[Openid-specs-fapi] The NextGenPSD2 Hotel Reservation Scheme

[Anders Rundgren]

The NextGenPSD2 folks recently did a presentation at a W3C (virtual) conference.

This slide particularly caught my interest:
https://www.w3.org/2020/Talks/berlin-20200402.pdf#page=9

Although not accompanied by any text, it seems that the reservation is made through the Merchant's(Hotel's) Bank.

I don't think this is how card schemes deal with this scenario but I could be wrong.

The Saturn/OpenBankingWallet makes reservations an entirely local affair between the User, User's Bank and Merchant where the result is:
- Reservation/Blocking of money in the User's Bank
- A "receipt" signed by the User's Bank given to the Merchant who can verify that it is signed by a Bank (through PKI) belonging to the associated payment network.

The "receipt" is counter-signed by the Merchant when the payment is to be resolved.  As far as I can tell the User is seldom or never involved in this part.  "Express checkout" reigns.

Anyway, I don't see a need to involve the Merchant's Bank although the Merchant may of course check if the payment has arrived.

This (again) shows that security models may have way more impact on system architecture and flows than most people are aware of.

I guess FAPI/OBIE will follow the (quite difficult) path of NextGenPSD2?

Thanx,
Anders