[Openid-specs-fapi] Industry Std: EMV+SEPA Inst+Open Banking
Joseph Heenan
joseph at authlete.com
Wed Apr 22 10:43:00 UTC 2020
Hi Anders,
It actually looks to be exactly what we’ve explained to you a few times - it’s identical to the VRP (variable repeat payment) model, i.e. using OAuth2 for “enrolment”, and [as PSD2 law stands today] it requires a contractual arrangement with the bank.
The new part introduced ('identity_token’) is unclear, and probably could do with a different name to avoid any confusion with OIDC’s id_token.
Joseph
> On 22 Apr 2020, at 07:06, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
>
> Dear list;
>
> I have off-list received a presentation of a proposed multi-party effort to make SEPA instant payments usable at the PoS and on-line, based on the existing EMV standard and an enhanced Open Banking API. From what I can deduct, this proposal is not building on the OAuth2 security model. In fact, it is almost a carbon copy of what I have been pestering you about for a while. Some ideas seem to hit many brains at approximately the same time :)
>
> However, creating a specific EMV/SEPA solution for Open Banking is probably not necessary; a dual-mode Open Banking API should suffice (I obviously need to verify this...).
>
> The alternative to Open Banking is entirely new plumbing which seems like a waste since a dual mode should affect less than 5% of the code base of a well-designed Open Banking implementation. In the end it is of course a question for the banks.
>
> thanx,
> Anders
> https://github.com/cyberphone/openbankingwallet/blob/gh-pages/adapting-open-banking-apis.md
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
More information about the Openid-specs-fapi
mailing list