[Openid-specs-fapi] Industry Std: EMV+SEPA Inst+Open Banking

Joseph Heenan joseph at authlete.com
Wed Apr 22 10:43:00 UTC 2020

Hi Anders,

It actually looks to be exactly what we’ve explained to you a few times - it’s identical to the VRP (variable repeat payment) model, i.e. using OAuth2 for “enrolment”, and [as PSD2 law stands today] it requires a contractual arrangement with the bank.

The new part introduced ('identity_token’) is unclear, and probably could do with a different name to avoid any confusion with OIDC’s id_token.


> On 22 Apr 2020, at 07:06, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> Dear list;
> I have off-list received a presentation of a proposed multi-party effort to make SEPA instant payments usable at the PoS and on-line, based on the existing EMV standard and an enhanced Open Banking API.  From what I can deduct, this proposal is not building on the OAuth2 security model.  In fact, it is almost a carbon copy of what I have been pestering you about for a while. Some ideas seem to hit many brains at approximately the same time :)
> However, creating a specific EMV/SEPA solution for Open Banking is probably not necessary; a dual-mode Open Banking API should suffice (I obviously need to verify this...).
> The alternative to Open Banking is entirely new plumbing which seems like a waste since a dual mode should affect less than 5% of the code base of a well-designed Open Banking implementation.  In the end it is of course a question for the banks.
> thanx,
> Anders
> https://github.com/cyberphone/openbankingwallet/blob/gh-pages/adapting-open-banking-apis.md
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

More information about the Openid-specs-fapi mailing list