[Openid-specs-fapi] i wish to resign from FAPI
thomasclinganjones at gmail.com
Wed Aug 15 15:55:13 UTC 2018
Please remove my name from the mailing list and from all future
documentation produced by the wg.
If you care to know why; i thought i would list my reasons (these just
relate to the FAPI part):
1. FAPI is being used by the UK OB & PSD2 folk as proof of security
compliance but that only applies to the connection between the ASPSP and
TPP, the user is not involved.
2. Since this is the Open ID foundation, i believe it is not part of our
work to consider any standard where the user is not identified.
3. We have no input on user consent to the process.
I also have concerns about the damage that will be reflected on the OpenID
foundation by association with a group that appears to have no interests in
the user or the financial and time loss to the user that will (IMHO) result
from user unhappiness with the way that their private data and actual
assets are put on display without their explicit consent. It seems that the
ASPSP has no choice but to accept a payment request initiated by any entity
approved by any member state including Malta (with known tolerance for
Russian oligarchs) or the channel islands which have been used by UK banks
to avoid money laundering regulations. I do understand that they can refuse
the request, but that action can be challenged by any TPP, which is certain
to wear down their fiduciary duty to their users. The OP in the cases i
have seen is not defined, so the threats cannot be fully known.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi