OpenID Certification Expanding to FAPI Specs


Announcement:

The OpenID Foundation announced today it will continue expanding the scope of its award-winning OpenID Certification program, adding new profiles and capabilities.  The new Form Post Response Mode profiles were launched this week during the Identiverse conference.  The OpenID Foundation is pleased to announce its plans to expand the scope of the certification program to enable certification of deployments of Financial-grade API (FAPI) specifications.

Background:

The Open Banking Implementation Entity (OBIE) have developed the UK Open Banking standard. The first version of this went live in the UK on 13th January 2018. This is a fully open standard and the OBIE are actively working with other standards bodies and banks and fin techs across Europe and in other markets to build a truly global Open Banking standard. Throughout the first half of the year, the OBIE, the OpenID Foundation (OIDF), and the Open Identity Exchange have held a series of workshops to engage the community.

The OBIE security model is based closely on the OpenID Foundation’s FAPI (Financial-grade API) specifications. The OBIE has made key contributions over the course of 2018, to move its security model closer to the full FAPI profile. The key driver behind aligning with OIDF’s FAPI was to adopt an existing open standard, and thus realise the following:

  • SECURITY: To provide the best possible security in protecting access to sensitive customer data
  • OPENNESS: Using a core standard that is widely used and understood by as many developers as possible
  • IMPLEMENTATION: Based on technology that can be supported by as many vendors as possible, and thus can be implemented by banks in a timely manner
  • FLEXIBILITY: Can be extended to other use cases beyond finance (e.g., retail, utilities, health)
  • CUSTOMER BENEFIT: Thereby maximising adoption and facilitating the delivery of use cases that provide benefits to the end personal and business customers

The certification process allows both banks and fin techs to test and certify their implementations. This will accelerate development and testing, reduce support issues, and reduce costs for those that certify.

The OBIE and OIDF encourage all vendors, banks and fin techs to join the FAPI working group and help finalize both the standard and certification process. To facilitate global input the OBIE, the OIDF and the OIX will extend its series of workshops to include stakeholders in the Asia Pacific region. As part of its international consultation it is planning, workshops are planned for Sydney on Tuesday November 13th and Singapore on Monday November 19th. These workshops are made possible in part by a grant from the Microsoft Corporation.

This international outreach is also to encourage regulators to explore how they can take such certifications into account when granting regulatory status and/or issuing exemptions.

This announcement builds on the overall success of OpenID Connect. In 2012, OpenID Connect won the European Identity Award for best new standard. The past six years of global adoption and innovation across business sectors demonstrated that this was a forward-looking recognition of successes to come. The OpenID Certification Program extended this success by being recognized with two awards in 2018 with the IDnext Identity Innovation Award and the European Identity Award for Best Innovation.