Re: [webauthn] Transaction Authorization provides a simple and effective method to implement the PSD2 Dynamic Linking requirement. (#1396) from Anders Rundgren via GitHub on 2020-05-11 (public-webauthn@w3.org from May 2020)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Mon, 11 May 2020 08:47:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-626563712-1589186852-sysbot+gh@w3.org>

There are drawbacks using a flow where you take the payment request directly to the Bank for attestation because then the Merchant must:
- Provide its receive account in the request
- Be able to trust arbitrary Bank signatures

https://cyberphone.github.io/doc/saturn/saturn-v3-presentation.pdf#page=2 shows an entirely different solution which (modulo encryption) is pretty much how EMV transactions are architected.

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-626563712 using your GitHub account

Received on Monday, 11 May 2020 08:47:35 UTC