[cabf_validation] OrganisationIdentifier mandated by ETSI TS 119 495

[Ryan Sleevi]

On Mon, Nov 5, 2018 at 4:38 AM Adriano Santoni via Validation <
validation at cabforum.org> wrote:

> Just to provide a wider picture of the implications (to those who are
> interested in this topic):
>
> Not only is the organizationIdentifier attribute required by ETSI TS 119
> 495 (*): its presence in the QWAC certificate is also taken for granted by
> the "Implementation Guidelines" published by the Berlin Group (
> https://www.berlin-group.org/nextgenpsd2-downloads). And I suppose that
> several major banks and other fintech companies are currently developing
> and/or integrating APIs based on those guidelines.
>
> So... it looks like a time bomb.
> Adriano
>
> (*) Which, to my understanding, technically implements the requirements of
> Art. 34 of the COMMISSION DELEGATED REGULATION (EU) 2018/389 of 27 November
> 2017.
>
It seems like participating CA members can flag the profile
incompatibilities. As I mentioned, there's nothing inherent in the profile
that requires the use of publicly-trusted QWACs - where there exists
profile incompatibilities between multiple technical profiles, it's only
natural to recognize you can only correctly implement one of the profiles.
Given that qualified certificates have their legal value independent of the
trust status of those certificates, and given that PSD2 specifies such a
profile for the purpose of legal value, it seems the value can be
recognized for such server-to-server exchanges without the necessity for a
change in the BRs or EVGs. Indeed, as the SHA-1 issue in the payment
services industry has profoundly demonstrated, the use of separate
hierarchies for such payment processing certificates can be a boon to the
system, as such terminals may not be able to handle the "rapid" change of
the public trust ecosystem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181105/d6b8658e/attachment-0001.html>