[Openid-specs-fapi] Fwd: Re: [Openid-lc] Letter to the Euro Retail Payments Board
Nat Sakimura
nat at sakimura.org
Thu May 11 05:02:38 UTC 2017
Forwarding...
---
Nat Sakimura
Research Fellow, Nomura Research Institute
Chairman of the Board, OpenID Foundation
-------- Original Message --------
Subject: Re: [Openid-lc] Letter to the Euro Retail Payments Board
Date: 2017-05-11 14:00
From: Nat Sakimura via Openid-lc <openid-lc at lists.openid.net>
To: Dave Tonge <dave.tonge at moneyhub.com>
Cc: Openid-lc at lists.openid.net
Reply-To: Nat Sakimura <nat at sakimura.org>
Thanks Dave for coming up with this.
A couple of suggestions.
1. Insert (https://openid.net/) after the "OpenID Foundation" so that
it becomes
The OpenID Foundation (https://openid.net/) is a nonprofit
2. Change (Nomura) to (Nomura Research Institute)
3. List the highlighted risk as sub-bullets of "2. To highlight the
risks with some of the technical proposals that are being considered
across Europe". Align the section headers with it. e.g.
- Risk of not having an authorisation standard
- Risk of private key compromise through using a single certificate for
all operations
- Risk of using Man-in-the-middle for PSP authentication
4. Change "are" to "includes" so that it will become:
Its members includes key authors for many of the IETF standards
relating to OAuth 2.0 and OpenID Connect.
5. Change "ISO TC68" to "ISO/TC68".
6. Change x509 to X.509.
7. Number each heading so that it will be easier to reference the
section.
8. On a more general note, I was not very sure of what we are trying to
express in "The Need for an Authorisation Standard" because I do not
know what they are trying to do. What are they trying to do and what
risk are we trying to communicate? If it could be expressed clearer, it
would be great.
9. In "Using a single certificate for all operations is bad practice",
at the end, perhaps we can talk about the use of the software statement
and the dynamic registration leveraging on the work UK OB did.
Best,
---
Nat Sakimura
Research Fellow, Nomura Research Institute
Chairman of the Board, OpenID Foundation
On 2017-05-10 17:29, Dave Tonge wrote:
> Dear List Members,
>
> I would like to send the attached letter to the Co-Chairs of the
> Payment Initiation Services Identification Subgroup at the Working
> Group on Payment Initiation Services at the Euro Retail Payments
> Board.
>
> This working group was established to help establish technical
> standards for PSD2 [1] (the EU 2nd Payment Services Directive). I
> would like to establish a relationship with the working group and make
> them aware of the FAPI WG. In the letter I am also expressing concern
> at some of the technical solutions currently being proposed by the
> working group.
>
> I have attached the letter as a PDF, it is also available via Google
> Docs
> here: https://docs.google.com/document/d/1SB8ZRiOH5GJOtAl2KYJv9M4-kMua_zBAsGZDYNlGuj0/edit?usp=sharing
> [2]
>
> I welcome any comments or feedback on the letter.
>
> Thank you
>
> --
>
> Dave Tonge
> CTO
> , Moneyhub
>
>
>
>
>
> Links:
> ------
> [1]
> https://www.ecb.europa.eu/paym/retpaym/shared/pdf/6th-ERPB-meeting/Pan-European_integration_of_payment_initiation_services_PIS.pdf?6cd5510c82f6e7d2fa308cc46b68279c
> [2]
> https://docs.google.com/document/d/1SB8ZRiOH5GJOtAl2KYJv9M4-kMua_zBAsGZDYNlGuj0/edit?usp=sharing
_______________________________________________
Openid-lc mailing list
Openid-lc at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-lc
More information about the Openid-specs-fapi
mailing list