[Openid-specs-fapi] The FAPI Security Model - Under Fire

n-sakimura n-sakimura at nri.co.jp
Sun Feb 25 02:44:04 UTC 2018


Could you guys please elaborate a little more?

Nat Sakimura
このメールには、本来の宛先の方のみに限定された機密情報が含まれている場合がございます。お心あたりのない場合は、送信者にご連絡のうえ、このメールを削除してくださいますようお願い申し上げます。

PLEASE READ:This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail.

________________________________
From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Tom Jones via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Sunday, February 25, 2018 4:24:06 AM
To: Financial API Working Group List
Cc: Tom Jones
Subject: Re: [Openid-specs-fapi] The FAPI Security Model - Under Fire

yeah, that fits the UK business model.
It wont fly in the US however.

Peace ..tom

On Thu, Feb 22, 2018 at 11:53 PM, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>> wrote:
Hi FAPIers,

As a curious person I have always wondered how Open Banking/PISP/SCA would combine with Amazon's famous one-click checkout.

Various LinkedIn and Slack conversations have revealed the (ugly?) truth.

The intention (at least in the UK), is giving OAuth tokens "eternal life" and rather letting PISPs (Amazon is expected to be a one), deal with payer authorization.  This faithfully emulates the "card-on-file" system that powers most US based super providers.

Cheers,
Anders
_______________________________________________
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net<mailto:Openid-specs-fapi at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-fapi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180225/244c46a3/attachment.html>


More information about the Openid-specs-fapi mailing list