[Openid-specs-fapi] Issue #295: Possible support for "embedded" SCA mode (openid/fapi)

Joseph Heenan joseph at authlete.com
Thu Jun 4 09:01:07 UTC 2020


Hi Anders,

> On 4 Jun 2020, at 09:41, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
> 
> On 2020-06-04 10:18, Ralph Bragg via Openid-specs-fapi wrote:
> 
>> Signing and encrypting the login token hint would protect this in transit and ensure a way that only a valid tpp could present it and that it could be decrypted by the target aspsp.
> 
> Supporting EMV which is one of the goals for NextGenPSD2 there is no login token hint.  In fact, there's no login at all, it is rather pre-authorized payment-requests.

Can you describe with a few lines of text (without referring to Saturn :-) ) how a protocol could address the EMV use case within FAPI or one of the other mechanisms we’re discussing please?

( https://cyberphone.github.io/doc/payments/open-banking-direct-mode.pdf <https://cyberphone.github.io/doc/payments/open-banking-direct-mode.pdf> seems mostly to be rehashing OpenID’s “sub” and OAuth2’s refresh token, and I can’t see where the result differs from using those two?)

Thanks

Joseph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200604/bf9099e8/attachment-0001.html>


More information about the Openid-specs-fapi mailing list