[Openid-specs-fapi] openid/OpenID4VP/issues/180
Anders Rundgren
anders.rundgren.net at gmail.com
Sat May 25 09:33:28 UTC 2024
Since Financial APIs also involve payments, the following GitHub issue may be of interest:
https://github.com/openid/OpenID4VP/issues/180
That is, I maintain the position that OAuth may not be a perfect fit for every kind of authorization task. For C2B payments this is (IMHO) kind of obvious since the Payee/Merchant represents an entity which is outside of the OAuth core. Although "shoehorning" (my wording...) wallet-based payments into OAuth may be just fine, this is pretty hard to digest only based on the large set of fairy complex specifications, all having gazillions of options. I believe a sequence diagram is necessary for fruitful discussions [*].
I would also encourage you to look into the Person-to-Payment (P2P) scenario. In my take on the matter there is no PISP, just a payee lookup feature + wire-transaction.
It is a pity that the European Payments Initiative (EPI) is shrouded in secrecy. Given the fact that EPI was founded by card specialists, an educated guess is that their solutions are pretty close to what is illustrated in the GitHub issue, aka "EMV on steroids".
Cheers,
Anders
*] Apparently the only public wallet/OAuth document I have found to date (https://github.com/digitallabor-berlin/eudiw-sca/blob/main/openbanking-r2s.md), has already been [rightfully] dismissed, so the topic is obviously in flux.
More information about the Openid-specs-fapi
mailing list