[Openid-specs-fapi] Fwd: Letter from Vice-President Valdis Dombrovskis: Comments about Redirection
philippe.leothaud at 42crunch.com
Sat Mar 9 15:20:07 UTC 2019
I suspect his problem is not the redirection per se, but a redirection "to
the Banks' Web pages or apps"
I guess he would prefer to have redirection to a public OP and not to the
banks' ones though it's just me guessing
On Sat, Mar 9, 2019 at 3:31 PM nat via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> Restarting the thread as I want to make a youtube video on this one and
> want to hear your opinions.
> So, Mr Dombrovskis says:
> "I would like to encourage industry players to shift their attention
> away from authentication methods that are redirecting TPP customers to
> the banks' webpages (or apps). This cannot be the basis for innovative
> and competitive European payment services. Instead, the focus should in
> my view be on the development of convenient and secure new
> authentication methods. Such new forms of authentication, which are now
> more and more widely used, can be linked to e-IDs, issued by public
> authorities or private entities as in the Nordic countries, that may be
> used by customers with numerous market participants..."
> What I do not understand is that why he thinks "Such new forms of
> authentication" does not involve a redirect.
> As far as I understand, "private entities as in the Nordic countries"
> uses either SAML or OpenID Connect and make use of "redirect" to perform
> the user authentication that is linked to e-IDs, and they are provided
> by banks. If I am right, then the above statement is saying:
> "Shift their attention away from authentication methods that are
> redirecting TPP customers to the banks' webpages (or apps) to
> authentication methods that are redirecting TPP customers to the banks'
> webpages (or apps)."
> It just does not make sense...
> I could go on with a generic Youtube video showing how redirecting can
> be non-intrusing but I wanted to understand the above statement better.
> On 2019-02-22 18:25, Dave Tonge via Openid-specs-fapi wrote:
> > Dear FAPI WG
> > I just received this and think it may be of interest to you:
> > Please find attached a letter and attachment from Commission Vice
> > President Dombrovskis.
> > He has made some discouraging comments about redirection to webpages
> > and apps:
> > “I WOULD LIKE TO ENCOURAGE INDUSTRY PLAYERS TO SHIFT THEIR ATTENTION
> > AWAY FROM AUTHENTICATION METHODS THAT ARE REDIRECTING TPP CUSTOMERS TO
> > THE BANKS' WEBPAGES (OR APPS). THIS CANNOT BE THE BASIS FOR
> > INNOVATIVE AND COMPETITIVE EUROPEAN PAYMENT SERVICES. Instead, the
> > focus should in my view be on the development of convenient and secure
> > new authentication methods. Such new forms of authentication, which
> > are now more and more widely used, can be linked to e-IDs, issued by
> > public authorities or private entities as in the Nordic countries,
> > that may be used by customers with numerous market participants…”
> > …“I also invite industry players to work together to find
> > practical solutions to other problems that payment initiation service
> > and/or account information service providers are facing. One of them
> > is the regular renewal, every 90 days, of consent for the TPPs’
> > access to accounts. This consent renewal requires STRONG CUSTOMER
> > AUTHENTICATION, WHICH WOULD BE A MAJOR INCONVENIENCE IF DONE FOR EACH
> > BANK USING CONVENTIONAL AUTHENTICATION METHODS AND POSSIBLY
> > REDIRECTION TO THE BANKS’ AUTHENTICATION PAGES.”
> > Dave
> > _______________________________________________
> > Openid-specs-fapi mailing list
> > Openid-specs-fapi at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi