You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As you probably know, Open Banking standards define a set of fixed APIs including security solutions. This is a prerequisite for fast and secure rollout of new functionality,
However, most OAuth2 based APIs only standardize the communication between the OAuth2 client and the bank (ASPSP), leaving the user authentication part to proprietary solutions, typically building on the specific bank's mobile banking application.
With the EUDIW and similar bank-neutral wallets, user authentication needs a common API as well. Unsurprisingly, wallets building on OpenID4VP (and other foundations as well) are currently all over the map: some are simply replacing the proprietary authentication solutions, while some of the payment-oriented efforts have turned to approaches similar to EMV. To cope with this situation, the EU-funded Large Scale Pilots (LSPs), are currently busy designing vendor-specific "Integration Services". Although working, the scalability of such solutions is quite limited which in the end severely hampers rollout.
This issue currently lacks an "Owner". OIDF seems like a suitable candidate. FWIW, I have proposed an application- and vendor-neutral concept, but have to date received no feedback. Maybe there are other proposals in the workings?
Below is a visual description of the problem 😆
The text was updated successfully, but these errors were encountered:
As you probably know, Open Banking standards define a set of fixed APIs including security solutions. This is a prerequisite for fast and secure rollout of new functionality,
However, most OAuth2 based APIs only standardize the communication between the OAuth2 client and the bank (ASPSP), leaving the user authentication part to proprietary solutions, typically building on the specific bank's mobile banking application.
With the EUDIW and similar bank-neutral wallets, user authentication needs a common API as well. Unsurprisingly, wallets building on OpenID4VP (and other foundations as well) are currently all over the map: some are simply replacing the proprietary authentication solutions, while some of the payment-oriented efforts have turned to approaches similar to EMV. To cope with this situation, the EU-funded Large Scale Pilots (LSPs), are currently busy designing vendor-specific "Integration Services". Although working, the scalability of such solutions is quite limited which in the end severely hampers rollout.
This issue currently lacks an "Owner". OIDF seems like a suitable candidate. FWIW, I have proposed an application- and vendor-neutral concept, but have to date received no feedback. Maybe there are other proposals in the workings?
Below is a visual description of the problem 😆
The text was updated successfully, but these errors were encountered: