[Openid-specs-fapi] The FAPI Security Model - Under Fire

n-sakimura n-sakimura at nri.co.jp
Sun Feb 25 02:44:04 UTC 2018

Could you guys please elaborate a little more?

Nat Sakimura

PLEASE READ:This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail.

From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Tom Jones via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Sunday, February 25, 2018 4:24:06 AM
To: Financial API Working Group List
Cc: Tom Jones
Subject: Re: [Openid-specs-fapi] The FAPI Security Model - Under Fire

yeah, that fits the UK business model.
It wont fly in the US however.

Peace ..tom

On Thu, Feb 22, 2018 at 11:53 PM, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>> wrote:
Hi FAPIers,

As a curious person I have always wondered how Open Banking/PISP/SCA would combine with Amazon's famous one-click checkout.

Various LinkedIn and Slack conversations have revealed the (ugly?) truth.

The intention (at least in the UK), is giving OAuth tokens "eternal life" and rather letting PISPs (Amazon is expected to be a one), deal with payer authorization.  This faithfully emulates the "card-on-file" system that powers most US based super providers.

Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net<mailto:Openid-specs-fapi at lists.openid.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180225/244c46a3/attachment.html>

More information about the Openid-specs-fapi mailing list