Document End-User Guide #266
Comments
|
👋 Hey Michael, I am interested in your task and available to start immediately. I am experienced with Docusaurus.io, Nextra, Mkdocs, and markdown. I can provide you with a user-friendly guide. Here are some of my live guides: I'm looking forward to hearing from you soon 😃 |
|
I think you can just get started in markdown or whatever format you prefer and submit it as a PR. Writing the documents isn't the hard part. Researching and knowing what to write is. @AbdoALPOP can you start by enumerating a list of [a] all user-agents and [b] all hardware security keys that support WebAuthn SPC? Specifically, it should be noted what the minimum release version for these software & hardware products started supporting WebAuthn SPC. |
|
@maltfield Yes I can start. please send me your email to send a payment request to start this task. |
|
@AbdoALPOP GitHub is not a marketplace. I'm a volunteer contributor, and payment is not a consideration. If you'd also like to volunteer, your contributions would be appreciated. |
|
We recently added documentation of SPC on MDN. Do you think that would make a good starting point? (That may be too developer-focused for what you have in mind.) Thanks! |
|
Closing this issue in deference to documentation on MDN (which we will try to keep up-to-date as the API evolves). |
|
@ianbjacobs sorry I missed your message in January. Most of the documentation on MDN still appears to be written for an audience of the developer, which does not satisfy this ticket. There's five paragraphs in the Overview section that are a good start. For example, it clearly states that we can use And, I want to open a bank account with a bank that supports SPC, but when I call and ask a support rep, they have no idea what SPC is. How can I find out if a given bank supports SPC transactions?
The reason I opened this ticket was to be much more specific about that. The question that this docs should answer are: I'm at a store and I want to buy a hardware security token or mobile phone that supports SPC: which device should I buy?!? To quote from the OP, this doc should answer the reader's questions:
Please re-open this ticket so these points can be addressed in the docs. |
This is a request to add documentation to this repo that is specifically written for an audience of end-users who want to use SCA for transaction authentication.
Problem
Currently this repo has plenty of documentation available that's specifically written for an audience of developers looking to implement SCA. That's great, but it's not very useful to someone who is trying to find a banking solution that uses SCA for transaction authentication.
The "Dynamic Linking" requirement of the PSD2 reduced the security for many EU banking customers because:
Another stated design goal of SPC is that it's
Personally, I came to this repo searching for a solution because these "risk analysis approaches that rely on data collection" have lead to me constantly being locked-out of my own banking accounts (false-positive fraud detection), even when I provide the correct authentication credentials on the first try.
Likewise, if you search the 'net for "PSD2" around the time SCA was first being enforced, there are numerous complaints from people being unable to process transactions because their banks started requiing OTPs for every transaction from SMS. This was essentially a DoS attack on their customs, as and many users simply didn't have cell phone signal at home
In general, lots of users have been suffering for years, and are seeking a secure, standardized way to do transaction auth. This repo aims to solve that, but there is no documentation for the end-user to figure out "ok, how do I use this?"
Solution
Documentation should be written that specifically targets end-users. It should answer the question "what do I need to do to use SCA for my transactions?" and answer the following questions:
The text was updated successfully, but these errors were encountered: