Versions Compared

Version Old Version 6 New Version 7
Changes made by

Chris Wood

Chris Wood

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SCA is therefore very strongly allied to multi-factor authentication, and specifically outlines the acceptable factors, namely:

  • Inherence: “Something you are” - a biometric credential indelibly linked to you.

  • Knowledge: “Something you know” - a secret known to you and only you.

  • Possession: “Something you have” - A device that can only be accessed and activated by you.

However, SCA has different implementations across the EU, and the dynamic linking requirement is manifested in a number of different ways. Bringing together a best practice based on existing implementations is therefore difficult. However, and despite the variance between EU countries, the spirit of the RTS can be transposed into multiple, relevant protocols for User authentication that provide an implementation of multi-factor authentication and proofs-of-authentication.

The protocols and implementations included in this page can help provide multi-factor authentication and proofs-of-authentication for participants in an open finance ecosystem. This page is provided as guidance for ecosystem participants, to help them make informed choices in extending authentication options as open finance is extended.

2. FIDO2

Links

...

FIDO2

...

FIDO2 is a suite of protocols designed to offer strong proofs-of-authentication while eliminating the reliance on password. FIDO2 tends, therefore, to be associated with and supportive of SCA due two featurespasswords.

The diagram below provides the key actors:

Drawio
mVer2
simple0
zoom1
inComment0
pageId111280157
custContentId112361556
diagramDisplayNameUntitled Diagram-1718796274683.drawio
lbox1
contentVer1
revision1
baseUrlhttps://openfinanceuae.atlassian.net/wiki
diagramNameUntitled Diagram-1718796274683.drawio
pCenter0
width451
links
tbstyle
height581

FIDO2 is often associated with and considered to be supportive of SCA, due to :

  • Private key provisioned on device: FIDO2 protocols specify that a private key is provisioned on and never leaves an appropriate device (Possession).

  • Interaction is generally through the device biometrics (Inherence).

  • Fallback is allowed to a passcode or password (Knowledge).

FIDO2 also supports, through the Web Authentication (Webauthn) API, providing a Relying Party provided challenge that can meet dynamic linking requirements. One of the inputs to the invoking the Webauthn API The response to a request for User authentication, known as an Authentication Assertion, can provide an authentication code. The FIDO Alliance has long asserted that FIDO2 standards can meet PSD2 requirements, but the standard have continued to evolve without a widespread

3. Passkeys

...

The following are links to the relevant information on FIDO2:

3. Passkeys

Passkeys are a cross-browser, roaming implementation of FIDO2 credentials, which has been developed by the FIDO Alliance with industry protagonists like Apple and Google.

As Passkeys is a FIDO2 implementation it offer the same benefits as the FIDO2 suite of protocols, but adds the ability to synchronise keys between devices and retrieve keys from backup in the case of device loss or failure.

SCA is provided in this context by FIDO2, as Passkey is a FIDO2 implementation. These factors are manifested as follows:

  • Possession: A user has device with a private key they have bootstrapped using an existing biometric linked to the device or their password.

  • Inherence: Biometric authentication through fingerprint or facial recognition.

...

The following are links to relevant information on Passkeys:

FIDO Alliance Passkeys Homepage: https://fidoalliance.org/passkeys/

4. OpenID for Verifiable Credentials

4.1 Description

...

The following are links to relevant information on OpenID for Verifiable Credentials:

5. Secure Payment Confirmation (SPC)

...