[Openid-specs-fapi] W3C PaymentHandler - Impact on Open Banking

Anders Rundgren anders.rundgren.net at gmail.com
Mon Jun 17 04:26:15 UTC 2019 

On 2019-06-17 02:10, nat at sakimura.org wrote:
> Hi Anders,
> 
> Which solution are you referring to?

https://www.w3.org/TR/payment-handler/

It is a way to store JS based bank-specific code in the browser that is exclusively invokable by the W3C PaymentRequest API.
It is a very powerful concept but it also have snags like:
- Due to the browser domain-security model you effectively have to surf to the bank first to get the code.  Google have come up with a JIT scheme which limits this problem though.
- The integration with WebAuth is not comparable with native solutions.
- It doesn't define a wallet.

Although not directly related to PaymentHandler, the payer-bank-to-merchant security solutions are still undefined.

Anders

> 
>  > The "where-are-you-from" problem which also affects "PayWithYourBank" schemes has finally gotten a solution in the release version of Chrome.
> 
> Nat Sakimura
> Chairman, OpenID Foundation
> https://nat.sakimura.org
> 2019年5月24日 14:52 +0900、Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>のメール:
>> s/do longer/no longer/
>> On 2019-05-24 07:31, Anders Rundgren wrote:
>>> The "where-are-you-from" problem which also affects "PayWithYourBank" schemes has finally gotten a solution in the release version of Chrome.
>>>
>>> That is, on-line Merchants do longer need to figure out:
>>> - Which bank you want to use
>>> - Which payment networks/methods you have
>>> The Browser does that (under Your supervision).
>>>
>>> Will this then become the norm? Although PaymentHandler is cool, 360° native wallets have more power and better security.
>>>
>>> The W3C do not realize that neither the industry nor the customers care that much about the "true Web". What though nobody wants are tons of "competing" apps but that's a Darwinian issue rather than a technical one.
>>>
>>> With respect to Open Banking this looks like yet another blow at the PISP concept although not of the same magnitude as:
>>> https://www.linkedin.com/feed/update/urn:li:activity:6537211377667321856/
>>>
>>> Anders
>>>
>>
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

More information about the Openid-specs-fapi mailing list