SlideShare a Scribd company logo

FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018

FinTechLabs.io
FinTechLabs.io

The document discusses FAPI/Open Banking conformance testing. It provides an overview of the conformance suite, including what it tests and its design goals. It then describes the test process for banks, demonstrates the conformance suite, and provides tips for successful FAPI deployment, including common problems banks faced in the UK and advice for running conformance testing early in development.

1 of 18
1
FAPI/Open Banking Conformance Joseph Heenan, CTO July 2018
2
What we’re going to cover today •FAPI/Open Banking Conformance suite overview •Conformance suite demo •"Tips and Tricks" for successful conformance 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 2
3
Who am I? • Joseph Heenan, CTO at fintechlabs & Senior Architect at Authlete • Software engineer & architect with over 25 years’ experience • Active contributor to the OpenID Connect FAPI specifications • Team lead/product owner on the Open Banking Conformance Suite • Assisted many of the largest UK (CMA9) banks with achieving compliance to the UK OpenBanking specification 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 3
4
Conformance Suite Overview • Tests compliance to: • OpenBanking UK Security Profile • FAPI (Financial-Grade API profile for OpenID connect) • HEART (Health-related profile OpenID connect) • As part of above, also testssome (but not all) OpenID Connect & OAuth2 • Tests are applicable to: • IdP (identity provider – ie. Banks / ASPSP) • RP (relying party – ie. Fintechs / TPP / AISP / PISP) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 4
5
Why would you use conformance suite? • Reduced support costs • If your implementation is interoperable it will “just work” for third parties • Evidence of compliance to show government regulators • Evidence of compliance may reduce insurance costs, chances of security breach, etc • It will be embarrassing if other people test your server & you fail • Anyone can test a server 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 5
6
Conformance Suite Design Goals • Multi-party protocol testing • Structured configuration • Structured logging and results • Deterministic, modular execution units • Protect sensitive configuration and results data • Transparent process • Usable as part of CI 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 6
7
Overview of test process for banks • Prepare test deployment of your server • Must be accessible to the conformance suite • Create keys & TLS certificates • Register necessary clients to authorization server • Create conformance suite configuration using frontend • Read the instructions if you are not sure how • Create “test plan” applicable to your configuration • Start test plan • Start each test module within the plan, one at a time • Login to authorization server when instructed • View results and confirm “PASS”. 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 7
8
Conformance suite demo (video) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 8
9
Tips & tricks for successful FAPI deployment 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 9
10
Before you even start • Is OpenId Connect/FAPI part of your core competency? • Is it part of your value add? For fintechs, the answer is usually NO! Don’t reinvent the wheel – use existing OpenID Connect client libraries 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 10
11
Conformance testing is not an afterthought • Run conformance testing early and often • Conformance test suite will help you • Be secure • Be inter-operable • Conformance testing is the easy route to interoperability • Banks generally return confusing or unhelpful error messages • Banks often tolerate incorrect implementations – but not consistently • Conformance testing can be part of your Continuous Integration 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 11
12
Problems banks had in the UK (1) • Using software that was not OpenID Connect certified • Required a lot of last minute changes from their vendors • They missed government mandated “go live” date • Large number of certified vendors available – use one! 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 12
13
Problems banks had in the UK (2) • Not running conformance suite till development complete • Required a lot of last minute changes from their vendors and their own software teams • They missed government mandated “go live” date • Run conformance suite often during development! • It can be deployed locally & integrated with your continuous integration system 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 13
14
Problems banks had in the UK (3) • Staffing teams with generic engineers & testers • OAuth2, OpenID Connect & FAPI have some complexity • Dependency on underlying RFCs – JWT, HTTP/1.1, TLS, etc. • Some domain knowledge is essential • Without knowledge, profile compliance and conformance testing will be slow • Hire some experts for both development & test teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 14
15
Problems banks had in the UK (4) • Poor security architectures • Some banks designed their architectures,then tried to retrofit FAPI • If you change your implementation to not be standardscompliant, you will fail conformance testing! • Example: trying to change token_endpoint in .well-known/openid- configuration to an array • Hire some experts for architecture teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 15
16
Problems banks had in the UK (5) • Not reading instructions • Surprising number of banks simply ignore the single page documentation • RTFM! • It’ll be much faster - honest 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 16
17
Problems banks had in the UK (6) • Not designing for interoperability • Security teams in many banks have a “send exactly what we say or your request will fail” approach • This isn’t compatible with open standards • E.g. in HTTP/1.1, charset is case insensitive, banks must accept both: • Accept: application/json; charset=utf-8 • Accept: application/json; charset=UTF-8 • Requires a mindset change in the security team • Low friction interoperable APIs and ecosystemsare important 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 17
18
The End • Source code etc publicly available on gitlab: https://gitlab.com/fintechlabs/fapi-conformance-suite/ • Production deployment: http://fintechlabs-fapi-conformance-suite.fintechlabs.io/ (Login with any google account) • Open Source - contributions welcome, please ask if you’re like to help 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 18
FAPI/Open Banking Conformance Joseph Heenan, CTO July 2018
What we’re going to cover today •FAPI/Open Banking Conformance suite overview •Conformance suite demo •"Tips and Tricks" for successful conformance 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 2
Who am I? • Joseph Heenan, CTO at fintechlabs & Senior Architect at Authlete • Software engineer & architect with over 25 years’ experience • Active contributor to the OpenID Connect FAPI specifications • Team lead/product owner on the Open Banking Conformance Suite • Assisted many of the largest UK (CMA9) banks with achieving compliance to the UK OpenBanking specification 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 3
Conformance Suite Overview • Tests compliance to: • OpenBanking UK Security Profile • FAPI (Financial-Grade API profile for OpenID connect) • HEART (Health-related profile OpenID connect) • As part of above, also testssome (but not all) OpenID Connect & OAuth2 • Tests are applicable to: • IdP (identity provider – ie. Banks / ASPSP) • RP (relying party – ie. Fintechs / TPP / AISP / PISP) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 4
Why would you use conformance suite? • Reduced support costs • If your implementation is interoperable it will “just work” for third parties • Evidence of compliance to show government regulators • Evidence of compliance may reduce insurance costs, chances of security breach, etc • It will be embarrassing if other people test your server & you fail • Anyone can test a server 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 5
Conformance Suite Design Goals • Multi-party protocol testing • Structured configuration • Structured logging and results • Deterministic, modular execution units • Protect sensitive configuration and results data • Transparent process • Usable as part of CI 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 6
Overview of test process for banks • Prepare test deployment of your server • Must be accessible to the conformance suite • Create keys & TLS certificates • Register necessary clients to authorization server • Create conformance suite configuration using frontend • Read the instructions if you are not sure how • Create “test plan” applicable to your configuration • Start test plan • Start each test module within the plan, one at a time • Login to authorization server when instructed • View results and confirm “PASS”. 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 7
Conformance suite demo (video) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 8
Tips & tricks for successful FAPI deployment 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 9
Before you even start • Is OpenId Connect/FAPI part of your core competency? • Is it part of your value add? For fintechs, the answer is usually NO! Don’t reinvent the wheel – use existing OpenID Connect client libraries 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 10
Conformance testing is not an afterthought • Run conformance testing early and often • Conformance test suite will help you • Be secure • Be inter-operable • Conformance testing is the easy route to interoperability • Banks generally return confusing or unhelpful error messages • Banks often tolerate incorrect implementations – but not consistently • Conformance testing can be part of your Continuous Integration 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 11
Problems banks had in the UK (1) • Using software that was not OpenID Connect certified • Required a lot of last minute changes from their vendors • They missed government mandated “go live” date • Large number of certified vendors available – use one! 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 12
Problems banks had in the UK (2) • Not running conformance suite till development complete • Required a lot of last minute changes from their vendors and their own software teams • They missed government mandated “go live” date • Run conformance suite often during development! • It can be deployed locally & integrated with your continuous integration system 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 13
Problems banks had in the UK (3) • Staffing teams with generic engineers & testers • OAuth2, OpenID Connect & FAPI have some complexity • Dependency on underlying RFCs – JWT, HTTP/1.1, TLS, etc. • Some domain knowledge is essential • Without knowledge, profile compliance and conformance testing will be slow • Hire some experts for both development & test teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 14
Problems banks had in the UK (4) • Poor security architectures • Some banks designed their architectures,then tried to retrofit FAPI • If you change your implementation to not be standardscompliant, you will fail conformance testing! • Example: trying to change token_endpoint in .well-known/openid- configuration to an array • Hire some experts for architecture teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 15
Problems banks had in the UK (5) • Not reading instructions • Surprising number of banks simply ignore the single page documentation • RTFM! • It’ll be much faster - honest 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 16
Problems banks had in the UK (6) • Not designing for interoperability • Security teams in many banks have a “send exactly what we say or your request will fail” approach • This isn’t compatible with open standards • E.g. in HTTP/1.1, charset is case insensitive, banks must accept both: • Accept: application/json; charset=utf-8 • Accept: application/json; charset=UTF-8 • Requires a mindset change in the security team • Low friction interoperable APIs and ecosystemsare important 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 17
The End • Source code etc publicly available on gitlab: https://gitlab.com/fintechlabs/fapi-conformance-suite/ • Production deployment: http://fintechlabs-fapi-conformance-suite.fintechlabs.io/ (Login with any google account) • Open Source - contributions welcome, please ask if you’re like to help 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 18
Ad

Recommended

Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
FinTechLabs.io
 
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
FinTechLabs.io
 
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
FinTechLabs.io
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OpenIDFoundation
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
MikeLeszcz
 
InvestLab Product Overview
InvestLab Product OverviewInvestLab Product Overview
InvestLab Product Overview
Miguel Perez-Lafaurie
 
銀行APIのトレンド #fapisum
銀行APIのトレンド #fapisum銀行APIのトレンド #fapisum
銀行APIのトレンド #fapisum
Tatsuo Kudo
 
Fintech Belgium - Meetup on Compliance / KYC - Willem Lambrechts - Drebbel Te...
Fintech Belgium - Meetup on Compliance / KYC - Willem Lambrechts - Drebbel Te...Fintech Belgium - Meetup on Compliance / KYC - Willem Lambrechts - Drebbel Te...
Fintech Belgium - Meetup on Compliance / KYC - Willem Lambrechts - Drebbel Te...
FinTech Belgium
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
R3
 
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
WSO2
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIs
Tatsuo Kudo
 
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT DataDevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
R3
 
What's New With WSO2 Open Banking
What's New With WSO2 Open BankingWhat's New With WSO2 Open Banking
What's New With WSO2 Open Banking
WSO2
 
Invansys Technologies
Invansys TechnologiesInvansys Technologies
Invansys Technologies
tarungupta19
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
WSO2
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OpenIDFoundation
 
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
WSO2
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
Iosif Itkin
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OpenIDFoundation
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
Bjorn Hjelm
 
Getting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 ComplianceGetting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 Compliance
WSO2
 
Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition
Finologee, Luxembourg
 
Sparebanken
SparebankenSparebanken
Sparebanken
Oslo Business Region
 
Encap security
Encap security Encap security
Encap security
Oslo Business Region
 
APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可
Tatsuo Kudo
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
IBM UrbanCode Products
 
Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016
Telco Sourcing Advisors, LLC
 
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
RuleML
 
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 159 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
Open API Initiative (OAI)
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'
WHSZachJones
 

More Related Content

What's hot (17)

BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
R3
 
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
WSO2
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIs
Tatsuo Kudo
 
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT DataDevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
R3
 
What's New With WSO2 Open Banking
What's New With WSO2 Open BankingWhat's New With WSO2 Open Banking
What's New With WSO2 Open Banking
WSO2
 
Invansys Technologies
Invansys TechnologiesInvansys Technologies
Invansys Technologies
tarungupta19
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
WSO2
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OpenIDFoundation
 
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
WSO2
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
Iosif Itkin
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OpenIDFoundation
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
Bjorn Hjelm
 
Getting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 ComplianceGetting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 Compliance
WSO2
 
Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition
Finologee, Luxembourg
 
Sparebanken
SparebankenSparebanken
Sparebanken
Oslo Business Region
 
Encap security
Encap security Encap security
Encap security
Oslo Business Region
 
APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可
Tatsuo Kudo
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
R3
 
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
WSO2
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIs
Tatsuo Kudo
 
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT DataDevDay: Managing a Distributed Network on a Common Infra, NTT Data
DevDay: Managing a Distributed Network on a Common Infra, NTT Data
R3
 
What's New With WSO2 Open Banking
What's New With WSO2 Open BankingWhat's New With WSO2 Open Banking
What's New With WSO2 Open Banking
WSO2
 
Invansys Technologies
Invansys TechnologiesInvansys Technologies
Invansys Technologies
tarungupta19
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
WSO2
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OpenIDFoundation
 
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
[WSO2 Integration Summit Nairobi 2019] Case Study - Telkom Kenya
WSO2
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
Iosif Itkin
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OpenIDFoundation
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
Bjorn Hjelm
 
Getting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 ComplianceGetting your API Management Strategy on Point for PSD2 Compliance
Getting your API Management Strategy on Point for PSD2 Compliance
WSO2
 
Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition Finologee's PSD2 Value Proposition
Finologee's PSD2 Value Proposition
Finologee, Luxembourg
 
Sparebanken
SparebankenSparebanken
Sparebanken
Oslo Business Region
 
Encap security
Encap security Encap security
Encap security
Oslo Business Region
 
APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可
Tatsuo Kudo
 

Similar to FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018 (20)

Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
IBM UrbanCode Products
 
Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016
Telco Sourcing Advisors, LLC
 
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
RuleML
 
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 159 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
Open API Initiative (OAI)
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'
WHSZachJones
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit
 
Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOps
Leland Newsom CSP-SM, SPC5, SDP
 
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value StreamsMaximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
DevOps.com
 
State street edmc swaps pilot
State street edmc swaps pilotState street edmc swaps pilot
State street edmc swaps pilot
Marty Loughlin
 
The Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardThe Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On Board
KeyedIn Projects
 
Open API Initiative: Six months and counting
Open API Initiative: Six months and countingOpen API Initiative: Six months and counting
Open API Initiative: Six months and counting
Open API Initiative (OAI)
 
Tanu_Gupta_ETL_Tester
Tanu_Gupta_ETL_TesterTanu_Gupta_ETL_Tester
Tanu_Gupta_ETL_Tester
tanu gupta
 
JDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceJDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of Excellence
Black Duck by Synopsys
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
Worksoft
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
XBOSoft
 
Metrics to Power DevOps
Metrics to Power DevOps Metrics to Power DevOps
Metrics to Power DevOps
CollabNet
 
How to overcome challenges in it system evolution
How to overcome challenges in it system evolutionHow to overcome challenges in it system evolution
How to overcome challenges in it system evolution
Grupa Unity
 
How Customers are Building and Using their Own Connectors
How Customers are Building and Using their Own ConnectorsHow Customers are Building and Using their Own Connectors
How Customers are Building and Using their Own Connectors
MuleSoft
 
5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control
Iatric Systems
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
IBM UrbanCode Products
 
Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016Initiating a Successful Project for VoIP in 2016
Initiating a Successful Project for VoIP in 2016
Telco Sourcing Advisors, LLC
 
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
Industry@RuleML2015: Automated Decision Support for Financial Regulatory/Pol...
RuleML
 
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 159 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
Open API Initiative (OAI)
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'
WHSZachJones
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit
 
Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOps
Leland Newsom CSP-SM, SPC5, SDP
 
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value StreamsMaximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
DevOps.com
 
State street edmc swaps pilot
State street edmc swaps pilotState street edmc swaps pilot
State street edmc swaps pilot
Marty Loughlin
 
The Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On BoardThe Empowered PMO: How to Get Your PMO On Board
The Empowered PMO: How to Get Your PMO On Board
KeyedIn Projects
 
Open API Initiative: Six months and counting
Open API Initiative: Six months and countingOpen API Initiative: Six months and counting
Open API Initiative: Six months and counting
Open API Initiative (OAI)
 
Tanu_Gupta_ETL_Tester
Tanu_Gupta_ETL_TesterTanu_Gupta_ETL_Tester
Tanu_Gupta_ETL_Tester
tanu gupta
 
JDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceJDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of Excellence
Black Duck by Synopsys
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
Worksoft
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
XBOSoft
 
Metrics to Power DevOps
Metrics to Power DevOps Metrics to Power DevOps
Metrics to Power DevOps
CollabNet
 
How to overcome challenges in it system evolution
How to overcome challenges in it system evolutionHow to overcome challenges in it system evolution
How to overcome challenges in it system evolution
Grupa Unity
 
How Customers are Building and Using their Own Connectors
How Customers are Building and Using their Own ConnectorsHow Customers are Building and Using their Own Connectors
How Customers are Building and Using their Own Connectors
MuleSoft
 
5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control
Iatric Systems
 
Ad

More from FinTechLabs.io (10)

Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
FinTechLabs.io
 
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FinTechLabs.io
 
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
FinTechLabs.io
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
FinTechLabs.io
 
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
FinTechLabs.io
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
FinTechLabs.io
 
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FinTechLabs.io
 
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
FinTechLabs.io
 
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
FinTechLabs.io
 
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
FinTechLabs.io
 
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
Open Banking: The View from a Japanese Startup (Authlete) #fapisum - Japan/UK...
FinTechLabs.io
 
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FAPI / Open Banking Test Suite #fapisum - Japan/UK Open Banking and APIs Summ...
FinTechLabs.io
 
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
Trust Frameworks and Open Banking #fapisum - Japan/UK Open Banking and APIs S...
FinTechLabs.io
 
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
Issues towards Open Banking ecosystem and how OpenID Foundation tackles them ...
FinTechLabs.io
 
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
Banking API Trends in Japan #fapisum - Japan/UK Open Banking and APIs Summit ...
FinTechLabs.io
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
FinTechLabs.io
 
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FAPI and Beyond: From an specification author's point of view #fapisum - Japa...
FinTechLabs.io
 
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
Basics: OAuth and OpenID Connect #fapisum - Japan/UK Open Banking and APIs Su...
FinTechLabs.io
 
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
Trends in Banking APIs #fapisum - Japan/UK Open Banking and APIs Summit 2018 ...
FinTechLabs.io
 
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
Open Banking for Developers #fapisum - Japan/UK Open Banking and APIs Summit ...
FinTechLabs.io
 
Ad

Recently uploaded (17)

Networking_Essentials_version_3.0_-_Module_7.pptx
Networking_Essentials_version_3.0_-_Module_7.pptxNetworking_Essentials_version_3.0_-_Module_7.pptx
Networking_Essentials_version_3.0_-_Module_7.pptx
elestirmen
 
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdfEssential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
CartCoders
 
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your BusinessCloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
DanaJohnson510230
 
Presentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIKPresentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIK
SELMA SALTIK
 
How to Make Money as a Cam Model – Tips, Tools & Real Talk
How to Make Money as a Cam Model – Tips, Tools & Real TalkHow to Make Money as a Cam Model – Tips, Tools & Real Talk
How to Make Money as a Cam Model – Tips, Tools & Real Talk
Cam Sites Expert
 
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
Taqyea
 
HPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptxHPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptx
naziaahmadnm
 
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AIAI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
skdav34
 
basic to advance network security concepts
basic to advance network security conceptsbasic to advance network security concepts
basic to advance network security concepts
amansinght675
 
all Practical Project LAST summary note.docx
all Practical Project LAST summary note.docxall Practical Project LAST summary note.docx
all Practical Project LAST summary note.docx
seidjemal94
 
Frontier Unlimited Internet Setup Step-by-Step Guide.pdf
Frontier Unlimited Internet Setup Step-by-Step Guide.pdfFrontier Unlimited Internet Setup Step-by-Step Guide.pdf
Frontier Unlimited Internet Setup Step-by-Step Guide.pdf
Internet Bundle Now
 
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
Reversed Out Creative
 
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptxTransport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
ssuser80a7e81
 
OSI_Security_Architecture Computer Science.pptx
OSI_Security_Architecture Computer Science.pptxOSI_Security_Architecture Computer Science.pptx
OSI_Security_Architecture Computer Science.pptx
faizanaseem873
 
Networking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspectsNetworking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspects
amansinght675
 
10 Latest Technologies and Their Benefits to End.pptx
10 Latest Technologies and Their Benefits to End.pptx10 Latest Technologies and Their Benefits to End.pptx
10 Latest Technologies and Their Benefits to End.pptx
EphraimOOghodero
 
ARTIFICIAL INTELLIGENCE.pptx2565567765676
ARTIFICIAL INTELLIGENCE.pptx2565567765676ARTIFICIAL INTELLIGENCE.pptx2565567765676
ARTIFICIAL INTELLIGENCE.pptx2565567765676
areebaimtiazpmas
 
Networking_Essentials_version_3.0_-_Module_7.pptx
Networking_Essentials_version_3.0_-_Module_7.pptxNetworking_Essentials_version_3.0_-_Module_7.pptx
Networking_Essentials_version_3.0_-_Module_7.pptx
elestirmen
 
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdfEssential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
CartCoders
 
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your BusinessCloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
DanaJohnson510230
 
Presentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIKPresentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIK
SELMA SALTIK
 
How to Make Money as a Cam Model – Tips, Tools & Real Talk
How to Make Money as a Cam Model – Tips, Tools & Real TalkHow to Make Money as a Cam Model – Tips, Tools & Real Talk
How to Make Money as a Cam Model – Tips, Tools & Real Talk
Cam Sites Expert
 
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
Taqyea
 
HPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptxHPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptx
naziaahmadnm
 
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AIAI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
AI REPLACING HUMANS /FATHER OF AI/BIRTH OF AI
skdav34
 
basic to advance network security concepts
basic to advance network security conceptsbasic to advance network security concepts
basic to advance network security concepts
amansinght675
 
all Practical Project LAST summary note.docx
all Practical Project LAST summary note.docxall Practical Project LAST summary note.docx
all Practical Project LAST summary note.docx
seidjemal94
 
Frontier Unlimited Internet Setup Step-by-Step Guide.pdf
Frontier Unlimited Internet Setup Step-by-Step Guide.pdfFrontier Unlimited Internet Setup Step-by-Step Guide.pdf
Frontier Unlimited Internet Setup Step-by-Step Guide.pdf
Internet Bundle Now
 
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
Reversed Out Creative
 
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptxTransport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
ssuser80a7e81
 
OSI_Security_Architecture Computer Science.pptx
OSI_Security_Architecture Computer Science.pptxOSI_Security_Architecture Computer Science.pptx
OSI_Security_Architecture Computer Science.pptx
faizanaseem873
 
Networking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspectsNetworking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspects
amansinght675
 
10 Latest Technologies and Their Benefits to End.pptx
10 Latest Technologies and Their Benefits to End.pptx10 Latest Technologies and Their Benefits to End.pptx
10 Latest Technologies and Their Benefits to End.pptx
EphraimOOghodero
 
ARTIFICIAL INTELLIGENCE.pptx2565567765676
ARTIFICIAL INTELLIGENCE.pptx2565567765676ARTIFICIAL INTELLIGENCE.pptx2565567765676
ARTIFICIAL INTELLIGENCE.pptx2565567765676
areebaimtiazpmas
 

FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Summit 2018 - July 24, 2018

  • 1. FAPI/Open Banking Conformance Joseph Heenan, CTO July 2018
  • 2. What we’re going to cover today •FAPI/Open Banking Conformance suite overview •Conformance suite demo •"Tips and Tricks" for successful conformance 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 2
  • 3. Who am I? • Joseph Heenan, CTO at fintechlabs & Senior Architect at Authlete • Software engineer & architect with over 25 years’ experience • Active contributor to the OpenID Connect FAPI specifications • Team lead/product owner on the Open Banking Conformance Suite • Assisted many of the largest UK (CMA9) banks with achieving compliance to the UK OpenBanking specification 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 3
  • 4. Conformance Suite Overview • Tests compliance to: • OpenBanking UK Security Profile • FAPI (Financial-Grade API profile for OpenID connect) • HEART (Health-related profile OpenID connect) • As part of above, also testssome (but not all) OpenID Connect & OAuth2 • Tests are applicable to: • IdP (identity provider – ie. Banks / ASPSP) • RP (relying party – ie. Fintechs / TPP / AISP / PISP) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 4
  • 5. Why would you use conformance suite? • Reduced support costs • If your implementation is interoperable it will “just work” for third parties • Evidence of compliance to show government regulators • Evidence of compliance may reduce insurance costs, chances of security breach, etc • It will be embarrassing if other people test your server & you fail • Anyone can test a server 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 5
  • 6. Conformance Suite Design Goals • Multi-party protocol testing • Structured configuration • Structured logging and results • Deterministic, modular execution units • Protect sensitive configuration and results data • Transparent process • Usable as part of CI 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 6
  • 7. Overview of test process for banks • Prepare test deployment of your server • Must be accessible to the conformance suite • Create keys & TLS certificates • Register necessary clients to authorization server • Create conformance suite configuration using frontend • Read the instructions if you are not sure how • Create “test plan” applicable to your configuration • Start test plan • Start each test module within the plan, one at a time • Login to authorization server when instructed • View results and confirm “PASS”. 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 7
  • 8. Conformance suite demo (video) 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 8
  • 9. Tips & tricks for successful FAPI deployment 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 9
  • 10. Before you even start • Is OpenId Connect/FAPI part of your core competency? • Is it part of your value add? For fintechs, the answer is usually NO! Don’t reinvent the wheel – use existing OpenID Connect client libraries 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 10
  • 11. Conformance testing is not an afterthought • Run conformance testing early and often • Conformance test suite will help you • Be secure • Be inter-operable • Conformance testing is the easy route to interoperability • Banks generally return confusing or unhelpful error messages • Banks often tolerate incorrect implementations – but not consistently • Conformance testing can be part of your Continuous Integration 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 11
  • 12. Problems banks had in the UK (1) • Using software that was not OpenID Connect certified • Required a lot of last minute changes from their vendors • They missed government mandated “go live” date • Large number of certified vendors available – use one! 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 12
  • 13. Problems banks had in the UK (2) • Not running conformance suite till development complete • Required a lot of last minute changes from their vendors and their own software teams • They missed government mandated “go live” date • Run conformance suite often during development! • It can be deployed locally & integrated with your continuous integration system 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 13
  • 14. Problems banks had in the UK (3) • Staffing teams with generic engineers & testers • OAuth2, OpenID Connect & FAPI have some complexity • Dependency on underlying RFCs – JWT, HTTP/1.1, TLS, etc. • Some domain knowledge is essential • Without knowledge, profile compliance and conformance testing will be slow • Hire some experts for both development & test teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 14
  • 15. Problems banks had in the UK (4) • Poor security architectures • Some banks designed their architectures,then tried to retrofit FAPI • If you change your implementation to not be standardscompliant, you will fail conformance testing! • Example: trying to change token_endpoint in .well-known/openid- configuration to an array • Hire some experts for architecture teams • Many competentconsultants available, including fintechlabs 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 15
  • 16. Problems banks had in the UK (5) • Not reading instructions • Surprising number of banks simply ignore the single page documentation • RTFM! • It’ll be much faster - honest 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 16
  • 17. Problems banks had in the UK (6) • Not designing for interoperability • Security teams in many banks have a “send exactly what we say or your request will fail” approach • This isn’t compatible with open standards • E.g. in HTTP/1.1, charset is case insensitive, banks must accept both: • Accept: application/json; charset=utf-8 • Accept: application/json; charset=UTF-8 • Requires a mindset change in the security team • Low friction interoperable APIs and ecosystemsare important 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 17
  • 18. The End • Source code etc publicly available on gitlab: https://gitlab.com/fintechlabs/fapi-conformance-suite/ • Production deployment: http://fintechlabs-fapi-conformance-suite.fintechlabs.io/ (Login with any google account) • Open Source - contributions welcome, please ask if you’re like to help 24th July 2018 Joseph Heenan, CTO, fintechlabs.io 18