Tatsuo Kudo, profile picture
Uploaded byTatsuo Kudo
PDF, PPTX3,613 views

銀行APIのトレンド #fapisum

The document discusses various approaches to open banking APIs and strong customer authentication. It summarizes the OAuth flows and API specifications used in the UK Open Banking framework as well as approaches taken by the Berlin Group, Polish Banking Association, and a French bank. It also compares embedded and decoupled flows for customer authentication.

Embed presentation

Download as PDF, PPTX
Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018 API
• API API 2
• https://www.linkedin.com/in/tatsuokudo – (1998-2008) – (2008-2018) – OpenID (2013-2014) – NRI (2014-2018) – Authlete (2018-) • VP of Solution Strategy 3
API • API – e.g. – “Bank as a Service” – 2 API Banking 371 Source: https://www.programmableweb.com/category/banking 4
API “OAuth 2.0” • API 5 “OAuth 2.0” Source: https://www.slideshare.net/tkudo/api-meetup-oauth
API • • • 6 • Open Banking UK • Berlin Group NextGenPSD2 • Polish Bank Association • Slovak Banking Association • (France Stet)
Open Banking UK • FAPI Part 2 • Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid Flow • Request Object • Mutual TLS 7 Source: Open Banking Security Profile - Implementer's Draft v1.1.2 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
Open Banking UK 1. PSU (Payment Service User) AISP (Account Information Service Provider) 2. AISP ASPSP (Account Servicing Payment Service Provider) POST /account-resource (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP “AccountRequestId” 4. AISP AccountRequestId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP AISP 7. AISP ASPSP Mutual TLS 8. AISP GET /accounts Mutual TLS 8 Source: Account and Transaction API - v2.0.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+ Transaction+API+Specification+-+v2.0.0
Open Banking UK 1. PSU PISP (Payment Initiation Service Provider) 2. PISP ASPSP POST /payments (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP ”PaymentId” 4. PISP PaymentId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP PISP 7. PISP ASPSP Mutual TLS 8. PISP POST /payment-submissions Mutual TLS 9. Optionally retrieve the status of a payment setup or submission 9 Source: Payment Initiation API - v1.1.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
OIDC Hybrid Flow (1) • Slovak Banking API Standard – OB UK PISP ID (orderId) ASPSP Request Object 10 Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
OIDC Hybrid Flow (2) • MKB – Open Banking UK Security Profile – OB UK PISP ID (openbanking_intent_id) ASPSP Request Object 11 Source: Account and Transaction API Specification https://portal.sandbox.mkb.hu/api-documentation/account-info
Berlin Group “NextGenPSD2” • 4 – Redirect SCA Approach – OAuth2 SCA Approach – Decoupled SCA Approach – Embedded SCA Approach 12
Berlin Group “NextGenPSD2” Redirect / OAuth2 SCA Approach • PSU ASPSP PSU • “OAuth2” Redirect – Authorization Server Metadata 13 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” Decoupled SCA Approach • ASPSP PISP/AISP PSU 14 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” Embedded SCA Approach • ASPSP PISP/AISP PSU 15 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” OAuth 2.0 • “Optional Usage” • PISP/AISP “pre-step” OAuth SCA Approach ASPSP API (XS2A interface) 16
Decoupled • “PolishAPI” • NextGenPSD2 decoupled – OAuth 2.0 – TPP (Third-Party Provider) EAT (External Authorization Tool) ASPSP 17 Source: PolishAPI Verison 2.0 https://docs.polishapi.org/files/ver2.0/PolishAPI-spec-v2.0-EN.pdf
Embedded • “STET” • Resource Owner Password Grant – ASPSP PSU Strong Customer Authentication 18 Source: PolishAPI Verison 2.0 https://www.stet.eu/assets/files/PSD2/1_3/API_DSP2_STET_V1_3.pdf
• TPP ASPSP “intent” POST → intent id Request Object Open Banking UK • TPP ASPSP TLS • “Embedded” vs “Decoupled” 19
Thanks!

More Related Content

PPTX
OAuth and OpenID Connect for PSD2 and Third-Party Access
byNordic APIs
 
PDF
OBIE Directory Integration - A Technical Deep Dive
byWSO2
 
PDF
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
byFinTechLabs.io
 
PDF
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
byFinTechLabs.io
 
PDF
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
byFinTechLabs.io
 
PDF
Trends in Banking APIs
byTatsuo Kudo
 
PDF
APIエコノミー時代の認証・認可
byTatsuo Kudo
 
PDF
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
byTatsuo Kudo
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
byNordic APIs
 
OBIE Directory Integration - A Technical Deep Dive
byWSO2
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
byFinTechLabs.io
 
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
byFinTechLabs.io
 
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
byFinTechLabs.io
 
Trends in Banking APIs
byTatsuo Kudo
 
APIエコノミー時代の認証・認可
byTatsuo Kudo
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
byTatsuo Kudo
 

What's hot

PDF
Implementing security requirements for banking API system using Open Source ...
byYuichi Nakamura
 
PPTX
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
byWSO2
 
PDF
Implementing Open Banking with ForgeRock
byForgeRock Identity Tech Talks
 
PDF
Comprehensive overview FAPI 1 and 2
byTorsten Lodderstedt
 
PDF
Banking is Now More Open: Open Banking Update
byMikeLeszcz
 
PPTX
Intelligent authentication Identity tech talks
byLeonard Moustacchis
 
PDF
ForgeRock Open banking - Meetup 28/06/2018
byQuentin Castel
 
PDF
Building a Fool Proof Security Strategy for PSD2 Compliance
byWSO2
 
PDF
OpenID Foundation RISC WG Update - 2017-10-16
byMikeLeszcz
 
PDF
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
byOpenIDFoundation
 
PDF
WSO2Con EU 2015: API Management Strategies and Best Practices
byWSO2
 
PDF
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
byWSO2
 
PDF
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
byapidays
 
PDF
API-first Integration for Microservices
byWSO2
 
PPTX
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
PDF
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
byApigee | Google Cloud
 
PDF
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
byWSO2
 
PDF
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
byFinTechLabs.io
 
PDF
Standard Issue: Preparing for the Future of Data Management
byInside Analysis
 
PDF
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
byapidays
 
Implementing security requirements for banking API system using Open Source ...
byYuichi Nakamura
 
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
byWSO2
 
Implementing Open Banking with ForgeRock
byForgeRock Identity Tech Talks
 
Comprehensive overview FAPI 1 and 2
byTorsten Lodderstedt
 
Banking is Now More Open: Open Banking Update
byMikeLeszcz
 
Intelligent authentication Identity tech talks
byLeonard Moustacchis
 
ForgeRock Open banking - Meetup 28/06/2018
byQuentin Castel
 
Building a Fool Proof Security Strategy for PSD2 Compliance
byWSO2
 
OpenID Foundation RISC WG Update - 2017-10-16
byMikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
byOpenIDFoundation
 
WSO2Con EU 2015: API Management Strategies and Best Practices
byWSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
byWSO2
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
byapidays
 
API-first Integration for Microservices
byWSO2
 
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
byApigee | Google Cloud
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
byWSO2
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
byFinTechLabs.io
 
Standard Issue: Preparing for the Future of Data Management
byInside Analysis
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
byapidays
 

Similar to 銀行APIのトレンド #fapisum

PPTX
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
PDF
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
PDF
INTERFACE, by apidays - The UK Open Banking Story
byapidays
 
PPTX
Identiverse: PSD2, Open Banking, and Technical Interoperability
byTorsten Lodderstedt
 
PDF
PISP Journey Based on Open Banking UK
byWSO2
 
PDF
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
PDF
Open Bank Project Presentation Tel Aviv CA 4th April 2017
bysimonredfern
 
PDF
PSD2 & Open Banking
bysenakafdo
 
PDF
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
byFinTechLabs.io
 
PDF
Berlin Group aktualitātes un citi API tehniskie jautājumi
byLatvijas Banka
 
PDF
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 
PPTX
Psd2 challenges
byGoran Angelov
 
PDF
Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical D...
byWSO2
 
PDF
A blueprint for open banking standards in the United Kingdom
byEric Horesnyi
 
PDF
OpenID Foundation/Open Banking Workshop - Open Banking Update
byMikeLeszcz
 
PPTX
Fintech workshop Part II - Law Society of Hong Kong - Xccelerate
byHenrique Centieiro
 
PDF
Sibos 2016 - Access to Account
byAya El Mernissi
 
PPTX
Identiverse 2019 - Mark Perry - Open Banking Around The World
byMark Perry
 
PDF
An API Model for Open Banking Eco-Systems
byGary Farrow
 
PDF
The Human Chain Open Banking - The Future of Payments White Paper V1.1
byBrendan Jones
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
INTERFACE, by apidays - The UK Open Banking Story
byapidays
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
byTorsten Lodderstedt
 
PISP Journey Based on Open Banking UK
byWSO2
 
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
Open Bank Project Presentation Tel Aviv CA 4th April 2017
bysimonredfern
 
PSD2 & Open Banking
bysenakafdo
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
byFinTechLabs.io
 
Berlin Group aktualitātes un citi API tehniskie jautājumi
byLatvijas Banka
 
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 
Psd2 challenges
byGoran Angelov
 
Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical D...
byWSO2
 
A blueprint for open banking standards in the United Kingdom
byEric Horesnyi
 
OpenID Foundation/Open Banking Workshop - Open Banking Update
byMikeLeszcz
 
Fintech workshop Part II - Law Society of Hong Kong - Xccelerate
byHenrique Centieiro
 
Sibos 2016 - Access to Account
byAya El Mernissi
 
Identiverse 2019 - Mark Perry - Open Banking Around The World
byMark Perry
 
An API Model for Open Banking Eco-Systems
byGary Farrow
 
The Human Chain Open Banking - The Future of Payments White Paper V1.1
byBrendan Jones
 

More from Tatsuo Kudo

PDF
Authlete: API Authorization Enabler for API Economy
byTatsuo Kudo
 
PDF
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
byTatsuo Kudo
 
PDF
英国オープンバンキング技術仕様の概要
byTatsuo Kudo
 
PDF
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
byTatsuo Kudo
 
PDF
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
byTatsuo Kudo
 
PDF
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
byTatsuo Kudo
 
PDF
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
byTatsuo Kudo
 
PDF
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
byTatsuo Kudo
 
PDF
オープン API と Authlete のソリューション
byTatsuo Kudo
 
PDF
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
byTatsuo Kudo
 
PDF
金融APIセキュリティの動向・事例と今後の方向性
byTatsuo Kudo
 
PDF
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
byTatsuo Kudo
 
PDF
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
byTatsuo Kudo
 
PDF
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
byTatsuo Kudo
 
PDF
Financial-grade API Hands-on with Authlete
byTatsuo Kudo
 
PDF
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
byTatsuo Kudo
 
PDF
アイデンティティ (ID) 技術の最新動向とこれから
byTatsuo Kudo
 
PDF
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
byTatsuo Kudo
 
PDF
OAuth Security Workshop 2017 #osw17
byTatsuo Kudo
 
PDF
Japan/UK Open Banking and APIs Summit 2018 TOI
byTatsuo Kudo
 
Authlete: API Authorization Enabler for API Economy
byTatsuo Kudo
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
byTatsuo Kudo
 
英国オープンバンキング技術仕様の概要
byTatsuo Kudo
 
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
byTatsuo Kudo
 
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
byTatsuo Kudo
 
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
byTatsuo Kudo
 
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
byTatsuo Kudo
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
byTatsuo Kudo
 
オープン API と Authlete のソリューション
byTatsuo Kudo
 
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
byTatsuo Kudo
 
金融APIセキュリティの動向・事例と今後の方向性
byTatsuo Kudo
 
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
byTatsuo Kudo
 
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
byTatsuo Kudo
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
byTatsuo Kudo
 
Financial-grade API Hands-on with Authlete
byTatsuo Kudo
 
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
byTatsuo Kudo
 
アイデンティティ (ID) 技術の最新動向とこれから
byTatsuo Kudo
 
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
byTatsuo Kudo
 
OAuth Security Workshop 2017 #osw17
byTatsuo Kudo
 
Japan/UK Open Banking and APIs Summit 2018 TOI
byTatsuo Kudo
 

Recently uploaded

PDF
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
PPTX
Analysis Intelligence in Cyber Protection.pptx
byOmar Fernandez
 
PDF
WAN-IFRA World Press Trends 2025-26 key insights
byDamian Radcliffe
 
PDF
diznijevi junaci na paradi panini album.pdf
byStefanFilipovic9
 
PPTX
Social media app presentation snapgram.pptx
byrayessafa21
 
PPTX
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
PPTX
Introduction to Multi-dimentional array.pptx
byOmar Fernandez
 
PPTX
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
Analysis Intelligence in Cyber Protection.pptx
byOmar Fernandez
 
WAN-IFRA World Press Trends 2025-26 key insights
byDamian Radcliffe
 
diznijevi junaci na paradi panini album.pdf
byStefanFilipovic9
 
Social media app presentation snapgram.pptx
byrayessafa21
 
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
Introduction to Multi-dimentional array.pptx
byOmar Fernandez
 
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 

銀行APIのトレンド #fapisum

  • 1.
    Financial APIs Workshop- Japan/UK Open Banking and APIs Summit 2018 API
  • 2.
  • 3.
    • https://www.linkedin.com/in/tatsuokudo – (1998-2008) –(2008-2018) – OpenID (2013-2014) – NRI (2014-2018) – Authlete (2018-) • VP of Solution Strategy 3
  • 4.
    API • API – e.g. – “Bankas a Service” – 2 API Banking 371 Source: https://www.programmableweb.com/category/banking 4
  • 5.
    API “OAuth 2.0” • API 5 “OAuth2.0” Source: https://www.slideshare.net/tkudo/api-meetup-oauth
  • 6.
    API • • • 6 • Open BankingUK • Berlin Group NextGenPSD2 • Polish Bank Association • Slovak Banking Association • (France Stet)
  • 7.
    Open Banking UK •FAPI Part 2 • Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid Flow • Request Object • Mutual TLS 7 Source: Open Banking Security Profile - Implementer's Draft v1.1.2 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
  • 8.
    Open Banking UK 1.PSU (Payment Service User) AISP (Account Information Service Provider) 2. AISP ASPSP (Account Servicing Payment Service Provider) POST /account-resource (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP “AccountRequestId” 4. AISP AccountRequestId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP AISP 7. AISP ASPSP Mutual TLS 8. AISP GET /accounts Mutual TLS 8 Source: Account and Transaction API - v2.0.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+ Transaction+API+Specification+-+v2.0.0
  • 9.
    Open Banking UK 1.PSU PISP (Payment Initiation Service Provider) 2. PISP ASPSP POST /payments (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP ”PaymentId” 4. PISP PaymentId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP PISP 7. PISP ASPSP Mutual TLS 8. PISP POST /payment-submissions Mutual TLS 9. Optionally retrieve the status of a payment setup or submission 9 Source: Payment Initiation API - v1.1.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
  • 10.
    OIDC Hybrid Flow(1) • Slovak Banking API Standard – OB UK PISP ID (orderId) ASPSP Request Object 10 Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
  • 11.
    OIDC Hybrid Flow(2) • MKB – Open Banking UK Security Profile – OB UK PISP ID (openbanking_intent_id) ASPSP Request Object 11 Source: Account and Transaction API Specification https://portal.sandbox.mkb.hu/api-documentation/account-info
  • 12.
    Berlin Group “NextGenPSD2” •4 – Redirect SCA Approach – OAuth2 SCA Approach – Decoupled SCA Approach – Embedded SCA Approach 12
  • 13.
    Berlin Group “NextGenPSD2” Redirect/ OAuth2 SCA Approach • PSU ASPSP PSU • “OAuth2” Redirect – Authorization Server Metadata 13 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 14.
    Berlin Group “NextGenPSD2” DecoupledSCA Approach • ASPSP PISP/AISP PSU 14 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 15.
    Berlin Group “NextGenPSD2” EmbeddedSCA Approach • ASPSP PISP/AISP PSU 15 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 16.
    Berlin Group “NextGenPSD2” OAuth2.0 • “Optional Usage” • PISP/AISP “pre-step” OAuth SCA Approach ASPSP API (XS2A interface) 16
  • 17.
    Decoupled • “PolishAPI” • NextGenPSD2 decoupled –OAuth 2.0 – TPP (Third-Party Provider) EAT (External Authorization Tool) ASPSP 17 Source: PolishAPI Verison 2.0 https://docs.polishapi.org/files/ver2.0/PolishAPI-spec-v2.0-EN.pdf
  • 18.
    Embedded • “STET” • ResourceOwner Password Grant – ASPSP PSU Strong Customer Authentication 18 Source: PolishAPI Verison 2.0 https://www.stet.eu/assets/files/PSD2/1_3/API_DSP2_STET_V1_3.pdf
  • 19.
    • TPP ASPSP“intent” POST → intent id Request Object Open Banking UK • TPP ASPSP TLS • “Embedded” vs “Decoupled” 19
  • 20.