OpenID Foundation and Open Banking Implementation Entity Continue Collaboration with Conformance and Certification Workshop at OAuth Security Workshop 2020

This entry was posted in Certification Certification Team FAPI Technology Events and tagged Certification certification program CIBA conformance FAPI FAPI-CIBA oauth security workshop 2020 open banking open banking implementation entity osw2020 on by

The OpenID Foundation (OIDF) and the UK Open Banking Implementation Entity (OBIE), continue our collaboration efforts building on the success of our recent workshop focused on Financial-grade API (FAPI) conformance and certification. It was a deep dive into the technical interface of our open, international standard with the OBIE’s functional UK standard. More workshops are planned with OBIE and the FDX in the coming weeks.

OIDF and OBIE have been invited to deliver a similar session at the upcoming OAuth Security Workshop 2020 virtual conference July 21-24, 2020. We’ll take a deeper dive into:

  • the extra security in FAPI-RW 1.0 and FAPI 2.0
  • the security checks done in the certification suites (is this just the FAPI suite or do the OBIE tests cover some security checks?)
  • the security advantages of the OB directory model vs eIDAS
  • the apparent conflict between security and interoperability, especially in bank environments
  • how the certification programs attempt to ensure both security and interoperability

OIDF and OBIE continue to collaborate to help drive global open banking initiatives with the following goals:

  • To update participants on the latest developments in both the OIDF Financial-Grade API (FAPI) profile and the OBIE Standard.
  • To demonstrate the respective conformance tools and the benefits of certification including why conformance and certification is critical to ensuring standards are secure and interoperable.
  • To provide participants with help and support in using these tools.
  • To encourage a greater number of certifications.
  • Ultimately to help grow the open banking ecosystem, enhancing security and benefits for participants and end customers.

We hope you’ll join us at OSW 2020.

 

Don Thibeau
OpenID Foundation Executive Director

 

Agenda

 

Topic Presenter(s) Notes
Welcome & Introduction Don Thibeau (OIDF)

Chris Michael (OBIE & Session Host)
  • Intro to OpenID Foundation
  • Intro to Open Banking Implementation Entity
  • Why conformance and certification is critical to ensuring standards are secure and interoperable
Introduction to OpenID Connect and Financial-grade API (FAPI) Nat Sakimura (OIDF)
  • OpenID Connect overview
  • Introduction to Financial-grade API (FAPI)
  • Vision for the FAPI profile and conformance tools in a global context
Detailed Overview of the FAPI and CIBA Profiles Including Enhanced Security in New Versions Dave Tonge (OIDF & Moneyhub)
  • High level functionality of latest drafts of FAPI and CIBA
  • The extra security in FAPI-RW 1.0 and FAPI 2.0
  • Future planned updates
Introduction to the OBIE Standard Freddi Gyara (OBIE)
  • Summary of Functional APIs and DCR
  • Different approaches to use of OBIE
  • Directory and eIDAS certificate validation
Standards, Security & Interoperability Discussion Dave Tonge (OIDF & Moneyhub)

Freddi Gyara (OBIE)
  • The security advantages of the OB directory model vs eIDAS
  • The apparent conflict between security and interoperability, especially in bank environments
How Certification Programs Attempt to Ensure Both Security and Interoperability: Demonstration of the OpenID Conformance Test Suite Joseph Heenan (OIDF & Fintech Labs)
  • Overview of self-certification
  • Examples of security & interoperability checks the suite does on OAuth2 & OpenID Connect
  • Architecture / extensibility / applicability to further protocols
  • Future roadmap
  • Demo of the conformance test suite including App-App tests & RP tests
How Certification Programs Attempt to Ensure Both Security and Interoperability: Demonstration of the OBIE Conformance Tool Glyn Jackson (OBIE) & Julian Coombes (OBIE)

 
  • For AIS, PIS, CBPII and DCR
  • Examples of security & interoperability checks
Q&A Session on OIDF & OBIE Specifications & Conformance Tools Nat Sakimura (OIDF)

Chris Michael (OBIE)
Open Audience Discussion on Issues and Suggestions Nat Sakimura and Don Thibeau (OIDF)

Chris Michael (OBIE)
  • Getting other jurisdictions engaged
  • Global open banking initiatives
  • What can OIDF & OBIE do to help?