銀行APIのトレンド #fapisum

Tatsuo Kudo
Tatsuo KudoDigital Identity Professional at Authlete
Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018 API
• API API 2
• https://www.linkedin.com/in/tatsuokudo – (1998-2008) – (2008-2018) – OpenID (2013-2014) – NRI (2014-2018) – Authlete (2018-) • VP of Solution Strategy 3
API • API – e.g. – “Bank as a Service” – 2 API Banking 371 Source: https://www.programmableweb.com/category/banking 4
API “OAuth 2.0” • API 5 “OAuth 2.0” Source: https://www.slideshare.net/tkudo/api-meetup-oauth
API • • • 6 • Open Banking UK • Berlin Group NextGenPSD2 • Polish Bank Association • Slovak Banking Association • (France Stet)
Open Banking UK • FAPI Part 2 • Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid Flow • Request Object • Mutual TLS 7 Source: Open Banking Security Profile - Implementer's Draft v1.1.2 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
Open Banking UK 1. PSU (Payment Service User) AISP (Account Information Service Provider) 2. AISP ASPSP (Account Servicing Payment Service Provider) POST /account-resource (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP “AccountRequestId” 4. AISP AccountRequestId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP AISP 7. AISP ASPSP Mutual TLS 8. AISP GET /accounts Mutual TLS 8 Source: Account and Transaction API - v2.0.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+ Transaction+API+Specification+-+v2.0.0
Open Banking UK 1. PSU PISP (Payment Initiation Service Provider) 2. PISP ASPSP POST /payments (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP ”PaymentId” 4. PISP PaymentId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP PISP 7. PISP ASPSP Mutual TLS 8. PISP POST /payment-submissions Mutual TLS 9. Optionally retrieve the status of a payment setup or submission 9 Source: Payment Initiation API - v1.1.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
OIDC Hybrid Flow (1) • Slovak Banking API Standard – OB UK PISP ID (orderId) ASPSP Request Object 10 Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
OIDC Hybrid Flow (2) • MKB – Open Banking UK Security Profile – OB UK PISP ID (openbanking_intent_id) ASPSP Request Object 11 Source: Account and Transaction API Specification https://portal.sandbox.mkb.hu/api-documentation/account-info
Berlin Group “NextGenPSD2” • 4 – Redirect SCA Approach – OAuth2 SCA Approach – Decoupled SCA Approach – Embedded SCA Approach 12
Berlin Group “NextGenPSD2” Redirect / OAuth2 SCA Approach • PSU ASPSP PSU • “OAuth2” Redirect – Authorization Server Metadata 13 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” Decoupled SCA Approach • ASPSP PISP/AISP PSU 14 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” Embedded SCA Approach • ASPSP PISP/AISP PSU 15 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
Berlin Group “NextGenPSD2” OAuth 2.0 • “Optional Usage” • PISP/AISP “pre-step” OAuth SCA Approach ASPSP API (XS2A interface) 16
Decoupled • “PolishAPI” • NextGenPSD2 decoupled – OAuth 2.0 – TPP (Third-Party Provider) EAT (External Authorization Tool) ASPSP 17 Source: PolishAPI Verison 2.0 https://docs.polishapi.org/files/ver2.0/PolishAPI-spec-v2.0-EN.pdf
Embedded • “STET” • Resource Owner Password Grant – ASPSP PSU Strong Customer Authentication 18 Source: PolishAPI Verison 2.0 https://www.stet.eu/assets/files/PSD2/1_3/API_DSP2_STET_V1_3.pdf
• TPP ASPSP “intent” POST → intent id Request Object Open Banking UK • TPP ASPSP TLS • “Embedded” vs “Decoupled” 19
Thanks!
1 de 20

銀行APIのトレンド #fapisum

Descargar para leer sin conexión
Internet

Prepared for Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018

Tatsuo Kudo
Tatsuo KudoDigital Identity Professional at Authlete

Recomendados

APIエコノミー時代の認証・認可 por
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可Tatsuo Kudo
2.6K vistas53 diapositivas
Trends in Banking APIs por
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIsTatsuo Kudo
1.1K vistas20 diapositivas
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ... por
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Tatsuo Kudo
5.1K vistas35 diapositivas
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs... por
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...
Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...FinTechLabs.io
11.2K vistas15 diapositivas
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP... por
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...
The Great British API Client Bake Off #fapisum - Japan/UK Open Banking and AP...FinTechLabs.io
2.7K vistas17 diapositivas
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking... por
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...FinTechLabs.io
2.9K vistas17 diapositivas

Más contenido relacionado

La actualidad más candente

Comprehensive overview FAPI 1 and 2 por
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
380 vistas24 diapositivas
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum... por
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FinTechLabs.io
2.9K vistas18 diapositivas
Implementing Open Banking with ForgeRock por
Implementing Open Banking with ForgeRockImplementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRockForgeRock Identity Tech Talks
2.3K vistas28 diapositivas
Banking is Now More Open: Open Banking Update por
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateMikeLeszcz
2.7K vistas12 diapositivas
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update por
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
1.3K vistas16 diapositivas
Intelligent authentication Identity tech talks por
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talksLeonard Moustacchis
126 vistas9 diapositivas

La actualidad más candente(20)

Comprehensive overview FAPI 1 and 2 por Torsten Lodderstedt
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
Torsten Lodderstedt380 vistas
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum... por FinTechLabs.io
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FinTechLabs.io2.9K vistas
Implementing Open Banking with ForgeRock por ForgeRock Identity Tech Talks
Implementing Open Banking with ForgeRockImplementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRock
ForgeRock Identity Tech Talks2.3K vistas
Banking is Now More Open: Open Banking Update por MikeLeszcz
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
MikeLeszcz2.7K vistas
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update por OpenIDFoundation
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OpenIDFoundation1.3K vistas
Intelligent authentication Identity tech talks por Leonard Moustacchis
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talks
Leonard Moustacchis126 vistas
Connected Identity : The Role of the Identity Bus por Prabath Siriwardena
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
Prabath Siriwardena1.6K vistas
Implementing security requirements for banking API system using Open Source ... por Yuichi Nakamura
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura7.2K vistas
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma... por apidays
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays882 vistas
apidays LIVE Australia 2021 - Levelling up database security by thinking in A... por apidays
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays160 vistas
ForgeRock Open banking - Meetup 28/06/2018 por Quentin Castel
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018
Quentin Castel224 vistas
API-first Integration for Microservices por WSO2
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for Microservices
WSO2307 vistas
Standard Issue: Preparing for the Future of Data Management por Inside Analysis
Standard Issue: Preparing for the Future of Data ManagementStandard Issue: Preparing for the Future of Data Management
Standard Issue: Preparing for the Future of Data Management
Inside Analysis512 vistas
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo... por WSO2
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
WSO2667 vistas
Building a Fool Proof Security Strategy for PSD2 Compliance por WSO2
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 Compliance
WSO21.1K vistas
OpenID Foundation RISC WG Update - 2017-10-16 por MikeLeszcz
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
MikeLeszcz2.6K vistas
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS por Apigee | Google Cloud
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWSI Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - JWT, JWE, JWS
Apigee | Google Cloud2.8K vistas
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ... por WSO2
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2592 vistas
WSO2Con EU 2015: API Management Strategies and Best Practices por WSO2
WSO2Con EU 2015: API Management Strategies and Best PracticesWSO2Con EU 2015: API Management Strategies and Best Practices
WSO2Con EU 2015: API Management Strategies and Best Practices
WSO2906 vistas
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2 por WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
WSO2715 vistas

Similar a 銀行APIのトレンド #fapisum

OpenID for SSI por
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
320 vistas34 diapositivas
Should I Make My Own API Gateway? por
Should I Make My Own API Gateway?Should I Make My Own API Gateway?
Should I Make My Own API Gateway?Nordic APIs
519 vistas29 diapositivas
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs por
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs WSO2
151 vistas30 diapositivas
PSD2: Latvijas Komercbanku asociācijas pozīcija por
PSD2: Latvijas Komercbanku asociācijas pozīcijaPSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcijaLatvijas Banka
1.3K vistas26 diapositivas
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013 por
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Deepak Nadig
3.2K vistas23 diapositivas
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc... por
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
71 vistas26 diapositivas

Similar a 銀行APIのトレンド #fapisum(20)

OpenID for SSI por Torsten Lodderstedt
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt320 vistas
Should I Make My Own API Gateway? por Nordic APIs
Should I Make My Own API Gateway?Should I Make My Own API Gateway?
Should I Make My Own API Gateway?
Nordic APIs519 vistas
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs por WSO2
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
WSO2151 vistas
PSD2: Latvijas Komercbanku asociācijas pozīcija por Latvijas Banka
PSD2: Latvijas Komercbanku asociācijas pozīcijaPSD2: Latvijas Komercbanku asociācijas pozīcija
PSD2: Latvijas Komercbanku asociācijas pozīcija
Latvijas Banka1.3K vistas
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013 por Deepak Nadig
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013
Deepak Nadig3.2K vistas
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc... por apidays
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays71 vistas
Craft Conference 2015 - Evolution of the PayPal API: Platform & Culture por Deepak Nadig
Craft Conference 2015 - Evolution of the PayPal API: Platform & CultureCraft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Craft Conference 2015 - Evolution of the PayPal API: Platform & Culture
Deepak Nadig1.9K vistas
Digital Transformation for Karnataka Bank Through API-led Integration por WSO2
Digital Transformation for Karnataka Bank Through API-led IntegrationDigital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led Integration
WSO2361 vistas
KubeConRecap_nakamura.pdf por Hitachi, Ltd. OSS Solution Center.
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
Hitachi, Ltd. OSS Solution Center.456 vistas
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID por South Tyrol Free Software Conference
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
South Tyrol Free Software Conference64 vistas
Introduction to Kong API Gateway por Yohann Ciurlik
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik7.7K vistas
A Practical Deep Dive into Observability of Streaming Applications with Kosta... por HostedbyConfluent
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
HostedbyConfluent338 vistas
Apic dc api deep dive por Cisco DevNet
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive
Cisco DevNet4.9K vistas
Oracle Code Capgemini: API management & microservices a match made in heaven por luisw19
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw192.4K vistas
A Snapshot of API Design Trends In 2019 por Bill Doerrfeld
A Snapshot of API Design Trends In 2019A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019
Bill Doerrfeld921 vistas
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect" por Andreas Falk
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk341 vistas
APIdays London 2020: Toward certifying Financial-grade API security profile w... por Hitachi, Ltd. OSS Solution Center.
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
Hitachi, Ltd. OSS Solution Center.636 vistas
Matrix.org decentralised communication, Matthew Hodgson, TADSummit por Alan Quayle
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Alan Quayle1.7K vistas
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API... por apidays
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays41 vistas
Top 7 wrong common beliefs about Enterprise API implementation por OCTO Technology
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementation
OCTO Technology3.1K vistas

Más de Tatsuo Kudo

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」 por
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Tatsuo Kudo
258 vistas22 diapositivas
金融APIセキュリティの動向・事例と今後の方向性 por
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性Tatsuo Kudo
481 vistas44 diapositivas
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach por
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachTatsuo Kudo
238 vistas11 diapositivas
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021 por
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
650 vistas13 diapositivas
Authlete: API Authorization Enabler for API Economy por
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyTatsuo Kudo
516 vistas11 diapositivas
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday por
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizdayTatsuo Kudo
803 vistas33 diapositivas

Más de Tatsuo Kudo(20)

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」 por Tatsuo Kudo
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Tatsuo Kudo258 vistas
金融APIセキュリティの動向・事例と今後の方向性 por Tatsuo Kudo
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性
Tatsuo Kudo481 vistas
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach por Tatsuo Kudo
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Tatsuo Kudo238 vistas
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021 por Tatsuo Kudo
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
Tatsuo Kudo650 vistas
Authlete: API Authorization Enabler for API Economy por Tatsuo Kudo
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
Tatsuo Kudo516 vistas
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday por Tatsuo Kudo
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
Tatsuo Kudo803 vistas
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete por Tatsuo Kudo
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
Tatsuo Kudo1.9K vistas
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside por Tatsuo Kudo
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideAuthlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Tatsuo Kudo1.9K vistas
Financial-grade API Hands-on with Authlete por Tatsuo Kudo
Financial-grade API Hands-on with AuthleteFinancial-grade API Hands-on with Authlete
Financial-grade API Hands-on with Authlete
Tatsuo Kudo499 vistas
英国オープンバンキング技術仕様の概要 por Tatsuo Kudo
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要
Tatsuo Kudo2.5K vistas
オープン API と Authlete のソリューション por Tatsuo Kudo
オープン API と Authlete のソリューションオープン API と Authlete のソリューション
オープン API と Authlete のソリューション
Tatsuo Kudo1.6K vistas
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション por Tatsuo Kudo
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューションOAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
Tatsuo Kudo3.6K vistas
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat... por Tatsuo Kudo
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
Tatsuo Kudo8.6K vistas
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019 por Tatsuo Kudo
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
Tatsuo Kudo2.6K vistas
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth... por Tatsuo Kudo
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
Tatsuo Kudo6.6K vistas
Japan/UK Open Banking and APIs Summit 2018 TOI por Tatsuo Kudo
Japan/UK Open Banking and APIs Summit 2018 TOIJapan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOI
Tatsuo Kudo1.1K vistas
アイデンティティ (ID) 技術の最新動向とこれから por Tatsuo Kudo
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれから
Tatsuo Kudo8.5K vistas
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws por Tatsuo Kudo
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawawsOAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
Tatsuo Kudo13.4K vistas
OAuth Security Workshop 2017 #osw17 por Tatsuo Kudo
OAuth Security Workshop 2017 #osw17OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17
Tatsuo Kudo2.1K vistas
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api por Tatsuo Kudo
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
Tatsuo Kudo3.1K vistas

Último

Amine el bouzalimi por
Amine el bouzalimiAmine el bouzalimi
Amine el bouzalimiAmine EL BOUZALIMI
5 vistas38 diapositivas
ATPMOUSE_융합2조.pptx por
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 vistas70 diapositivas
How to think like a threat actor for Kubernetes.pptx por
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
7 vistas33 diapositivas
ARNAB12.pdf por
ARNAB12.pdfARNAB12.pdf
ARNAB12.pdfArnabChakraborty499766
5 vistas83 diapositivas
cis5-Project-11a-Harry Lai por
cis5-Project-11a-Harry Laicis5-Project-11a-Harry Lai
cis5-Project-11a-Harry Laiharrylai126
9 vistas11 diapositivas
The Dark Web : Hidden Services por
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
19 vistas24 diapositivas

Último(10)

Amine el bouzalimi por Amine EL BOUZALIMI
Amine el bouzalimiAmine el bouzalimi
Amine el bouzalimi
Amine EL BOUZALIMI5 vistas
ATPMOUSE_융합2조.pptx por kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 vistas
How to think like a threat actor for Kubernetes.pptx por LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze17 vistas
ARNAB12.pdf por ArnabChakraborty499766
ARNAB12.pdfARNAB12.pdf
ARNAB12.pdf
ArnabChakraborty4997665 vistas
cis5-Project-11a-Harry Lai por harrylai126
cis5-Project-11a-Harry Laicis5-Project-11a-Harry Lai
cis5-Project-11a-Harry Lai
harrylai1269 vistas
The Dark Web : Hidden Services por Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh19 vistas
hamro digital logics.pptx por tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire11 vistas
Affiliate Marketing por Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka20 vistas
WITS Deck por W.I.T.S.
WITS DeckWITS Deck
WITS Deck
W.I.T.S.18 vistas
Marketing and Community Building in Web3 por Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast15 vistas

銀行APIのトレンド #fapisum

  • 1. Financial APIs Workshop - Japan/UK Open Banking and APIs Summit 2018 API
  • 3. • https://www.linkedin.com/in/tatsuokudo – (1998-2008) – (2008-2018) – OpenID (2013-2014) – NRI (2014-2018) – Authlete (2018-) • VP of Solution Strategy 3
  • 4. API • API – e.g. – “Bank as a Service” – 2 API Banking 371 Source: https://www.programmableweb.com/category/banking 4
  • 5. API “OAuth 2.0” • API 5 “OAuth 2.0” Source: https://www.slideshare.net/tkudo/api-meetup-oauth
  • 6. API • • • 6 • Open Banking UK • Berlin Group NextGenPSD2 • Polish Bank Association • Slovak Banking Association • (France Stet)
  • 7. Open Banking UK • FAPI Part 2 • Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid Flow • Request Object • Mutual TLS 7 Source: Open Banking Security Profile - Implementer's Draft v1.1.2 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
  • 8. Open Banking UK 1. PSU (Payment Service User) AISP (Account Information Service Provider) 2. AISP ASPSP (Account Servicing Payment Service Provider) POST /account-resource (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP “AccountRequestId” 4. AISP AccountRequestId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP AISP 7. AISP ASPSP Mutual TLS 8. AISP GET /accounts Mutual TLS 8 Source: Account and Transaction API - v2.0.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+ Transaction+API+Specification+-+v2.0.0
  • 9. Open Banking UK 1. PSU PISP (Payment Initiation Service Provider) 2. PISP ASPSP POST /payments (Mutual TLS, Client Credentials Grant Type) 3. ASPSP PISP ”PaymentId” 4. PISP PaymentId Request Object ASPSP OIDC Hybrid Flow 5. ASPSP PSU 6. ASPSP PISP 7. PISP ASPSP Mutual TLS 8. PISP POST /payment-submissions Mutual TLS 9. Optionally retrieve the status of a payment setup or submission 9 Source: Payment Initiation API - v1.1.0 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
  • 10. OIDC Hybrid Flow (1) • Slovak Banking API Standard – OB UK PISP ID (orderId) ASPSP Request Object 10 Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
  • 11. OIDC Hybrid Flow (2) • MKB – Open Banking UK Security Profile – OB UK PISP ID (openbanking_intent_id) ASPSP Request Object 11 Source: Account and Transaction API Specification https://portal.sandbox.mkb.hu/api-documentation/account-info
  • 12. Berlin Group “NextGenPSD2” • 4 – Redirect SCA Approach – OAuth2 SCA Approach – Decoupled SCA Approach – Embedded SCA Approach 12
  • 13. Berlin Group “NextGenPSD2” Redirect / OAuth2 SCA Approach • PSU ASPSP PSU • “OAuth2” Redirect – Authorization Server Metadata 13 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 14. Berlin Group “NextGenPSD2” Decoupled SCA Approach • ASPSP PISP/AISP PSU 14 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 15. Berlin Group “NextGenPSD2” Embedded SCA Approach • ASPSP PISP/AISP PSU 15 Source: NextGenPSD2 XS2A Framework Implementation Guidelines Version 1.1 https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf
  • 16. Berlin Group “NextGenPSD2” OAuth 2.0 • “Optional Usage” • PISP/AISP “pre-step” OAuth SCA Approach ASPSP API (XS2A interface) 16
  • 17. Decoupled • “PolishAPI” • NextGenPSD2 decoupled – OAuth 2.0 – TPP (Third-Party Provider) EAT (External Authorization Tool) ASPSP 17 Source: PolishAPI Verison 2.0 https://docs.polishapi.org/files/ver2.0/PolishAPI-spec-v2.0-EN.pdf
  • 18. Embedded • “STET” • Resource Owner Password Grant – ASPSP PSU Strong Customer Authentication 18 Source: PolishAPI Verison 2.0 https://www.stet.eu/assets/files/PSD2/1_3/API_DSP2_STET_V1_3.pdf
  • 19. • TPP ASPSP “intent” POST → intent id Request Object Open Banking UK • TPP ASPSP TLS • “Embedded” vs “Decoupled” 19