Open Identity protocols and banking
Session Topic: Pros and Cons OAuth and Online Banking (T5H)
Convener: Cordny Nederkoorn
Notes-taker(s): Cordny Nederkoorn
Tags for the session - technology discussed/ideas considered:
OAuth, Open Identity protocol, online banking security
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
A session for discussion Pros and Cons Use OAuth in online banking
Pros OAuth use in online banking
Secure provisioning Api’s used everywhere
Scoped Access
Reduce friction customer registration -> bank as IdP
Online banking : SAML assertion can insert OAuth access token, resulting in less user interfaces
Cons use in online banking
Compromised tokens by unauthorized use OAuth access tokens
Issues usability for end-users
Cutting edge means you do not know what we do not know
Limited vendors
Limited OAuth expertise
Less defined security options (also encryption) in OAuth
SAML provisioning is mandatory
Possible phishing by using non-used OAuth tokens
Conclusion session:
We are going to use OAuth in online banking, but optimization is necessary to ensure a safe use.