Más contenido relacionado La actualidad más candente (20) Similar a apidays LIVE Hong Kong - Open Banking, Yin and Yang in Hong Kong by Simon Redfern (20) apidays LIVE Hong Kong - Open Banking, Yin and Yang in Hong Kong by Simon Redfern1. Open Bank Project
- and the Yin and Yang of Open Banking!
© TESOBE 2020
API Days Hong Kong, 2020
3. 3
Open Banking - Origins
● Open APIs for every bank
● Open Standards
● Open Source
● Open Data + Transparency
● Open Innovation
ITEA2, Berlin, Feb 2010
© TESOBE 2020
Open Bank Project
1995 2000 2010 2020
All banks should have
an API
4. 4
1995
Why do we need a
Website?
2000 2010 2020
Of course we have a
Website
All banks should have
an API
Open Banking - Origins
● Open APIs for every bank
● Open Standards
● Open Source
● Open Data + Transparency
● Open Innovation
In the future, every bank will have an API
© TESOBE 2020
Open Bank Project
5. 5
1995
Why do we need a
Website?
2000 2010 2020
Of course we have a
Website
OK!
All banks should have
an API
Open Banking - Origins
● Open APIs for every bank
● Open Standards
● Open Source
● Open Data + Transparency
● Open Innovation
In the future, every bank will have an API
© TESOBE 2020
Open Bank Project
6. Open Banking - Why Now
6
Non-Banking Competitors
¾ millennials would be more excited about an offering
from new entrants than from their own bank
Changing
Customer Behavior
71% of millennials would rather go to the dentists
than listen to what banks are saying
Ageing IT systems
IT systems are perceived as
the #1 barrier to innovation
Regulation
In or Coming to a country near you!
Source: The Millennial Disruption Index, Scratch 2014 / Innovation in Retail Banking 2013, Efma-Infosys
Current “workarounds” do not work anymore
© TESOBE 2020
7. Open Bank Project solution
The Open Bank Project is an open API solution
for banks and a developer community around
11K+
Global developer
community
Deployed for 40+
bank customers
350+ Banking APIs,
Middleware, Apps
and Tools
7© TESOBE 2020
8. Zhou Dunyi (周敦頤) 1017–1073)
8© TESOBE 2020https://en.wikipedia.org/wiki/Zhou_Dunyi
Lived during the Song
Dynasty
(First country in world to issue banknotes
nationally)
Cool philosopher
dude
9. Taijitu ("supreme ultimate diagram")
9© TESOBE 2020Joseph A. Adler, Reconstructing the Confucian Dao: Zhu Xi's Appropriation of Zhou Dunyi, SUNY Press, 2014
The Supreme Polarity in activity
generates yang; yet at the limit of
activity it is still. In stillness it
generates yin; yet at the limit of
stillness it is also active. Activity
and stillness alternate; each is the
basis of the other.
Zhou Dunyi
11. Bagua - Zhao Huiqian (趙撝謙) (1370s).
11© TESOBE 2020https://en.wikipedia.org/wiki/Bagua
14. Zhang Sanfeng (張三丰) 1247–????)
14© TESOBE 2020https://en.wikipedia.org/wiki/Zhou_Dunyi
Legendary Taoist who is said to
have invented Taijiquan and was
purported to have achieved
immortality.
Cool legendary
immortal dude
15. Embrace/Carry Tiger, Return to Mountain
15© TESOBE 2020
The tiger can be seen as both yang and
yin. It is both hard and soft, light and
dark, moving and still, fire and water,
ferocious and gentle.
We must embrace this aspect of
ourselves, all aspects, and demonise no
part of ourselves. Then we truly return
to Mountain, stability, to our own
balance.
So Banks need to embrace both the
Yin and the Yang. The traditional and
the new, as both are intertwined and
dependent on one another.
By embracing these parts, they will
find their balance.
That balance will look different for
each bank. The important thing is
finding YOUR balance based on
YOUR business needs, without
emulating anyone else's.
16. Pushing hands (Tuishou)
16© TESOBE 2020https://en.wikipedia.org/wiki/Pushing_hands
API Sandboxes are
test environments
that allow banks to
test their ability to
handle fintech
innovation.
Bank
Fintech
Push hands allows us to
test our ability to
absorb force from an
opponent and project it
back into them.
In doing so, they also
grapple with fintechs,
starting valuable exchanges
and discovering worthy
partners for the future.
Opportunity to test out
a partner safely.
17. 17
Bank Legacy Systems
Legacy Banking
Connectors
API Gateway
Capabilities
Pre-built
Catalog
Sandbox
Env
Regional
Specific APIs
Physical Virtual Private Cloud Public Cloud
End-to-End
Dev Experience
OBP connects to your legacy systems and abstracts away complexity
© TESOBE 2020
Enterprise tech to go into battle!
20. Data and API Realms
20
● Standard Entities
● Custom Attributes (Key - Value pairs)
● Dynamic Entities
● Dynamic Endpoints
© TESOBE 2020
21. Standard Entities
21
● Commonly occurring entities including:
○ Accounts & Metadata
○ Transactions & Metadata
○ Customers & KYC
○ Products
○ Transaction Requests & SCA.
○ also, Roles, Users, Consents (OBP, Berlin Group, UK) etc.
● Out of the box - Every OBP instance starts with these.
● OBP APIs and also Berlin Group, UK, Australia, Mexico….
● Have variations (e.g. thin account list, firehose account list)
● Local persistence to database and/or via Star Connector & Method Routing
© TESOBE 2020
27. Developer tools & SDKs
1. Sandbox
27
Mile-stone
© TESOBE 2020
(Not just via
Swagger)
28. Authentication & Authorisation
28
● Direct Login (Trusted environments / Hackathons)
● OAuth 1.0a (Twitter)
● OAuth2 + OpenID Connect (External e.g. Google / Yahoo)
● OAuth2 + OpenID Connect (Local e.g. Hydra)
● Gateway Login (External Gateway in front)
● Mutual TLS
● JWT
● eIDAS Certificates
● Consents (OBP, Berlin Group, UK)
© TESOBE 2020
● Views & Account Access
● Roles & Entitlements
29. Rate Limiting - Step back to repel monkey!
29© TESOBE 2020https://en.wikipedia.org/wiki/Pushing_hands
You should never allow the monkey to
circle behind you. The monkey
approaches with its multiple ability to
attack in many directions.
It’s swift and presents multiple
simultaneous threats.
Don’t let the disruption catch you off
guard. Be aware that you are being
attacked from multiple sides.
Take a step back.
Get a full view of what is happening.
Don’t leave yourself open on any
side.
30. Performance
30© TESOBE 2020
JMeter Load Tests:
● virtual app performing a series of
standard API calls
● simulating 1000 concurrent users
● single-host VM
● response time avg. ~50ms
32. Custom Attributes
32
● Add bank specific information to Standard Entities:
● Typed, key-value pairs with documentation.
● Available for:
○ Customers
○ Accounts
○ Transactions
○ Products
● Have fine grained access control (via views)
● Listed in JSON response with main entities
© TESOBE 2020
33. Dynamic Entities
33
● Define any data entity you want
● Realtime
● Use a simple JSON object to define the data model
● Fields are typed
● Reference Fields (including multiple fields) to other Dynamic or Static Entities.
● Automatically creates
○ Create, Read, Update and Delete endpoints with guards.
○ Documentation.
○ Roles for each endpoint.
○ Persists to database
● Can also connect to backend datasource via Star Connector & Method Routing
© TESOBE 2020
34. Dynamic Endpoints
34
● Create endpoints from Swagger / Open API specifications
● Realtime - Immediately available in API Explorer
● Can pass through to backend service or return mocked example data
● Automatically creates documentation.
● Automatically creates Roles for each endpoint.
● No persistence to OBP database
© TESOBE 2020
38. 38
Default Connector
● Read and write to the OBP database
● Any RDBMS
● All access is via an ORM using JDBC
● Automatic data migrations
● SQL Views provide DB interface if required
● Support for Postgres, MS SQL, MySQL, Oracle etc.
© TESOBE 2020
By default, all internal OBP functions use the
default “mapped” connector.
39. 39
Multiple Connectors
● http REST
● Akka
● Kafka
● Stored Procedure
● ORM / RDBMS
● Other
● & Build your own
© TESOBE 2020
But OBP Connectors exist for multiple
protocols. App doesn’t see any difference.
40. 40
Star Connector & Method Routing
● Adapters are language neutral (Python, Go, Javascript, Java, Scala)
● Live documentation of message definitions on “Message Docs”
endpoints
● Message Docs endpoints detail Outbound and Inbound messages
with payload plus Authentication and Call Context from OBP
● Real-time re-routing of message flow via “Method Routing”
endpoints
© TESOBE 2020
And we can re-route OBP functions over
different Connectors and Adapters in real-time.
41. 41
Node RED Adapter
● OBP Contrib provides OBP Nodes and
helpers for Node Red.
● Live Outbound & Inbound Message
Definitions available in Node-RED for each
Function
© TESOBE 2020
One possible Adapter
technology is Node RED.
With OBP Method Routing we
can re-route OBP methods to
different nodes on Node-RED
servers.
For more info see: https://vimeo.com/452236076
42. 42
Node OBP Contrib
● Live refresh of Outbound and Inbound JSON
structures via OBP Message Docs endpoints.
● Adapter entry points for each OBP method
● Direct responses
● Custom responses
● Mocked responses
● OBP Dynamic Entities
© TESOBE 2020
Node OBP Contrib provides:
For more info see: https://github.com/OpenBankProject/node-red-contrib-obp
50. Suitability for Omni Channel Hub
50
● API everything!
● Multiple Authentication methods (built in, external, SSO, federated)
● Rich authorisation framework
● Flexible Consents
● Pragmatic Data model
● Dynamic Attributes
● Dynamic Entities
● Dynamic Endpoints
● Method Routing
● Security
● Tools
● Performance
● Ecosystem
© TESOBE 2020
51. 51
1995
Why do we need a
Website?
2000 2010 2020
Of course we have a
Website
OK!
All banks should have
an API
Open Banking - Origins
● Open APIs for every bank
● Open Standards
● Open Source
● Open Data + Transparency
● Open Innovation
● Banks gain faster time-to-market and save money
● Developers have easy data access
● Customers enjoy improved experience
In the future, every bank will have an API
© TESOBE 2020
● Paypal
● Altavista ● Wikipedia
● Youtube
● Open Bank Project
52. Some of the largest financial institutions rely on the Open Bank Project
They trust us
52
Our clients include leading and global tier one banks.
Our technology has been used in more than 60 client engagements.
© TESOBE 2020