[Openid-specs-fapi] Strong MERCHANT Authentication

Anders Rundgren anders.rundgren.net at gmail.com
Tue Apr 7 16:49:06 UTC 2020

The blockchain folks often talk about "smart contracts" which are supposed to revolutionize payments as well as other things.

Personally, I'm into "moderately smart contracts" that are targeted at a more conventional payment market:

I believe it is (about) time to do something creative with Merchants and their role in the payment landscape.   Strong Merchant Authorization may not be revolutionary but removing intermediaries do not seem to be generally worked on.  It's actually quite simple and scales as well as existing systems (although the slide doesn't show how).

Since payment authorizations are discrete transactional events rather than sessions, this scheme does not use MTLS.  Merchant signature keys are just key-pairs which get their authority from secure lookup services.


More information about the Openid-specs-fapi mailing list