[Openid-specs-fapi] The FAPI Security Model - Under Fire
Anders Rundgren
anders.rundgren.net at gmail.com
Fri Feb 23 07:53:52 UTC 2018
Hi FAPIers,
As a curious person I have always wondered how Open Banking/PISP/SCA would combine with Amazon's famous one-click checkout.
Various LinkedIn and Slack conversations have revealed the (ugly?) truth.
The intention (at least in the UK), is giving OAuth tokens "eternal life" and rather letting PISPs (Amazon is expected to be a one), deal with payer authorization. This faithfully emulates the "card-on-file" system that powers most US based super providers.
Cheers,
Anders
More information about the Openid-specs-fapi
mailing list