Embedded SCA Support

[cyberphone]

11d. Berlin Group openFinance API Framework - Core-PSD2 Compliance V2 Suite - Consent API 20231005.pdf
"NOTE: The embedded SCA Approach where all PSU credentials are transported via the API is very specific."

Indeed. Making "very specific" stuff a part of a general purpose API was a HUGE mistake.

Although I would love to use Adorsys' xs2a software for embedded SCA, Berlin Group's take on the matter makes it easier to start from scratch. Here is the overarching plan.: https://cyberphone.github.io/doc/research/revised-open-banking-architecture.pdf

It is obviously missing one thing: there must be a way for application services to reuse the bank's login in order to permit self-initiation of payment credentials. I don't think PIISP is this.

[cyberphone]

11c. Berlin Group openFinance API Framework - Core-PSD2 Compliance V2 Suite - Protocol Functions and Security Measures 20231005.pdf

"7.1.4 Signing the body using EMV_AC
Not supported for the current version of the openFinance Framework. Support will be added as part of future versions."

This obviously does not belong in a framework. That EMV support was proposed early 2020 but never happened verifies the huge drawbacks with moving "applications" down into the "kernel".