More Related Content Similar to apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance by Ajay Biyani, ForgeRock (20) apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance by Ajay Biyani, ForgeRock1. Copyright © 2021 ForgeRock. All rights reserved.
About ForgeRock
Wave Leader for
Customer Identity and
Access Management
Q4 2020
Overall Leader in CIAM
Platforms Leadership
Compass Report
2020
Magic Quadrant Leader
for Access Management
2020
The Only Vendor Recognized as a Leader Across The Top Three Analyst Firms
2. Digital Identity Centric Approach
for HKMA OpenAPI Compliance
for Phase 3/4
Ajay Biyani, ForgeRock Regional Vice President, ASEAN
3. Copyright © 2021 ForgeRock. All rights reserved.
HK Banking Sector’s Open API Phases
5. Copyright © 2021 ForgeRock. All rights reserved.
Copyright © 2021 ForgeRock. All rights reserved
Key Challenges
Fraud and Cyber
security Risks
Tangible Busines
Benefits
Legacy
modernization and
Technical
Development
6. Copyright © 2021 ForgeRock. All rights reserved.
Copyright © 2021 ForgeRock. All rights reserved
Key Risks
Cyber Security Risks
System Resilience
risks
Data Privacy Risks
Liability Risks
Fraud and Money
Laundering Risks
7. Copyright © 2021 ForgeRock. All rights reserved.
Copyright © 2021 ForgeRock. All rights reserved
Key
Requirements
Data Protection and
Retention
Customer Consent
Fraud Detection and
Prevention
Disclosure and
Transparency
9. Copyright © 2021 ForgeRock. All rights reserved.
The Pain
Scale
Performance
Experience
Security
(Standards Based Integration,
API’s, Microservices etc.)
Time to
Market
Privacy &
Consent
Management
Modernise & Future
Proof Investment
Deployment
Options
(On-Prem/Cloud/ DevOps)
10. Copyright © 2021 ForgeRock. All rights reserved.
Banking – Functional Layers
Customer
Internet
Banking
Chat & Messenger
Banking
Video &
Telepresence
Fintech
Partnerships
B2B2C
API Ecosystem
Public
APIs
Channels
Interaction
Services &
Processes
Banking Back
Office
Data &
Optimization
Multi Platform UIs /
REST APIs
Multiple Credentials,
Tokens and Devices
based Authentication
Context capture
(Channel, location, time,
etc.)
Products, Services, and
Transactions (Credit Card,
Balance Payments, etc.)
AML Check , eKYC Checks
Credentials, Tokens and Devices
Enrollment
Marketing / Offers
Processing
Core Banking
CRM
Integration
Security & Audit
Marketing / Analytics
Robotic Process
Automation
Machine Learning
Mobile
Banking
Kiosks, Smart
ATMs & IoT
Open
Banking
Personalized, Omnichannel , Frictionless Customer Experience
11. Copyright © 2021 ForgeRock. All rights reserved.
ForgeRock for
Open Banking API
Security
12. Copyright © 2021 ForgeRock. All rights reserved.
ForgeRock Values for Open Banking API Security
1. Authentication & Federation Services
Federation with multiple Bank IDPs
Strong Authentication (MFA)
2. Authorization Service
Transaction Authorization + Step-up (MFA)
Authorization Policies
3. OIDC & OAuth2 Provider
OIDC & OAuth2 Grant Flows (e.g. Hybrid
Flow)
Dynamic Client Registration (DCR)
Token Introspection
Dynamic OAuth2 Authorization Policies
4. Financial Grade API Security
FAPI-OIDC CIBA Flow
Token Security (PKCE, Proof-of-Possession)
5. Token Customization & Consent Services
Customizable ID Token
Customizable Access Token
Remote Consent Service
13. Copyright © 2021 ForgeRock. All rights reserved.
Remote Consent Service ForgeRock Access Management
Bank API Gateway
ForgeRock Identity Management
TSP - Data Recipient
Endpoints
Object Model
Consent
Customer
Meta Directory Cache
Register Interface
Remote Consent Service Front-End Data Recipient Client Lifecycle Management
Customer Lifecycle Management
Consent Lifecycle Management
Entitlements and Policy Management
Remote Consent Service Back-End
JWKMS
Consent Repository
Intelligent Authentication + MFA (SCA)
OIDC & OAuth2 Grant Flows
OAuth2 Dynamic AuthZ Policies
Token Security (Proof-of-Possession)
Policy Based Authorization (PBAC)
Remote Consent Service (RCS)
Product Info API Account Info API
Product Subscription API Transaction API
Data
Recipient
ForgeRock Platform
for Open Banking API Security
Bank User Repository
Bank Users & Data Holder
Directory Store
Banking API Gateway
Identity Federation (3rd Party IDP)
Bank Auth Service (IdP)
Bank Auth Service
Federation with
Bank IdP Service
Token Custom Modification
OIDC/OAuth2 Provider
14. Copyright © 2021 ForgeRock. All rights reserved.
The AI-Driven ForgeRock Identity Platform
We manage identities and access to power your digital enterprise
Workforce
Things
Customers
Cyber Security
Operations & SIEM
eKYC/Customer
Profiling
Omnichannel
Experiences
CRM, ERP, HR, and
other business
applications
Regulatory
Compliance
Data Lakes and
Data Warehouses
100+ inputs for
identity,
orchestration and
dynamic access
decisioning
Identity
Management
Identity
Governance
Universal
Directory
Access
Management
Autonomous
Identity
& Access
OAuth 2.0, OIDC, FIDO2, SAML, SCIM2, UMA
Sync
Signals
Zero-Touch SDKs, REST APIs, Identity Gateway
Send rich signals
throughout the
digital enterprise for
security and agility
15. Copyright © 2021 ForgeRock. All rights reserved.
Seamless Registration / Delightful Experiences / Transparent Security / Privacy
Borderless Access / Automated Provisioning / Single Sign-On / Zero Trust / Privacy
Customers + Devices
Workforce + Devices
Delightful
& Efficient
Experiences
Intelligent &
Transparent
Security
Need: Digital Transformation for All Identities
15
16. Copyright © 2021 ForgeRock. All rights reserved.
Copyright © 2021 ForgeRock. All rights reserved.
Popular Uses:
1. Add choices: MFA options for user’s convenience
2. Infuse Context: More secure and personalized AuthX
3. Infuse Analytics: Embed counters/timers
4. Adaptive Risk: Split off a tree based on Risk routing
5. Future Proof: Easily add new nodes / functionality with
Trust Network Partners from Marketplace
Powerful Orchestration &
Decision Engine
» Infuse stronger security
and ease of use into your
user journeys
» Flexible authentication
flows for any use cases
» Adaptive Risk with
contextual authX
» Pluggable custom nodes
for new functionality
Intelligent
Access
16
17. Copyright © 2021 ForgeRock. All rights reserved.
Trust
Network
A Technology Partner
Ecosystem Extends the
Solution
» Orchestration capability
with over 80 pre-
integrated and tested
partner technologies
» The Trust Network makes
ForgeRock’s platform
evergreen, by leveraging
the collective innovation of
an entire industry
“The value of the ForgeRock
platform is magnified by its
capability to leverage a wide
array of best-of-breed, 3rd
party technologies..”
– Gabriel Steele
Head of Identity, ANZ Bank
17
18. Copyright © 2021 ForgeRock. All rights reserved.
The Most Comprehensive Digital Identity Platform
Innovation
CLOUD, AI, GOVERNANCE
1,100+
ENTERPRISE CUSTOMERS
98
NEW CUSTOMERS
IN 2019
+75%
NEW ARR ‘19/‘18
>$100M
ENDING 2019 ARR
$16 Billion, +20%
TOTAL MARKET
Top CIO/CISO Priority
Digital
Transformation
WE HAVE THE
OPPORTUNITY TO
Do Identity Right
W O R K F O R C E C O N S U M E R T H I N G S