[Openid-specs-fapi] W3C PaymentHandler - Impact on Open Banking
anders.rundgren.net at gmail.com
Mon Jun 17 04:26:15 UTC 2019
On 2019-06-17 02:10, nat at sakimura.org wrote:
> Hi Anders,
> Which solution are you referring to?
It is a way to store JS based bank-specific code in the browser that is exclusively invokable by the W3C PaymentRequest API.
It is a very powerful concept but it also have snags like:
- Due to the browser domain-security model you effectively have to surf to the bank first to get the code. Google have come up with a JIT scheme which limits this problem though.
- The integration with WebAuth is not comparable with native solutions.
- It doesn't define a wallet.
Although not directly related to PaymentHandler, the payer-bank-to-merchant security solutions are still undefined.
> > The "where-are-you-from" problem which also affects "PayWithYourBank" schemes has finally gotten a solution in the release version of Chrome.
> Nat Sakimura
> Chairman, OpenID Foundation
> 2019年5月24日 14:52 +0900、Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>のメール:
>> s/do longer/no longer/
>> On 2019-05-24 07:31, Anders Rundgren wrote:
>>> The "where-are-you-from" problem which also affects "PayWithYourBank" schemes has finally gotten a solution in the release version of Chrome.
>>> That is, on-line Merchants do longer need to figure out:
>>> - Which bank you want to use
>>> - Which payment networks/methods you have
>>> The Browser does that (under Your supervision).
>>> Will this then become the norm? Although PaymentHandler is cool, 360° native wallets have more power and better security.
>>> The W3C do not realize that neither the industry nor the customers care that much about the "true Web". What though nobody wants are tons of "competing" apps but that's a Darwinian issue rather than a technical one.
>>> With respect to Open Banking this looks like yet another blow at the PISP concept although not of the same magnitude as:
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
More information about the Openid-specs-fapi