Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

UK Open Banking / Open ID Foundation Workshop

177 visualizaciones

Publicado el

Strong Customer Authentication Flows

Publicado en: Empresariales
  • Inicia sesión para ver los comentarios

UK Open Banking / Open ID Foundation Workshop

  1. 1. Open ID Foundation / Open Banking Workshop 22 March 2018 Gary Farrow – Head of Architecture OB
  2. 2. 2 Objectives of P4 Evaluation Overview of Evaluation Item: P4 Authentication step aligned to PSD2 Evaluation Item Description • As of 13th January 2018, Open Banking will provide a single interface based on redirection to ASPSP applications for the purposes of SCA, in order to offer a secure ecosystem for all providers and users. Open Banking believe this solution is facilitating easy and secure access and is compliant with the regulatory requirements • However, OBIE recognises that in order to improve and enhance consumer experience and fully meet compliance with the Regulatory and Technical Standards on Strong Customer Authentication (RTS), other authentication options may need to be evaluated • The purpose of this Evaluation is to clarify a position on re- direction with input from regulators and explore and evaluate other authentication flows, such as Embedded, De-coupled Pass-through and any other RTS compliant technological methods that may emerge through the evaluation process for consideration of the development of standards to support them Objectives • The key objectives are to: – Assess alignment of existing OBIE solution with PSD2 / RTS and form OBIE position – Understand customer experience and subsequent impact on use cases of each authentication flow with respect to the adoption of Open Banking – Understand the implications of each authentication flow on existing and potential business propositions • In order to achieve this we will: – Asses each authentication flows against agreed evaluation framework – Review relevant regulation – Assess existing SCA technologies and market developments in the UK and in other markets • The output will be present a number of options for the Implementation Trustee to consider and form a recommendation on OBIE [Internal] [Open Banking Evaluation Working Group A (P3, P4 and P19)]
  3. 3. 3 • Three fundamental authentication flows will be considered – Redirection – Embedded – Decoupled • The flow often referred to as ‘Passthrough’ is identical to the ‘Embedded’ flow discussed in this document • Journeys will be considered across different applications types (notably web application and mobile app) Key Assumptions OBIE [Internal] [Open Banking Evaluation Working Group A (P3, P4 and P19)]
  4. 4. Consent Model Recap 1. Detailed Evaluation of Authentication Flows Step 1 Consent Step 2 Authentication Step 3 Account selection Step 4 Authorisation Comments • The Open Banking solution mandates a Consent model • The domain (TPP or ASPSP) in which these actions are undertaken may differ, • The order of the processing may change • The steps may be on more than one device. OBIE [Internal] [Open Banking Evaluation Working Group A (P3, P4 and P19)] The Consent Model
  5. 5. 5 Redirection 2. Setup Payment Initiation PSU 3. Authorise PI 1. Consent to Payment Initiation 4. Confirm Payment Initiation ASPSP PISP 1st and 2nd factors supplied to the ASPSP Key Concept PSU is redirected to a ASPSP application to perform Authorisation Authorisation is tokenised PSU redirected to the ASPSP Open ID Foundation Workshop
  6. 6. 6 Open ID Foundation Workshop Embedded 1. Consent to Payment Initiation 2. Request Payment Initiation PSU PISP 1st and 2nd SCA factors captured by the PISP and transmitted to the ASPSP 3. Authenticate PSU Key Concept PSU submits SCA factors to the PISP application which are then transmitted to the ASPSP
  7. 7. 7 Open ID Foundation Workshop Decoupled PISP PSU1. Consent to Payment Initiation 2. Request Payment Initiation 5. Authorise PI Device 1 Device 2 4. Message to PSU 3. Setup a pending Authorisation Key Concept PSU completes the authorisation step i. on a different device ii. by opening a new application