[Openid-specs-fapi] Lodging Intent & Request Object

Anders Rundgren anders.rundgren.net at gmail.com
Thu May 23 05:30:36 UTC 2019


On 2019-04-20 20:20, Torsten Lodderstedt via Openid-specs-fapi wrote:
> Hi all,
> 
> as announced I just published my thoughts on the different ways to cope with transaction authorization.
> 
> Please find the article here: https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948
> 
> I look forward to getting your feedback.

Hi Torsten,

I'm definitely *not* an authority on OAuth2, but this guy is:
https://auth0.com/blog/on-the-nature-of-oauth2-scopes/

It was somewhat funny to see that he had already identified the "Hammer" syndrome which I mentioned on the list a while ago.

I remain faithful to my claim that "Consumer Payments" and "Financial Services" have little in common and would gain by being run as *separate tracks*. For "Consumer Payments" an entirely different architecture building on extending the payment card concept seems plausible. In fact, I believe it is more or less a de-facto standard for mobile payment systems but I can't prove that since everything out there is secret and NDA-protected.

How well your proposal fits "Financial Services" is beyond my knowledge since I have no relevant experience in that area.

> kind regards,
U2
Anders

> Torsten.
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> 



More information about the Openid-specs-fapi mailing list