Open maltfield opened 5 months ago
👋 Hey Michael,
I am interested in your task and available to start immediately.
I am experienced with Docusaurus.io, Nextra, Mkdocs, and markdown. I can provide you with a user-friendly guide.
Here are some of my live guides:
I'm looking forward to hearing from you soon 😃 Contact me and let's get started.
I think you can just get started in markdown or whatever format you prefer and submit it as a PR. Writing the documents isn't the hard part. Researching and knowing what to write is.
@AbdoALPOP can you start by enumerating a list of [a] all user-agents and [b] all hardware security keys that support WebAuthn SPC? Specifically, it should be noted what the minimum release version for these software & hardware products started supporting WebAuthn SPC.
@maltfield Yes I can start. please send me your email to send a payment request to start this task.
@AbdoALPOP GitHub is not a marketplace. I'm a volunteer contributor, and payment is not a consideration.
If you'd also like to volunteer, your contributions would be appreciated.
@maltfield,
We recently added documentation of SPC on MDN. Do you think that would make a good starting point? (That may be too developer-focused for what you have in mind.) Thanks!
This is a request to add documentation to this repo that is specifically written for an audience of end-users who want to use SCA for transaction authentication.
Problem
Currently this repo has plenty of documentation available that's specifically written for an audience of developers looking to implement SCA. That's great, but it's not very useful to someone who is trying to find a banking solution that uses SCA for transaction authentication.
The "Dynamic Linking" requirement of the PSD2 reduced the security for many EU banking customers because:
Another stated design goal of SPC is that it's
Personally, I came to this repo searching for a solution because these "risk analysis approaches that rely on data collection" have lead to me constantly being locked-out of my own banking accounts (false-positive fraud detection), even when I provide the correct authentication credentials on the first try.
Likewise, if you search the 'net for "PSD2" around the time SCA was first being enforced, there are numerous complaints from people being unable to process transactions because their banks started requiing OTPs for every transaction from SMS. This was essentially a DoS attack on their customs, as and many users simply didn't have cell phone signal at home
In general, lots of users have been suffering for years, and are seeking a secure, standardized way to do transaction auth. This repo aims to solve that, but there is no documentation for the end-user to figure out "ok, how do I use this?"
Solution
Documentation should be written that specifically targets end-users. It should answer the question "what do I need to do to use SCA for my transactions?" and answer the following questions: