[Openid-specs-fapi] Issue #49: x-fapi-FinancialId (openid/fapi)

Saxena, Anoop Anoop_Saxena at intuit.com
Fri Dec 9 23:00:23 UTC 2016


Hello Nat,

1) I think we need to be flexible ... It could be Bank or Service  Bureau. In Most cases, it will be service bureau ... who may provide online banking as well OAUTH integration & Data.
2) Yes if they are supplying data as they host the bank application ... they will need ability to decrypt.




-----Original Message-----
From: Nat Sakimura [mailto:nat at sakimura.org] 
Sent: Thursday, December 08, 2016 6:02 PM
To: Saxena, Anoop <Anoop_Saxena at intuit.com>
Cc: Openid-specs Fapi <openid-specs-fapi at lists.openid.net>; Brian Costello <BCostello at yodlee.com>
Subject: RE: [Openid-specs-fapi] Issue #49: x-fapi-FinancialId (openid/fapi)

Let me rephrase the question.

1) In the service bereau case, is the issuer going to be the bank or the service bereau?
    (In our case, it is bank but I suspect it may vary.)
2) Has the service bereau always got the ability to decrypt the payload when it were encrypted?
    (If not, the routing info needs to be in the clear, typically in the
header.)

Best,

---
Nat Sakimura
Chairman, OpenID Foundation

On 2016-12-09 09:57, Saxena, Anoop wrote:
> Hello Nat,
> 
> "x-fapi-financialid" - the use case is for service bureau ( that 
> process multiple banks data and run as data center operation for 
> banks).
> 
> Example: When Client (Intuit) connect to banks using API, 
> x-fapi-financialid will indicate the bank we are trying to get data 
> inside service bureau.
> Service bureau can route the data API request to internal bank 
> specific system. Service bureau can implement swimlane/sharding based 
> on x-fapi-financialid value.
> 
> If issuer definition fits above criteria ... I am ok with removing "
> x-fapi-financialid".
> 
> Hi Brian - Any additional thoughts?
> 
> Thanks,
> 
> Anoop Saxena
> Architect
> Intuit | simplify the business of lifetm
> o: 818-436-8524        m: 8182974282
> 
> 
> -----Original Message-----
> From: Nat Sakimura [mailto:nat at sakimura.org]
> Sent: Wednesday, December 07, 2016 12:23 PM
> To: Saxena, Anoop <Anoop_Saxena at intuit.com>; Openid-specs Fapi 
> <openid-specs-fapi at lists.openid.net>; Brian Costello 
> <BCostello at yodlee.com>
> Subject: Fwd: [Openid-specs-fapi] Issue #49: x-fapi-FinancialId
> (openid/fapi)
> 
> Hi Anoop and Brian,
> 
> This issue was discussed today in the call and we wanted to ask your 
> guidance.
> I understand that x-fapi-financialid and iss can be different strings.
> The question are
> 
> 1)  whether they point to a same entity or it could be different?
> 2)  if they are pointing to a same entity, why not just the issuer do?
> 
> Please refer to the meeting notes from today's call for some more 
> background.
> 
> Best,
> 
> ---
> Nat Sakimura
> Chairman, OpenID Foundation
> 
> -------- Original Message --------
> Subject: [Openid-specs-fapi] Issue #49: x-fapi-FinancialId
> (openid/fapi)
> Date: 2016-12-07 22:35
>  From: Dave Tonge via Openid-specs-fapi 
> <openid-specs-fapi at lists.openid.net>
> To: openid-specs-fapi at lists.openid.net
> Reply-To: Dave Tonge <issues-reply at bitbucket.org>, Financial API 
> Working Group List <openid-specs-fapi at lists.openid.net>
> 
> New issue 49: x-fapi-FinancialId
> https://bitbucket.org/openid/fapi/issues/49/x-fapi-financialid
> 
> Dave Tonge:
> 
> https://bitbucket.org/openid/fapi/annotate/d4edc14c0b76155c97623edb521
> bfdc56afd64b7/Financial_API_WD_001.md?at=master&fileviewer=file-view-d
> efault#Financial_API_WD_001.md-272
> 
> I suggest that this is removed if it is not required. Shouldn't the 
> `iss` be enough?
> 
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi


More information about the Openid-specs-fapi mailing list