[Openid-specs-fapi] Lodging Intent & Request Object
anders.rundgren.net at gmail.com
Thu May 23 05:30:36 UTC 2019
On 2019-04-20 20:20, Torsten Lodderstedt via Openid-specs-fapi wrote:
> Hi all,
> as announced I just published my thoughts on the different ways to cope with transaction authorization.
> Please find the article here: https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948
> I look forward to getting your feedback.
I'm definitely *not* an authority on OAuth2, but this guy is:
It was somewhat funny to see that he had already identified the "Hammer" syndrome which I mentioned on the list a while ago.
I remain faithful to my claim that "Consumer Payments" and "Financial Services" have little in common and would gain by being run as *separate tracks*. For "Consumer Payments" an entirely different architecture building on extending the payment card concept seems plausible. In fact, I believe it is more or less a de-facto standard for mobile payment systems but I can't prove that since everything out there is secret and NDA-protected.
How well your proposal fits "Financial Services" is beyond my knowledge since I have no relevant experience in that area.
> kind regards,
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
More information about the Openid-specs-fapi