SlideShare a Scribd company logo

銀行APIのトレンド #fapisum

Prepared for Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018

1 of 20
Download to read offline
Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018
API
• API
API
2
• https://www.linkedin.com/in/tatsuokudo
– (1998-2008)
– (2008-2018)
– OpenID (2013-2014)
– NRI (2014-2018)
– Authlete (2018-)
• VP of Solution Strategy
3
API
• API
– e.g.
–
“Bank as a Service”
–
2 API Banking 371
Source: https://www.programmableweb.com/category/banking
4
API “OAuth 2.0”
•
API
5
“OAuth 2.0”
Source: https://www.slideshare.net/tkudo/api-meetup-oauth
API
•
•
•
6
• Open Banking UK
• Berlin Group
NextGenPSD2
• Polish Bank Association
• Slovak Banking
Association
• (France Stet)

Recommended

APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可Tatsuo Kudo
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIsTatsuo Kudo
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Tatsuo Kudo
 
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...FinTechLabs.io
 
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...FinTechLabs.io
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...FinTechLabs.io
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessNordic APIs
 
OBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveOBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveWSO2
 

More Related Content

What's hot

Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FinTechLabs.io
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateMikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity  tech talksIntelligent authentication Identity  tech talks
Intelligent authentication Identity tech talksLeonard Moustacchis
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusPrabath Siriwardena
 
Implementing security requirements for banking API system using Open Source ...
 Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018Quentin Castel
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for MicroservicesWSO2
 
Standard Issue: Preparing for the Future of Data Management
Standard Issue: Preparing for the Future of Data ManagementStandard Issue: Preparing for the Future of Data Management
Standard Issue: Preparing for the Future of Data ManagementInside Analysis
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...WSO2
 
Building a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceWSO2
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16MikeLeszcz
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWSI Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWSApigee | Google Cloud
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...WSO2
 
WSO2Con EU 2015: API Management Strategies and Best Practices
WSO2Con EU 2015: API Management Strategies and Best PracticesWSO2Con EU 2015: API Management Strategies and Best Practices
WSO2Con EU 2015: API Management Strategies and Best PracticesWSO2
 
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2WSO2
 

What's hot (20)

Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
 
Implementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRockImplementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRock
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity  tech talksIntelligent authentication Identity  tech talks
Intelligent authentication Identity tech talks
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
Implementing security requirements for banking API system using Open Source ...
 Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for Microservices
 
Standard Issue: Preparing for the Future of Data Management
Standard Issue: Preparing for the Future of Data ManagementStandard Issue: Preparing for the Future of Data Management
Standard Issue: Preparing for the Future of Data Management
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
 
Building a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 Compliance
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWSI Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
 
WSO2Con EU 2015: API Management Strategies and Best Practices
WSO2Con EU 2015: API Management Strategies and Best PracticesWSO2Con EU 2015: API Management Strategies and Best Practices
WSO2Con EU 2015: API Management Strategies and Best Practices
 
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
 

Similar to 銀行APIのトレンド #fapisum

Should I Make My Own API Gateway?
Should I Make My Own API Gateway?Should I Make My Own API Gateway?
Should I Make My Own API Gateway?Nordic APIs
 
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs WSO2
 
PSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcijaPSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcijaLatvijas Banka
 
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Deepak Nadig
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
Craft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Craft Conference 2015 - Evolution of the PayPal API: Platform & CultureCraft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Craft Conference 2015 - Evolution of the PayPal API: Platform & CultureDeepak Nadig
 
Digital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led IntegrationDigital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led IntegrationWSO2
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...HostedbyConfluent
 
Apic dc api deep dive
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive Cisco DevNet
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenluisw19
 
A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019Bill Doerrfeld
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...Hitachi, Ltd. OSS Solution Center.
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays
 
Top 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationOCTO Technology
 

Similar to 銀行APIのトレンド #fapisum (20)

OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Should I Make My Own API Gateway?
Should I Make My Own API Gateway?Should I Make My Own API Gateway?
Should I Make My Own API Gateway?
 
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
 
PSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcijaPSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcija
 
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
 
Craft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Craft Conference 2015 - Evolution of the PayPal API: Platform & CultureCraft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Craft Conference 2015 - Evolution of the PayPal API: Platform & Culture
 
Digital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led IntegrationDigital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led Integration
 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
 
Apic dc api deep dive
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heaven
 
A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
 
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
 
Top 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementation
 

More from Tatsuo Kudo

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Tatsuo Kudo
 
金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性Tatsuo Kudo
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachTatsuo Kudo
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
 
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyTatsuo Kudo
 
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizdayTatsuo Kudo
 
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteTatsuo Kudo
 
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideAuthlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideTatsuo Kudo
 
Financial-grade API Hands-on with Authlete
Financial-grade API Hands-on with AuthleteFinancial-grade API Hands-on with Authlete
Financial-grade API Hands-on with AuthleteTatsuo Kudo
 
英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要Tatsuo Kudo
 
オープン API と Authlete のソリューション
オープン API と Authlete のソリューションオープン API と Authlete のソリューション
オープン API と Authlete のソリューションTatsuo Kudo
 
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューションOAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューションTatsuo Kudo
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...Tatsuo Kudo
 
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019Tatsuo Kudo
 
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...Tatsuo Kudo
 
Japan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOIJapan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOITatsuo Kudo
 
アイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからTatsuo Kudo
 
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawawsOAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawawsTatsuo Kudo
 
OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17Tatsuo Kudo
 
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #apiTatsuo Kudo
 

More from Tatsuo Kudo (20)

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
 
金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
 
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
 
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
 
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
 
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
 
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideAuthlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
 
Financial-grade API Hands-on with Authlete
Financial-grade API Hands-on with AuthleteFinancial-grade API Hands-on with Authlete
Financial-grade API Hands-on with Authlete
 
英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要
 
オープン API と Authlete のソリューション
オープン API と Authlete のソリューションオープン API と Authlete のソリューション
オープン API と Authlete のソリューション
 
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューションOAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
 
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
 
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
 
Japan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOIJapan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOI
 
アイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれから
 
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawawsOAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
 
OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17
 
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
 

Recently uploaded

Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionŁukasz Chruściel
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Prometix Pty Ltd
 
Seagate HDD Firmware Repair Tool Datasheet 2024
Seagate HDD Firmware Repair Tool Datasheet 2024Seagate HDD Firmware Repair Tool Datasheet 2024
Seagate HDD Firmware Repair Tool Datasheet 2024Dolphin Data Lab
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxJoão Esperancinha
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API ProjectsŁukasz Chruściel
 
Information Technology Project to Create a Business
Information Technology Project to Create a BusinessInformation Technology Project to Create a Business
Information Technology Project to Create a Businessmbowl010
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024Damian Radcliffe
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 

Recently uploaded (10)

Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
 
Seagate HDD Firmware Repair Tool Datasheet 2024
Seagate HDD Firmware Repair Tool Datasheet 2024Seagate HDD Firmware Repair Tool Datasheet 2024
Seagate HDD Firmware Repair Tool Datasheet 2024
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptx
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
 
Information Technology Project to Create a Business
Information Technology Project to Create a BusinessInformation Technology Project to Create a Business
Information Technology Project to Create a Business
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 

銀行APIのトレンド #fapisum

  • 1. Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018 API
  • 3. • https://www.linkedin.com/in/tatsuokudo – (1998-2008) – (2008-2018) – OpenID (2013-2014) – NRI (2014-2018) – Authlete (2018-) • VP of Solution Strategy 3
  • 4. API • API – e.g. – “Bank as a Service” – 2 API Banking 371 Source: https://www.programmableweb.com/category/banking 4
  • 5. API “OAuth 2.0” • API 5 “OAuth 2.0” Source: https://www.slideshare.net/tkudo/api-meetup-oauth
  • 6. API • • • 6 • Open Banking UK • Berlin Group NextGenPSD2 • Polish Bank Association • Slovak Banking Association • (France Stet)
  • 7. Open Banking UK • FAPI Part 2 • Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid Flow • Request Object • Mutual TLS 7 Source: Open Banking Security Profile - Implementer's Draft v1.1.2 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
  • 8. Open Banking UK 1. PSU (Payment Service User) AISP (Account Information Service Provider) 2. AISP ASPSP (Account Servicing Payment Service Provider) POST /account-resource (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP “AccountRequestId” 4. AISP AccountRequestId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP AISP 7. AISP ASPSP Mutual TLS 8. AISP GET /accounts Mutual TLS 8 Source: Account and Transaction API - v2.0.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+ Transaction+API+Specification+-+v2.0.0
  • 9. Open Banking UK 1. PSU PISP (Payment Initiation Service Provider) 2. PISP ASPSP POST /payments (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP ”PaymentId” 4. PISP PaymentId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP PISP 7. PISP ASPSP Mutual TLS 8. PISP POST /payment-submissions Mutual TLS 9. Optionally retrieve the status of a payment setup or submission 9 Source: Payment Initiation API - v1.1.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
  • 10. OIDC Hybrid Flow (1) • Slovak Banking API Standard – OB UK PISP ID (orderId) ASPSP Request Object 10 Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
  • 11. OIDC Hybrid Flow (2) • MKB – Open Banking UK Security Profile – OB UK PISP ID (openbanking_intent_id) ASPSP Request Object 11 Source: Account and Transaction API Specification https://portal.sandbox.mkb.hu/api-documentation/account-info
  • 12. Berlin Group “NextGenPSD2” • 4 – Redirect SCA Approach – OAuth2 SCA Approach – Decoupled SCA Approach – Embedded SCA Approach 12
  • 13. Berlin Group “NextGenPSD2” Redirect / OAuth2 SCA Approach • PSU ASPSP PSU • “OAuth2” Redirect – Authorization Server Metadata 13 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 14. Berlin Group “NextGenPSD2” Decoupled SCA Approach • ASPSP PISP/AISP PSU 14 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 15. Berlin Group “NextGenPSD2” Embedded SCA Approach • ASPSP PISP/AISP PSU 15 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 16. Berlin Group “NextGenPSD2” OAuth 2.0 • “Optional Usage” • PISP/AISP “pre-step” OAuth SCA Approach ASPSP API (XS2A interface) 16
  • 17. Decoupled • “PolishAPI” • NextGenPSD2 decoupled – OAuth 2.0 – TPP (Third-Party Provider) EAT (External Authorization Tool) ASPSP 17 Source: PolishAPI Verison 2.0 https://docs.polishapi.org/files/ver2.0/PolishAPI-spec-v2.0-EN.pdf
  • 18. Embedded • “STET” • Resource Owner Password Grant – ASPSP PSU Strong Customer Authentication 18 Source: PolishAPI Verison 2.0 https://www.stet.eu/assets/files/PSD2/1_3/API_DSP2_STET_V1_3.pdf
  • 19. • TPP ASPSP “intent” POST → intent id Request Object Open Banking UK • TPP ASPSP TLS • “Embedded” vs “Decoupled” 19