<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thanks for sharing Ralph - its an interesting document.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style=""><font face="trebuchet ms, sans-serif">We had a discussion </font>with Francis Pouatcha who brought the issue up again - as a way of helping harmoisation efforts with the Berlin Group and banks that have implemented their standards.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 4 Jun 2020 at 14:04, Ralph Bragg via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
Opinion piece from the EBA on the validity of redirect and decoupled flows; I haven't digested the whole lot completely but it's broadly supportive of redirect and decoupled provided it's done well.<br>
<br>
Dave T - I'm curious about the embedded mode requirement and where this has come from?<br>
<br>
<a href="https://eba.europa.eu/eba-publishes-opinion-obstacles-provision-third-party-provider-services-under-payment-services" rel="noreferrer" target="_blank">https://eba.europa.eu/eba-publishes-opinion-obstacles-provision-third-party-provider-services-under-payment-services</a><br>
<br>
Cheers,<br>
Ralph<br>
<br>
On 04/06/2020, 11:02, "Openid-specs-fapi on behalf of Joseph Heenan via Openid-specs-fapi" <<a href="mailto:openid-specs-fapi-bounces@lists.openid.net" target="_blank">openid-specs-fapi-bounces@lists.openid.net</a> on behalf of <a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>> wrote:<br>
<br>
<br>
<br>
> On 4 Jun 2020, at 10:21, Anders Rundgren <<a href="mailto:anders.rundgren.net@gmail.com" target="_blank">anders.rundgren.net@gmail.com</a>> wrote:<br>
> <br>
> On 2020-06-04 11:01, Joseph Heenan wrote:<br>
>> Hi Anders,<br>
>> Can you describe with a few lines of text (without referring to Saturn :-) ) how a protocol could address the EMV use case within FAPI or one of the other mechanisms we’re discussing please?<br>
>> ( <a href="https://cyberphone.github.io/doc/payments/open-banking-direct-mode.pdf" rel="noreferrer" target="_blank">https://cyberphone.github.io/doc/payments/open-banking-direct-mode.pdf</a> seems mostly to be rehashing OpenID’s “sub” and OAuth2’s refresh token, and I can’t see where the result differs from using those two?)<br>
> <br>
> The document you are referring to is the best description I have so I can only repeat myself :)<br>
> <br>
> The technical core of the idea is keeping payment applications like EMV, Saturn, FIDO, etc out of the Open Banking API.<br>
> The commercial aspect is that such applications would preferably be provided by the respective system owner.<br>
> The applications (services rather) may or may not be PSD2 compatible.<br>
> The scheme builds on using OAuth2 as binding system between these services (additional APIs) and the core API, where the former thus works like TPPs.<br>
> The only really new thing is that the applications are running with higher privileges than existing applications since they are supposed to do SCA on their own.<br>
> <br>
> Making Open Banking APIs [technically] usable for any consumer payment may not be such a bad idea.<br>
<br>
So if I understand correctly, the problem is with the limitations surrounding PSD2 functional APIs?<br>
<br>
The various mechanisms FAPI supports, including CIBA and the embedded proposal under discussion, are all suitable for the initial user onboarding/binding of the user and (by using refresh tokens) for creating persistent sessions from the TPP to the bank for that user, and that no changes are necessary to the “security” protocols to enable the EMV use case supporting functional APIs you’re describing?<br>
<br>
Thanks<br>
<br>
Joseph<br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:1em;font-weight:bold;line-height:1.4"><div style="color:rgb(97,97,97);font-family:"Open Sans";font-size:14px;font-weight:normal;line-height:21px"><div style="font-family:Arial,Helvetica,sans-serif;font-size:0.925em;line-height:1.4;color:rgb(220,41,30);font-weight:bold"><div style="font-size:14px;font-weight:normal;color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;line-height:normal"><div style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4"><div style="font-weight:400;color:rgb(51,51,51);line-height:normal"><div style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4">Dave Tonge</div><div style="font-size:0.8125em;line-height:1.4">CTO</div><div style="font-size:0.8125em;line-height:1.4;margin:0px"><a href="http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A" style="color:rgb(131,94,165)" target="_blank"><img alt="Moneyhub Enterprise" height="50" src="http://content.moneyhub.co.uk/images/teal_Moneyhub-Ent_logo_200x50.png" title="Moneyhub Enterprise" width="200" style="border: none; padding: 0px; border-radius: 2px; margin: 7px;"></a></div><div style="padding:8px 0px"><div style="padding:8px 0px"><div style="letter-spacing:normal;line-height:normal"><div style="padding:8px 0px"><span style="color:rgb(0,164,183);font-size:11px">Moneyhub Financial Technology, 5th Floor, 10 Temple Back, Bristol, BS1 6FL</span></div><span style="font-size:11px;line-height:15.925px;color:rgb(0,164,183);font-weight:bold">t: </span><span style="font-size:11px;line-height:15.925px">+44 (0)117 280 5120</span><br style="color:rgb(0,164,183);font-size:11px;line-height:15.925px"></div><div style="letter-spacing:normal;line-height:normal"><span style="font-size:11px;line-height:15.925px"><br></span></div><div style="color:rgb(97,97,97);font-family:"Open Sans";letter-spacing:normal"><div style="line-height:1.4"><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;font-size:0.75em">Moneyhub Enterprise is a trading style of Moneyhub Financial Technology Limited which is authorised and regulated by the Financial Conduct Authority ("FCA"). Moneyhub Financial Technology is entered on the Financial Services Register </span><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;font-size:0.75em;background-color:transparent">(FRN </span><span style="color:rgb(0,164,183);font-family:lato,"open sans",arial,sans-serif;font-size:10.5px;font-weight:700">809360</span><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;background-color:transparent;font-size:0.75em">) at <a href="http://fca.org.uk/register" target="_blank">fca.org.uk/register</a>. M</span><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;background-color:transparent;font-size:10.5px">oneyhub</span><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;background-color:transparent;font-size:0.75em"> Financial Technology is registered in England & Wales, company registration number </span><span style="color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;background-color:transparent;font-size:0.75em"> </span><span style="font-weight:bold;color:rgb(0,164,183);font-family:lato,"open sans",arial,sans-serif;background-color:transparent;font-size:0.75em">06909772</span><span style="background-color:transparent"><font color="#333333" face="lato, open sans, arial, sans-serif"><span style="font-size:0.75em"> .</span></font></span></div><div style="font-family:lato,"open sans",arial,sans-serif;color:rgb(51,51,51);line-height:1.4"><span style="background-color:transparent;font-size:10.5px">Moneyhub</span><span style="background-color:transparent;font-size:0.75em"> Financial Technology Limited 2018 </span><span style="background-color:transparent;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:x-small">©</span></div><div style="font-family:lato,"open sans",arial,sans-serif;color:rgb(51,51,51);line-height:1.4"><span style="background-color:transparent;font-size:0.75em"><br></span></div><div style="font-family:lato,"open sans",arial,sans-serif;color:rgb(51,51,51);line-height:1.4"><span style="background-color:transparent;font-size:0.75em;color:rgb(136,136,136)">DISCLAIMER: This email (including any attachments) is subject to copyright, and the information in it is confidential. Use of this email or of any information in it other than by the addressee is unauthorised and unlawful. Whilst reasonable efforts are made to ensure that any attachments are virus-free, it is the recipient's sole responsibility to scan all attachments for viruses. All calls and emails to and from this company may be monitored and recorded for legitimate purposes relating to this company's business. Any opinions expressed in this email (or in any attachments) are those of the author and do not necessarily represent the opinions of Moneyhub Financial Technology Limited or of any other group company.</span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>