Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interfacing EUDIW (and more) to Banks #429

Open
cyberphone opened this issue Feb 14, 2025 · 1 comment
Open

Interfacing EUDIW (and more) to Banks #429

cyberphone opened this issue Feb 14, 2025 · 1 comment
Milestone
1.1

Comments

@cyberphone
Copy link

cyberphone commented Feb 14, 2025
edited
Loading

As you probably know, Open Banking standards define a set of fixed APIs including security solutions. This is a prerequisite for fast and secure rollout of new functionality,

However, most OAuth2 based APIs only standardize the communication between the OAuth2 client and the bank (ASPSP), leaving the user authentication part to proprietary solutions, typically building on the specific bank's mobile banking application.

With the EUDIW and similar bank-neutral wallets, user authentication needs a common API as well. Unsurprisingly, wallets building on OpenID4VP (and other foundations as well) are currently all over the map: some are simply replacing the proprietary authentication solutions, while some of the payment-oriented efforts have turned to approaches similar to EMV. To cope with this situation, the EU-funded Large Scale Pilots (LSPs), are currently busy designing vendor-specific "Integration Services". Although working, the scalability of such solutions is quite limited which in the end severely hampers rollout.

This issue currently lacks an "Owner". OIDF seems like a suitable candidate. FWIW, I have proposed an application- and vendor-neutral concept, but have to date received no feedback. Maybe there are other proposals in the workings?

Below is a visual description of the problem 😆

Image
@cyberphone
Copy link
Author

cyberphone commented Feb 15, 2025
edited
Loading

The picture below shows an example of the mentioned "Integration Services". My guess is that a disproportionate amount of time is spent on tools like this as well as on the not so simple (and unique) part needed in banks, leaving much less resources to the EUDIW than the EU (presumably) anticipated.

Note, this must not be taken as criticism of Lissi Gmbh, because everybody who have any interests in this topic have the same problem. I wouldn't be surprised if there are more than 10 [competing] connectors in the workings for the EU project alone! Given banks' risk-aversiveness to new and untested products, the most likely outcome of the Large Scale Pilots (with respect to banks), is a fairly modest set of semi-public pilots.

Image

In "theory" an OpenID4VP interface should suffice. However, this presumes major upgrades of internal bank infrastructure including databases which is why some kind of "connector" will be required anyway. The crux is rather how to accomplish this in a secure and scalable fashion.

@Sakurann Sakurann added this to the 1.1 milestone Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
2 participants
@cyberphone @Sakurann