Payment UX Issues #313
Comments
|
Can you please elaborate on |
|
Well, the depicted system builds on a combination of OAuth/OIDC and OpenID4VP. There are IMO a few problems with this:
In addition, the fact that the DigitalLabor and the EWC solutions have almost nothing in common, has recently caught the attention of the European Commission. There are other things worth mentioning, but they are probably more suited for the Ad-Hoc finance/payments Task Force the European Commission is about to launch. Related link: |
|
Continuing. Since payments do neither map directly to the classical three-party OAuth2 schema, nor to the ARF, a credible payment activity should begin by identifying the actors and their respective roles. The most striking difference compared to "credential presentation" is that Merchants are not relying parties; they only need a "proof of payment", which only the payment network can provide. This notion also introduces privacy concerns. The DigitalLabor solution does not take privacy in consideration. Although the EWC solution (through a 3D Secure-like flow), honors privacy, it comes at the expense of a pretty awkward UI, as well as considerable functional limitations. Apple Pay does not suffer from any of these issues. |
|
that explanation is still not actionable for a technical standard. should issuer metadata be changed in VCI? sd-jwt vc type metadata? etc. |
|
As long we haven't defined what "we" want in terms of functionality, it seems futile trying to come up with actionable items related to technical standards. This is what I hope the EC Ad-Hoc Task Force will address. That the banks already have a working solution makes this an "existential" issue as well. The lack of interest from Open Banking Ltd. and the Berlin Group indicates that dropping this part of the EUIDW project is a viable idea. |
So can we close this for now and wait to see what the task force comes back with? Without that information I (like Kristina) struggle to see what we can do. We need a concrete thing that people want to do with OID4VP and that they need changes to OID4VP to achieve. |
|
Before closing this issue, it would of course be a bit useful to know your preferences regarding high-level goals for the EUIDW payment solution. |
|
I don't think expressing opinions on high level goals for the EUDIW payment solution is in the DCP WG's scope, though I think you're asking for my personal opinions - my personal opinion is that I don't have a good enough understanding of the law around EUDIW payments to be able to express an opinion on the actual technical solutions that are trying to implement that law. |
|
Given that the two only known implementations are completely different, I do the conclusion that nobody knows how to interpret the EUIDW legal framework in a payment setting. However, the "intent" must of course be adhered to. If we take SCA as an example, Apple Pay surely meets the SCA requirement, although their way of accomplishing this goal is through a different method than used by Open Banking à la UK. Personally, I would be much more worried that a failed, underperforming, or market-wise redundant payment solution could cast a shadow over the entire project, including the Open ID foundation. That the DigitalLabor request is magnitudes more complex than Apple Pay indicates that we already are on a dangerous path. |
The following image is a commented extract from a recent document by the EU Digital Identity Wallet Consortium (EWC). Compared to Apple Pay it appears to be rather awkward to use. Since most of the UX issues are rooted in OpenID4VP, it might be a good idea creating a dedicated payments WG or at least a Special Interest Group: #188.
The text was updated successfully, but these errors were encountered: