SlideShare a Scribd company logo
© RAIDIAM 2018.All Rights Reserved.
RAiDiAM
The Open Banking Identity product
July2018 Information Classification: Confidential © RAIDIAM 2018. All Rights reserved.
© RAIDIAM 2018.All Rights Reserved.
About RAiDiAM
Strictly Confidential 2
Created to help with identity focused aspects of Open Banking and PSD2
regulatory challenges
Provides consulting and project delivery services focused on customer
identity using an architecture that is modular and scalable
We have delivered services to Open Banking, various large UK financial
services organizations and some software vendors
Have been engaged with Open Banking Implementation Entity since
January 2017 performing consulting and deeply engaged in architecture,
design, and delivery of UK CMA remedies and as part of that “The Open
Banking Directory”
© RAIDIAM 2018.All Rights Reserved. 3
Ralph Bragg
CTO, Founder
IAM Consultant
Standardsspecialist
Barry
O’Donohoe
CIO, Founder
IAM Consultant
Mark Haine
CEO, Founder
IAM Consultant
Daryl Searle
OperationsDirector and
ProgrammeManager
© RAIDIAM 2018.All Rights Reserved.
What’s Changing
4
• The banking services landscape is being radically transformed to promote increased
competition and innovation.
• This transformation is being driven by industry and regulatory directives that envisions
Open Banking APIs – UK CMA & EBA
• Third Party Providers (TPPs) will consume standard banking APIs to provide Account
Information and Payment Initiation Services
• TPP access to accounts (XS2A) must be secured by Banks’ using Strong Customer
Authentication (SCA) per technical standard, RTS
• With traditional security perimeters dissolving, a new approach is needed to ensure
security postures remain within risk appetite.
• Enabling this vision necessitates an identity-centric security model underpinned by open
international standards - OAuth2 & OIDC
• The GDPR in full force since 25th May 2018 for all
EU countries, including the UK despite Brexit being
underway.
• This will present major implications for Consumer
IAM platforms in dealing with customer (data
subject) consent.
• Consents need to be ‘freely given, specific,
informed and unambiguous’ – IAM will be on the
front line in dealing with this.
• Fine-grained consent management and its
enforcement on an API channel being used by a 3rd
Party client is non-trivial.
Financial Services APIs
Open Banking & PSD2
Data privacy
EU - General Data Protection
Regulation
© RAIDIAM 2018.All Rights Reserved.
Open Banking - the company
Strictly Confidential 5
An independent company “Open Banking Implementation Entity” was created by the banks but
driven by CMA order to deliver the “Open Banking remedies”.
The primary objective was to increasecompetition by opening up access to data and services that
werepreviously exclusiveto the UK banks.
There werea number of parallel workstreams on topics such as legal framework, customer
experience, functional APIs and Security
The technical workstreamsresulted in a decision to focus on a modern API based ecosystemin a
standardized fashion (screen scraping would notdo).
The security workstream agreed OAuth2 as the basis for the ecosysteminteractions with a trust
framework underpinning it.
© RAIDIAM 2018.All Rights Reserved.
Open Banking – the identity product
Strictly Confidential 6
In order for the technicalcomponentsto transact with each there there would need
to be a way to quickly and simply establisha level of trust sufficient to perform
financialtransactions.
A many-many trust model is difficult to scale so a hub and spoke model was
developed.
“The Directory” was born.
The challengewas to build,test and deployin 6 months in a multi-party ecosystem
that had a number of risk averse members using a team that was entirelynew.
© RAIDIAM 2018.All Rights Reserved.
Architecture principles
7
• Open Standardsbased interactions
• Prefer off-the shelf software
• Loosely coupled
• Applies separationof concerns
• Internet scalable
• Secure by design
• The solutionsand components
should be interoperable
• There was a need to deliver
quickly
• The requirementswere not all
known so there would be a
need for future flexibility
• Trying to apply security after
the applicationbuildwould
have likely been very
challenging
• Ongoing support model was
unclear
Why these principles?
© RAIDIAM 2018.All Rights Reserved.
The Directory – Actors
8
Open Banking ecosystem Actors:
• Regulators
• Authorised Companies(Banks
and third parties)
• People representing those
companies
• Technicalcomponents
belonging to those companies
Entity Relationships in
the directory
Open Banking ecosystem
Actors:
© RAIDIAM 2018.All Rights Reserved.
The Directory – a trust framework
Strictly Confidential 9
Key concept
• The FS customer does not interact directly with
Open Banking
• Open Banking systems are not in the transaction
flow
2 Phases
• On-Boarding
• Transacting
© RAIDIAM 2018.All Rights Reserved.
The Directory – On-Boarding
Strictly Confidential 10
For on-boarding each authorized company must go through
a process to create the necessary records, credentials and
certificates required to interact with other members of the
ecosystem. These credentials are issued by OB.
The on-boarding process checks the identity of the human
actors and the status of them and the claimed organization.
The OB credentials and certificates provided need to be
configured in the technical components belonging to the
company in question.
Additionally Fintechs must then also use their OB
credentials to register their applications with each of the
banks that they wish to transact. This would result in
credentials for Fintech -> Bank interactions.
© RAIDIAM 2018.All Rights Reserved.
The Directory – Transacting
Strictly Confidential 11
Once the onboarding has been performed the
Fintech will be able to engage with customers who
wish to share their data and permit a fintech to
transact on their behalf.
There is detailed documentation of how that flow
works but from the perspective of the directory
the only involvement is checking the authorization
of entities and their associated credentials.
In practice this means that a Bank can check the validity of claims presented by a
Fintech and visa-versa.
Customer identity claims, consent and authorization are primarily handled by each
Bank and do not involve the Open Banking Directory.
© RAIDIAM 2018.All Rights Reserved.
The Directory – Interfaces
Strictly Confidential 12
Web interface for on-boardingand self
service
APIs for reading variousattributesof an
entity
OpenID Provider for federation of authorized
human actors from Open Banking to Bank
developer portals
JWKS for accessing keys used for signing objects used in the ecosystem
CRL & OCSP for validationof certificates
© RAIDIAM 2018.All Rights Reserved.
The Directory – Key components & protocols
Strictly Confidential 13
Components
Onboarding CRM platform
Directory front end JS app
Microservices Custom Javaand Python components
Data store Commercial off the shelf LDAP
Data model OB specific
OIDC Components Commercial off the shelf software
User MFA Managedservice
Certificate authority Managedservice
Protocols
OAuth2 and OpenID Connect
SCIMv2
LDAP
HTTPS
© RAIDIAM 2018.All Rights Reserved.
Internals - Logical architecture
Strictly Confidential 14
OpenID provider
for human actors
OpenID Provider
for trust
framework
& Relying party
for human actors
SCIMv2 services
layer
Application
Microservices
File serviceQueue serviceData StoreData Store
Certificate
Authority
Identity policy enforcement
OIDC Relying party
OpenIDProvider
AndAuthorisation
Server
APIfor
directory
attributes
APIfor
directoryattributes
and webapplication
OpenIDProvider
AndAuthorisation
Server
JWKSfor signingkeys
and validity
OCSP& CRL for
certificate validity
© RAIDIAM 2018.All Rights Reserved.
The Directory – Future changes
15
eIDAS certificates as
identity source
New journey for
on-boardinga
new company
basedon eIDAS
identity
Directory providing
attributesfor eIDAS
identities
Changesthattighten
up the OpenBanking
security profile in
line with FAPI
PSD2
alignment
API only on-
boarding
Directory as
attribute provider
• With the challengingtimescales, Open Banking hadto consider thatsome requirementscouldnotbe achieved by
the original CMA deadline
• The following itemsare some of the changes that are planned for the OpenBankingDirectory and ecosystem
Next steps
FAPI-OB
convergence
© RAIDIAM 2018.All Rights Reserved.
Reference materials
Strictly Confidential 16
https://www.openbanking.org.uk/providers/directory/
https://openbanking.atlassian.net/wiki/spaces/DZ/overview
© RAIDIAM 2018.All Rights Reserved. 17
www.raidiam.com
+44 (0) 203 504 6440
50 Brook Street,
Mayfair,London.
W1K 5DR
info@raidiam.com
Get in touch

More Related Content

What's hot

Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- Neterium
Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- NeteriumFintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- Neterium
Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- NeteriumFinTech Belgium
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeR3
 
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFinTech Belgium
 
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...FinTech Belgium
 
APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可Tatsuo Kudo
 
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...FinTech Belgium
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security  CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CASCouncil
 
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKDevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKR3
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020Bjorn Hjelm
 
How to become a sought after blockchain and finance professional
How to become a sought after blockchain and finance professional How to become a sought after blockchain and finance professional
How to become a sought after blockchain and finance professional Blockchain Council
 

What's hot (15)

Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- Neterium
Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- NeteriumFintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- Neterium
Fintech Belgium - Meetup on Compliance / KYC - Thomas Gilbert- Neterium
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
 
InvestLab Product Overview
InvestLab Product OverviewInvestLab Product Overview
InvestLab Product Overview
 
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
 
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...
Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...
 
APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可
 
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...
Fintech Belgium - Meetup on Compliance / KYC - Koen Vanderhoydonk - Blanco Se...
 
Pre seed finance
Pre seed financePre seed finance
Pre seed finance
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. Visa
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security  CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security
 
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKDevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
 
Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
 
How to become a sought after blockchain and finance professional
How to become a sought after blockchain and finance professional How to become a sought after blockchain and finance professional
How to become a sought after blockchain and finance professional
 
Pandoc
PandocPandoc
Pandoc
 

Similar to Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018

Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...FinTechLabs.io
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
File Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesFile Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesBlackBerry
 
Open Banking and Payment Service Directive
Open Banking and Payment Service DirectiveOpen Banking and Payment Service Directive
Open Banking and Payment Service DirectiveLac Vuong
 
SuperCharger Hong Kong 2018 Cohort Description
SuperCharger Hong Kong 2018 Cohort DescriptionSuperCharger Hong Kong 2018 Cohort Description
SuperCharger Hong Kong 2018 Cohort DescriptionBrandon Chung
 
Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...SaaStock
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for BusinessBente Larsen
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerIBM DataPower Gateway
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Chapter 5 the kyc utility
Chapter 5   the kyc utilityChapter 5   the kyc utility
Chapter 5 the kyc utilityQuan Risk
 
Open Banking via APIc 2018
Open Banking via APIc 2018Open Banking via APIc 2018
Open Banking via APIc 2018Shiu-Fun Poon
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinkKristina Quinn
 
Global Open Banking Landscape
Global Open Banking LandscapeGlobal Open Banking Landscape
Global Open Banking LandscapeBiao Hao
 
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...apidays
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...FinTechLabs.io
 
IBM Cloud for Financial Services Overview
IBM Cloud for Financial Services OverviewIBM Cloud for Financial Services Overview
IBM Cloud for Financial Services OverviewSuzanne Livingston
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018Quentin Castel
 
Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018Oracle Developers
 

Similar to Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018 (20)

Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
File Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial ServicesFile Sharing Use Cases in Financial Services
File Sharing Use Cases in Financial Services
 
Open Banking and Payment Service Directive
Open Banking and Payment Service DirectiveOpen Banking and Payment Service Directive
Open Banking and Payment Service Directive
 
SuperCharger Hong Kong 2018 Cohort Description
SuperCharger Hong Kong 2018 Cohort DescriptionSuperCharger Hong Kong 2018 Cohort Description
SuperCharger Hong Kong 2018 Cohort Description
 
Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...
 
Open Banking APIs on AWS
Open Banking APIs on AWSOpen Banking APIs on AWS
Open Banking APIs on AWS
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for Business
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPower
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
Chapter 5 the kyc utility
Chapter 5   the kyc utilityChapter 5   the kyc utility
Chapter 5 the kyc utility
 
Open Banking via APIc 2018
Open Banking via APIc 2018Open Banking via APIc 2018
Open Banking via APIc 2018
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
 
Global Open Banking Landscape
Global Open Banking LandscapeGlobal Open Banking Landscape
Global Open Banking Landscape
 
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
 
IBM Cloud for Financial Services Overview
IBM Cloud for Financial Services OverviewIBM Cloud for Financial Services Overview
IBM Cloud for Financial Services Overview
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018
 
Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018
 

More from FinTechLabs.io

Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...FinTechLabs.io
 
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...FinTechLabs.io
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...FinTechLabs.io
 
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...FinTechLabs.io
 
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...FinTechLabs.io
 
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...FinTechLabs.io
 
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...FinTechLabs.io
 

More from FinTechLabs.io (7)

Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
 
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
 
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
 
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
 
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
 
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
 

Recently uploaded

The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxAnkitscribd
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 

Recently uploaded (14)

The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptx
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 

Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018

  • 1. © RAIDIAM 2018.All Rights Reserved. RAiDiAM The Open Banking Identity product July2018 Information Classification: Confidential © RAIDIAM 2018. All Rights reserved.
  • 2. © RAIDIAM 2018.All Rights Reserved. About RAiDiAM Strictly Confidential 2 Created to help with identity focused aspects of Open Banking and PSD2 regulatory challenges Provides consulting and project delivery services focused on customer identity using an architecture that is modular and scalable We have delivered services to Open Banking, various large UK financial services organizations and some software vendors Have been engaged with Open Banking Implementation Entity since January 2017 performing consulting and deeply engaged in architecture, design, and delivery of UK CMA remedies and as part of that “The Open Banking Directory”
  • 3. © RAIDIAM 2018.All Rights Reserved. 3 Ralph Bragg CTO, Founder IAM Consultant Standardsspecialist Barry O’Donohoe CIO, Founder IAM Consultant Mark Haine CEO, Founder IAM Consultant Daryl Searle OperationsDirector and ProgrammeManager
  • 4. © RAIDIAM 2018.All Rights Reserved. What’s Changing 4 • The banking services landscape is being radically transformed to promote increased competition and innovation. • This transformation is being driven by industry and regulatory directives that envisions Open Banking APIs – UK CMA & EBA • Third Party Providers (TPPs) will consume standard banking APIs to provide Account Information and Payment Initiation Services • TPP access to accounts (XS2A) must be secured by Banks’ using Strong Customer Authentication (SCA) per technical standard, RTS • With traditional security perimeters dissolving, a new approach is needed to ensure security postures remain within risk appetite. • Enabling this vision necessitates an identity-centric security model underpinned by open international standards - OAuth2 & OIDC • The GDPR in full force since 25th May 2018 for all EU countries, including the UK despite Brexit being underway. • This will present major implications for Consumer IAM platforms in dealing with customer (data subject) consent. • Consents need to be ‘freely given, specific, informed and unambiguous’ – IAM will be on the front line in dealing with this. • Fine-grained consent management and its enforcement on an API channel being used by a 3rd Party client is non-trivial. Financial Services APIs Open Banking & PSD2 Data privacy EU - General Data Protection Regulation
  • 5. © RAIDIAM 2018.All Rights Reserved. Open Banking - the company Strictly Confidential 5 An independent company “Open Banking Implementation Entity” was created by the banks but driven by CMA order to deliver the “Open Banking remedies”. The primary objective was to increasecompetition by opening up access to data and services that werepreviously exclusiveto the UK banks. There werea number of parallel workstreams on topics such as legal framework, customer experience, functional APIs and Security The technical workstreamsresulted in a decision to focus on a modern API based ecosystemin a standardized fashion (screen scraping would notdo). The security workstream agreed OAuth2 as the basis for the ecosysteminteractions with a trust framework underpinning it.
  • 6. © RAIDIAM 2018.All Rights Reserved. Open Banking – the identity product Strictly Confidential 6 In order for the technicalcomponentsto transact with each there there would need to be a way to quickly and simply establisha level of trust sufficient to perform financialtransactions. A many-many trust model is difficult to scale so a hub and spoke model was developed. “The Directory” was born. The challengewas to build,test and deployin 6 months in a multi-party ecosystem that had a number of risk averse members using a team that was entirelynew.
  • 7. © RAIDIAM 2018.All Rights Reserved. Architecture principles 7 • Open Standardsbased interactions • Prefer off-the shelf software • Loosely coupled • Applies separationof concerns • Internet scalable • Secure by design • The solutionsand components should be interoperable • There was a need to deliver quickly • The requirementswere not all known so there would be a need for future flexibility • Trying to apply security after the applicationbuildwould have likely been very challenging • Ongoing support model was unclear Why these principles?
  • 8. © RAIDIAM 2018.All Rights Reserved. The Directory – Actors 8 Open Banking ecosystem Actors: • Regulators • Authorised Companies(Banks and third parties) • People representing those companies • Technicalcomponents belonging to those companies Entity Relationships in the directory Open Banking ecosystem Actors:
  • 9. © RAIDIAM 2018.All Rights Reserved. The Directory – a trust framework Strictly Confidential 9 Key concept • The FS customer does not interact directly with Open Banking • Open Banking systems are not in the transaction flow 2 Phases • On-Boarding • Transacting
  • 10. © RAIDIAM 2018.All Rights Reserved. The Directory – On-Boarding Strictly Confidential 10 For on-boarding each authorized company must go through a process to create the necessary records, credentials and certificates required to interact with other members of the ecosystem. These credentials are issued by OB. The on-boarding process checks the identity of the human actors and the status of them and the claimed organization. The OB credentials and certificates provided need to be configured in the technical components belonging to the company in question. Additionally Fintechs must then also use their OB credentials to register their applications with each of the banks that they wish to transact. This would result in credentials for Fintech -> Bank interactions.
  • 11. © RAIDIAM 2018.All Rights Reserved. The Directory – Transacting Strictly Confidential 11 Once the onboarding has been performed the Fintech will be able to engage with customers who wish to share their data and permit a fintech to transact on their behalf. There is detailed documentation of how that flow works but from the perspective of the directory the only involvement is checking the authorization of entities and their associated credentials. In practice this means that a Bank can check the validity of claims presented by a Fintech and visa-versa. Customer identity claims, consent and authorization are primarily handled by each Bank and do not involve the Open Banking Directory.
  • 12. © RAIDIAM 2018.All Rights Reserved. The Directory – Interfaces Strictly Confidential 12 Web interface for on-boardingand self service APIs for reading variousattributesof an entity OpenID Provider for federation of authorized human actors from Open Banking to Bank developer portals JWKS for accessing keys used for signing objects used in the ecosystem CRL & OCSP for validationof certificates
  • 13. © RAIDIAM 2018.All Rights Reserved. The Directory – Key components & protocols Strictly Confidential 13 Components Onboarding CRM platform Directory front end JS app Microservices Custom Javaand Python components Data store Commercial off the shelf LDAP Data model OB specific OIDC Components Commercial off the shelf software User MFA Managedservice Certificate authority Managedservice Protocols OAuth2 and OpenID Connect SCIMv2 LDAP HTTPS
  • 14. © RAIDIAM 2018.All Rights Reserved. Internals - Logical architecture Strictly Confidential 14 OpenID provider for human actors OpenID Provider for trust framework & Relying party for human actors SCIMv2 services layer Application Microservices File serviceQueue serviceData StoreData Store Certificate Authority Identity policy enforcement OIDC Relying party OpenIDProvider AndAuthorisation Server APIfor directory attributes APIfor directoryattributes and webapplication OpenIDProvider AndAuthorisation Server JWKSfor signingkeys and validity OCSP& CRL for certificate validity
  • 15. © RAIDIAM 2018.All Rights Reserved. The Directory – Future changes 15 eIDAS certificates as identity source New journey for on-boardinga new company basedon eIDAS identity Directory providing attributesfor eIDAS identities Changesthattighten up the OpenBanking security profile in line with FAPI PSD2 alignment API only on- boarding Directory as attribute provider • With the challengingtimescales, Open Banking hadto consider thatsome requirementscouldnotbe achieved by the original CMA deadline • The following itemsare some of the changes that are planned for the OpenBankingDirectory and ecosystem Next steps FAPI-OB convergence
  • 16. © RAIDIAM 2018.All Rights Reserved. Reference materials Strictly Confidential 16 https://www.openbanking.org.uk/providers/directory/ https://openbanking.atlassian.net/wiki/spaces/DZ/overview
  • 17. © RAIDIAM 2018.All Rights Reserved. 17 www.raidiam.com +44 (0) 203 504 6440 50 Brook Street, Mayfair,London. W1K 5DR info@raidiam.com Get in touch