[Openid-specs-fapi] Industry Std: EMV+SEPA Inst+Open Banking
joseph at authlete.com
Wed Apr 22 10:43:00 UTC 2020
It actually looks to be exactly what we’ve explained to you a few times - it’s identical to the VRP (variable repeat payment) model, i.e. using OAuth2 for “enrolment”, and [as PSD2 law stands today] it requires a contractual arrangement with the bank.
The new part introduced ('identity_token’) is unclear, and probably could do with a different name to avoid any confusion with OIDC’s id_token.
> On 22 Apr 2020, at 07:06, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> Dear list;
> I have off-list received a presentation of a proposed multi-party effort to make SEPA instant payments usable at the PoS and on-line, based on the existing EMV standard and an enhanced Open Banking API. From what I can deduct, this proposal is not building on the OAuth2 security model. In fact, it is almost a carbon copy of what I have been pestering you about for a while. Some ideas seem to hit many brains at approximately the same time :)
> However, creating a specific EMV/SEPA solution for Open Banking is probably not necessary; a dual-mode Open Banking API should suffice (I obviously need to verify this...).
> The alternative to Open Banking is entirely new plumbing which seems like a waste since a dual mode should affect less than 5% of the code base of a well-designed Open Banking implementation. In the end it is of course a question for the banks.
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
More information about the Openid-specs-fapi