Re: Verified Credentials, Wallets and Open Banking from Adrian Gropper on 2024-01-04 (public-credentials@w3.org from January 2024)

From: Adrian Gropper <agropper@healthurl.com>
Date: Thu, 4 Jan 2024 08:30:40 -0500
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Alan Karp <alanhkarp@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8hqRSbeLN5K8S-eVVwGea+EWDJ96hZotPj6JMKVys9Qrg@mail.gmail.com>

Hi Anders,

I appreciate the clarity of your description but please forgive any
misunderstanding due to my limited understanding of the payments field.

My issue is that a Core API that presumes certified mediators (in your
design as well as PSD2) disenfranchises the customer who should be free to
make their requests (and present their credentials) directly to the bank as
service provider. To empower the customer in this way, the bank’s API
should accept some combination of capability tokens and authorization
server choice by the customer.

From this “freedom of association” perspective, Open Banking’s use of
certified mediators is a problem but the impact of that problem is limited
to the narrow domain of payments which are both fungible and relatively
easy to regulate. Extending this certified mediator design to broad
applications such as wallets is not going to serve SSI principles.

Adrian

On Thu, Jan 4, 2024 at 2:49 AM Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> In Europe there is a strong belief that Verified Credentials and Wallets
> will revolutionize payments.
>
> An apparent "fly in the soup" is the huge cost for implementing new
> payment authorization systems in banks.  In theory, Open Banking APIs
> should be an easy path. However, the European Open Banking APIs are built
> on a monolithic, one-dimensional concept which have proved to be
> incompatible with wallets.
>
> I have since years back advocated for a layered API concept which mimics
> how operating systems work.  That is, when you login to a computer, your
> credentials are verified by a trusted application which belong to a layer
> above kernel functions.
>
> If this concept is applied to Open Banking, you will probably end-up with
> something like the following:
>
> https://cyberphone.github.io/doc/research/revised-open-banking-architecture.pdf
>
> If will try to implement a public PoC to permit reviews and testing.  This
> may very well be the best shot Open Wallet Foundation (OWF) can get at
> payments.  I wouldn't mind getting some help.
>
> Regards,
> Anders Rundgren
>
>

Received on Thursday, 4 January 2024 13:30:58 UTC