- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 30 Jul 2020 06:45:59 +0200
- To: Web Payments Working Group <public-payments-wg@w3.org>
Although not yet adopted, the Berlin Group's NextGenPSD2 API folks are currently toying with a new way performing payments. I found the description kind of fuzzy so I distilled it into a single page: https://cyberphone.github.io/doc/payments/emv-sepa-embedded-sca.pdf The most striking element is that this scheme doesn't build on OAuth. IMO, this is quite logical since OAuth was orginally designed for three parties (TTP, User, and SP/AS), while payments introduces a fourth party, the (secuity-wise) semi-trusted Merchant. Anders
Received on Thursday, 30 July 2020 04:46:17 UTC