[Openid-specs-fapi] BG/Embedded SCA - Clinically free from OAuth

Anders Rundgren anders.rundgren.net at gmail.com
Tue Jul 28 05:27:12 UTC 2020

On 2020-07-26 17:52, Torsten Lodderstedt wrote:

>> Eh...PISPs are not intermediaries?
> Not if the party wanting to issue a payment IS the PISP. Technically, that would be trivial. It’s the heavy weight regulation (and the costs associated with it) preventing this scenarios. And the heavy weight regulation is partially needed because of the option to let the PISP handle the PSU’s credentials. Without that option, the rules to comply with would be more or less GDPR.

"Technically, that would be trivial": You mean that Banks should setup a common PKI and that each Merchant would be equipped with a TPP certificate issued by their Bank?


More information about the Openid-specs-fapi mailing list