<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div id="x_compose-container" itemscope="" itemtype="https://schema.org/EmailMessage" style="direction:ltr">
<span itemprop="creator" itemscope="" itemtype="https://schema.org/Organization"><span itemprop="name"></span></span>
<div>
<div>
<div style="direction:ltr">Hi Sarah,</div>
<div><br>
</div>
<div style="direction:ltr">This flow was also presented and discussed, nearly exactly as described in your sequence diagram last week at the Open Banking Workshop (deck is available). It’s a common pattern.</div>
<div><br>
</div>
<div style="direction:ltr">The model does not cater for output constrained devices ie a fuel station credit card reader.</div>
<div><br>
</div>
<div style="direction:ltr">OB is considering supporting both models.</div>
<div><br>
</div>
<div style="direction:ltr">Kind regards,</div>
<div><br>
</div>
<div style="direction:ltr">Ralph</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div><br>
</div>
<div class="x_acompli_signature"></div>
</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Openid-specs-fapi <openid-specs-fapi-bounces@lists.openid.net> on behalf of Sarah Squire via Openid-specs-fapi <openid-specs-fapi@lists.openid.net><br>
<b>Sent:</b> Tuesday, June 12, 2018 5:26:31 PM<br>
<b>To:</b> openid-specs-fapi@lists.openid.net<br>
<b>Cc:</b> Sarah Squire<br>
<b>Subject:</b> [Openid-specs-fapi] Issue #147: Anonymous Point of Sale Backchannel Authentication (openid/fapi)</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:11pt;">
<div class="PlainText">New issue 147: Anonymous Point of Sale Backchannel Authentication<br>
<a href="https://bitbucket.org/openid/fapi/issues/147/anonymous-point-of-sale-backchannel">https://bitbucket.org/openid/fapi/issues/147/anonymous-point-of-sale-backchannel</a><br>
<br>
Sarah Squire:<br>
<br>
My team has serious reservations with the fact that CIBA requires users to reveal an identifier to a relying party.<br>
<br>
We have a proposal for a new backchannel flow that would allow for one-time-use anonymous pairwise IDs. The use case we had in mind specifically is for point of sale terminals like department stores or gas stations, but it is broadly applicable to many financial
 and non-financial transactions.<br>
<br>
Take a look at our proposal:<br>
<a href="https://www.websequencediagrams.com/?lz=dGl0bGUgQW5vbnltb3VzIFBvaW50IG9mIFNhbGUgQmFja2NoYW5uZWwgQXV0aGVudGljYXRpb24KCkFsaWNlLT4AIw4oUlAgRnJvbnRlbmQpOiBpbml0aWF0ZXMgdHJhbnNhYwA2BQAYGy0-TWVyY2hhbnQARgVCYWNrAEQGc2VuZHMgYW1vdW50LCB0ZXJtaW5hbElECgAbFQB4HwBHBm5vbmNlAG8eAIFBHGdlbmVyAIFXBVFSIGNvZGUgCm5vdGUgbGVmAII8BQCBfB0AKwhjb250YWlucyBzb2Z0d2FyZSBzdGF0ZW1lbnQsAIEbBiwgYW5kAIIzDACBfgcAgngIQmFuayBBcHAgKE8Agm4Nb3BlbnMgcHJlZmVycmVkIGJhbmtpbmcgYXBwbACDPAgAJhYAgzUfU2NhbgCBawkAKhkAgH8YdmVyaWZpZXMgYQCEQQ4AKx1TZXJ2ZXIAgV0FAIQIClMAhA0FAIJ0CGluZm9ybQCFFgUAgiwFVXNlcklEAIFcBgAsEwCETxlDcnlwdG9ncmFwaGljIGNoYWxsZW5nZSwgb25lLXRpbWUgcGFpcndpc2UAXAcsIHNpZ25lZACESAcAhFs0VACDUgtSZWNlaXZlZACGBx4AhncFOiBEaXNwbGF5IHBlbmRpbmcAhBkNbWVzc2FnAHgZAII_GQCBahcgcmVzcG9uc2UsIGNsaWVudCBjcmVkZW50aWFscwCCAhxhY2Nlc3MgdG9rZW4gcmVxdWVzdACCfBsAhTgXUgAzBiBmb3IgY29ucwCGFgoAhSwZAIIdB1B1c2ggbm90aWYAiTMHIHdpdGgAgQIIAEMOAIhXCACIewluYW1lAIZJIFByb3ZpZGVzAIEQCACFGDNDAIFMBiBvYnRhaW5lZACBTg0AhRIsQQCCZwZUAIJoBWZvcgCFHRkAg2YxIEkAi0IJT0">https://www.websequencediagrams.com/?lz=dGl0bGUgQW5vbnltb3VzIFBvaW50IG9mIFNhbGUgQmFja2NoYW5uZWwgQXV0aGVudGljYXRpb24KCkFsaWNlLT4AIw4oUlAgRnJvbnRlbmQpOiBpbml0aWF0ZXMgdHJhbnNhYwA2BQAYGy0-TWVyY2hhbnQARgVCYWNrAEQGc2VuZHMgYW1vdW50LCB0ZXJtaW5hbElECgAbFQB4HwBHBm5vbmNlAG8eAIFBHGdlbmVyAIFXBVFSIGNvZGUgCm5vdGUgbGVmAII8BQCBfB0AKwhjb250YWlucyBzb2Z0d2FyZSBzdGF0ZW1lbnQsAIEbBiwgYW5kAIIzDACBfgcAgngIQmFuayBBcHAgKE8Agm4Nb3BlbnMgcHJlZmVycmVkIGJhbmtpbmcgYXBwbACDPAgAJhYAgzUfU2NhbgCBawkAKhkAgH8YdmVyaWZpZXMgYQCEQQ4AKx1TZXJ2ZXIAgV0FAIQIClMAhA0FAIJ0CGluZm9ybQCFFgUAgiwFVXNlcklEAIFcBgAsEwCETxlDcnlwdG9ncmFwaGljIGNoYWxsZW5nZSwgb25lLXRpbWUgcGFpcndpc2UAXAcsIHNpZ25lZACESAcAhFs0VACDUgtSZWNlaXZlZACGBx4AhncFOiBEaXNwbGF5IHBlbmRpbmcAhBkNbWVzc2FnAHgZAII_GQCBahcgcmVzcG9uc2UsIGNsaWVudCBjcmVkZW50aWFscwCCAhxhY2Nlc3MgdG9rZW4gcmVxdWVzdACCfBsAhTgXUgAzBiBmb3IgY29ucwCGFgoAhSwZAIIdB1B1c2ggbm90aWYAiTMHIHdpdGgAgQIIAEMOAIhXCACIewluYW1lAIZJIFByb3ZpZGVzAIEQCACFGDNDAIFMBiBvYnRhaW5lZACBTg0AhRIsQQCCZwZUAIJoBWZvcgCFHRkAg2YxIEkAi0IJT0</a><br>
 F1dGggcGF5bWVudACDKygAhy4VdmFsaWRhdGUAhBgGLCByZXNvbHZlcwCBHRoAgWAybGxvdwCBHBgAhm1AY29tcGxldACMJh8AhyYHACQVCgoKCgo&s=magazine<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
Openid-specs-fapi@lists.openid.net<br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</div>
</span></font>
</body>
</html>