The OpenID Foundation is pleased to sponsor the Identity, Unlocked second season premiere podcast featuring host Vittorio Bertocci and special guest Torsten Lodderstedt, “Exploring Financial-grade API (FAPI) with Torsten”. Torsten is a long time member of and contributor to the OpenID Foundation. Torsten has contributed significantly to the FAPI security profile and is the co-chair of the eKYC&IDA working group.
This episode is a deep dive on the technical plumbing of FAPI. It provides an overview of the specification, how it came to be and what it means for implementers and end-users. FAPI is a security and interoperability profile closely aligned with OAuth. It was originally intended for use in open banking scenarios and has now rapidly extended to other high security use-cases in insurance, healthcare and mobile. Torsten explains how FAPI navigates two challenge areas of using OAuth in open banking, what one may find within the FAPI working group initiatives, and the differences between FAPI versions 1 and 2. Further, Torsten dives into specific macro areas of FAPI, and discusses JARM (JWT Secured Authorization Response Mode). He details cryptography measures such as MTLS and their relation to FAPI, his thoughts on the future of FAPI, prominent features in the specifications such Client Initiated Backchannel Authentication (CIBA), and helps listeners interested in FAPI to determine what version might best suit them.
This podcast compliments the OpenID Foundation’s plans for technical information sharing sessions with government and private sector partners in AUS, LATAM, MENA, the EU and UK. The Foundation plans to enhance and extend the workshops we tested over the last few years with the UK’s Open Banking Implementation Entity with the goal of the workshops to provide an open forum to educate technologists on the current state of the FAPI standards and its conformance test suite and invite contributions to the evolution of FAPI-2.0
To learn more about the FAPI working group, how to participate, and information about the specification, visit https://openid.net/wg/fapi
To learn more about OpenID Foundation’s global open banking initiatives as well as access resources for developers and implementers of the Financial-grade API (FAPI), visit https://fapi.openid.net
About Torsten Lodderstedt
Torsten is CTO of yes.com, a startup building an open banking scheme. Before joining yes.com, he served for a decade in different roles at Deutsche Telekom’s identity team, building and operating large-scale consumer identity services. In his previous positions as a consultant and IT architect, he helped customers in several domains (public, banking, railway communication, telecommunication) to implement highly scalable and secure applications. Torsten Lodderstedt received his Ph.D in computer science from Albert-Ludwigs University in Freiburg. Torsten regularly contributes to OAuth & OpenID. He is the editor of the OAuth 2.0 Security Best Current Practice and the OpenID Connect for Identity Assurance draft, contributes to OpenID Foundation’s FAPI working group, and helps API standardization initiatives, especially in the open banking space, to effectively use OAuth.
To Learn More About the “Identity, Unlocked” Podcast
To learn more about the ‘Identity, Unlocked,’ podcast and host, Vittorio Bertocci, visit identityunlocked.auth0.com
To subscribe to the latest podcast updates and episodes, visit Apple Podcasts and Spotify.