[Openid-specs-fapi] Issue #120: CIBA: x-fapi-device-id header (openid/fapi)

Dave Tonge dave.tonge at momentumft.co.uk
Wed Jul 19 13:56:40 UTC 2017

please note, the wording should say: "in situations where the *user* does
not control the consumption device" (not client).

On 19 July 2017 at 14:53, Dave Tonge via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> New issue 120: CIBA: x-fapi-device-id header
> https://bitbucket.org/openid/fapi/issues/120/ciba-x-fapi-device-id-header
> Dave Tonge:
> For CIBA flows it doesn't always make sense for the client to send
> customer ip address or last logged in headers.
> However it may be beneficial to send an identifier for the "consumption
> device", I've got this wording in the current draft of the FAPI CIBA
> profile:
> ```
> In situations where the client does not control the consumption device,
> the client
>  - shall not send x-fapi-customer-ip-address or
> x-fapi-customer-last-logged-time headers;
>  - should send a x-fapi-device-id header which contains an identifier of
> the consumption device used by the customer.
> NOTE: It may be useful for an FI’s fraud systems to know the device that is
> the source of payment initiation requests, hence the recommendation for
> the x-fapi-device-id header.
> ```
> I'd welcome feedback on this.
> Responsible: dgtonge
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

Dave Tonge
[image: Moneyhub Enterprise]
10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Momentum Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Momentum Financial Technology is entered on the
Financial Services Register (FRN 561538) at fca.org.uk/register. Momentum
Financial Technology is registered in England & Wales, company registration
number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER:
This email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170719/40fdc108/attachment.html>

More information about the Openid-specs-fapi mailing list