platform* may appear in earlier drafts and community discussions — they are synonymous with Platform and Business respectively. |
There was a problem hiding this comment.
Within /ucp "merchant platform" only appears in #152 and you're scrubbing all usages of "consumer surface" which only appeared in core-concepts.md. You can likely drop the last line on historical terminology unless you need the continuity with internal documentation.
There was a problem hiding this comment.
We discussed during our last TC review and decided to pivot towards using client and provider instead of using Platform and Business to be more futureproof. We aligned that a note is still warranted to avoid any confusion and we can remove it in future. I have made a bunch of changes to the file to conform to the new terms. PTAL again.
There was a problem hiding this comment.
after getting a quick sense about the changes it will take to switch to the new terminology, I have reverted back to using Platform and Business. I have removed the additional note as that is no longer need.
| way without building custom integrations for every platform. | ||
| * **Payment & Credential Providers:** To securely exchange tokens and | ||
| credentials to facilitate transactions. | ||
| * **Consumer Platforms:** To dynamically discover and consume the capabilities business platform exposes. |
There was a problem hiding this comment.
I tend to agree with @igrigorik that we should avoid using "platform" as an optional qualifier for a Business if there is the definitive "Platform" (the consumer of capabilities) that is already established above.
| * **Agentic Commerce:** Enable AI agents to act on behalf of users to complete | ||
| complex tasks like "Find a headset under $100 and buy it." | ||
| * **Agentic Commerce:** Enable AI agents to act on behalf of any principal — | ||
| a consumer, an enterprise buyer, or an automated system — to execute |
There was a problem hiding this comment.
To distinguish between the dimensions at play, consider reframing this as:
Enable AI agents to act on behalf of varied principals (an individual, organization, or another agent) and agentic shopping modalities (human-in-the-loop, fully autonomous).
There was a problem hiding this comment.
Made some changes. PTAL.
| * **Examples:** Retailers, Airlines, Hotel Chains, Service Providers. | ||
| * **Responsibilities:** Publishing a capability profile, declaring supported | ||
| services and extensions, processing capability invocations, and managing | ||
| the transaction or interaction lifecycle. |
There was a problem hiding this comment.
Between "managing capability sessions" above and "the transaction or interaction lifecycle" here it may be useful to establish standard terminology that captures that (i) capabilities may or may-not be transactional and (ii) capabilities may or may-not be stateful / have an interaction lifecycle. I think it would allow these explanations to be more precise without hedged language.
For illustration, catalog.lookup is non-transactional/stateless, cart is non-transactional/stateful, and checkout is transactional/stateful.
There was a problem hiding this comment.
Made some changes. PTAL.
| credentials to facilitate transactions. | ||
| * **Consumer Platforms:** To dynamically discover and consume the capabilities business platform exposes. | ||
| * **Business Platforms:** To declare what they offer and how they operate — once — and have any compatible platform discover and use it without bespoke integrations. | ||
| * **Payment & Credential Providers:** To securely hold sensitive user data and issue tokens or credentials on behalf of users, so that platforms and businesses never handle raw payment or identity information directly. |
There was a problem hiding this comment.
UCP's identity protection story is really about OAuth delegation (the platform gets an access token, never the user's credentials at the business) so perhaps we say that explicitly, instead of borrowing "raw" which is more footed in payments?
There was a problem hiding this comment.
We are actively working on supporting other identity schemes, so I would like to avoid anchoring this in just OAuth delegation. It will get out of date very quickly :)
There was a problem hiding this comment.
Made some changes, let me know if they address your feedback.
- Clarified the role of Payment & Credential Providers to emphasize the secure handling of sensitive user data. - Enhanced the description of Agentic Commerce to include various modalities for AI agents. - Revised terminology for distinct actors in the UCP framework to improve clarity. - Updated capability negotiation process to specify version selection and mutual agreement. - Improved examples and descriptions for capabilities and transport bindings to align with current standards.
- Updated terminology to replace "consumer platforms" with "clients" and "business platforms" with "providers" for consistency and clarity. - Enhanced descriptions of the roles and responsibilities of clients and providers in the UCP framework. - Revised key goals and capabilities to reflect the updated terminology and improve understanding of UCP's functionality.
|
I just tried to get a sense for what a broader change from Key complications: platform-tokenizer-payment-handler.md — "Platform Tokenizer" is a named payment handler pattern, not just a role reference. Renaming it to "Client Tokenizer" changes the meaning of a defined artifact. I think we can stick to |
- Replaced "Client" with "Platform" and "Provider" with "Business" for consistency.
raginpirate
left a comment
raginpirate
left a comment
There was a problem hiding this comment.
Small feedback related to the payments portions; these changes look great!
| credentials to facilitate transactions. | ||
| * **Platforms:** To dynamically discover and consume the capabilities a business exposes. | ||
| * **Businesses:** To declare what they offer and how they operate — once — and have any compatible platform discover and use it without bespoke integrations. | ||
| * **Payment & Credential Providers:** To securely hold sensitive user data and issue tokens or credentials on behalf of users, so that platforms and businesses never handle sensitive payment or identity information directly. |
There was a problem hiding this comment.
Opinion: I don't think this explanation fits the goal of UCP for Payment credential providers, it reads more like how businesses and platforms are using them. I also think we overreach a bit saying that platforms and businesses are not allowed to handle sensitive context if they want to.
Possible alternative phrasing, zoomed in on what UCP is empowering for payment & credential providers.
| * **Payment & Credential Providers:** To securely hold sensitive user data and issue tokens or credentials on behalf of users, so that platforms and businesses never handle sensitive payment or identity information directly. | |
| * **Payment & Credential Providers:** To expose their services — tokenization, vaulting, credential issuance — once, and power secure commerce for users across any compatible platform and business. |
| This architecture keeps raw card data off the platform-to-business API, | ||
| minimizing PCI scope for the platform and reducing compliance surface for the | ||
| overall integration. |
There was a problem hiding this comment.
nit: this mentions cards and PCI, which is bringing in specific instrument context to an otherwise agnostic conversation. I also think that these points have generally been made already, maybe we can just drop this paragraph entirely? Non-blocking.
| 2. **Platform ↔ Credential Provider (CP)** — The platform acquires a payment | ||
| instrument (token, encrypted payload) directly from the CP, keeping raw | ||
| credentials off the platform-to-business API. |
There was a problem hiding this comment.
Should this be a may? Its very possible to avoid using credential providers in UCP.
| 2. **Platform ↔ Credential Provider (CP)** — The platform acquires a payment | |
| instrument (token, encrypted payload) directly from the CP, keeping raw | |
| credentials off the platform-to-business API. | |
| 2. **Platform ↔ Credential Provider (CP)** — The platform may leverage an independent credential provider to prepare encrypted or tokenized payloads, keeping raw credentials abstracted away from the platform-to-business APIs. |
4 participants
Description
Updated
docs/documentation/core-concepts.mdto provide a more complete, accurate, and generic view of the UCP protocol. The page previously contained only a brief intro and architecture diagram; it now serves as a comprehensive reference for core protocol concepts.Key changes:
dev.ucp.*reservation, and vendor-namespace extensibilitysupported_versionsType of change
Checklist