Open Identity protocols and banking

Session Topic: Pros and Cons OAuth and Online Banking (T5H)

Convener: Cordny Nederkoorn

Notes-taker(s): Cordny Nederkoorn

Tags for the session - technology discussed/ideas considered:

OAuth, Open Identity protocol, online banking security

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

A session for discussion Pros and Cons Use OAuth in online banking

Pros OAuth use in online banking

Secure provisioning Api’s used everywhere

Scoped Access

Reduce friction customer registration -> bank as IdP

Online banking : SAML assertion can insert OAuth access token, resulting in less user interfaces

Cons use in online banking

Compromised tokens by unauthorized use OAuth access tokens

Issues usability for end-users

Cutting edge means you do not know what we do not know

Limited vendors

Limited OAuth expertise

Less defined security options (also encryption) in OAuth

SAML provisioning is mandatory

Possible phishing by using non-used OAuth tokens

Conclusion session:

We are going to use OAuth in online banking, but optimization is necessary to ensure a safe use.