Financial API (FAPI) WG

What is the Financial API (FAPI) WG?

Overview

In many cases, Fintech services such as aggregation services uses screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, it should utilize an API model with structured data and to cope with insecurity, it should utilize a token model such as OAuth [RFC6749, RFC6750].

This working group aims to rectify the situation by developing a REST/JSON model protected by OAuth. Specifically, the FAPI WG aims to provide JSON data schemas, security and privacy recommendations and protocols to:

• enable applications to utilize the data stored in the financial account,
• enable applications to interact with the financial account, and
• enable users to control the security and privacy settings.

Both commercial and investment banking account as well as insurance, and credit card accounts are to be considered.

Working Group Chairs

• Nat Sakimura (Nomura Research Institute), Anoop Saxena (Intuit), Anthony Nadalin (Microsoft)

The chairs can be reached at <openid-specs-fapi-owner@lists.openid.net>.

List of Specifications

• Financial API — Part 1: Read Only API Security Profile (Implementer’s Draft).
• Financial API — Part 2: Read & Write API Security Profile (Implementer’s Draft).
• Financial API — Part 3: Open Data API (Working Draft).
• Financial API — Part 4: Read Only API (Working Draft).
• Financial API — Part 5: Read & write API (Working Draft).

Current thought around it can be found in this presentation.

Participation

The easiest way to participate is to join the mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-fapi.

Please note that while anyone can join the mailing list as a read-only recipient, posting to the mailing list or actively contributing to the specification itself requires the submission of an IPR Agreement. More information is available at http://openid.net/intellectual-property. Make sure to specify the working group as FAPI WG.

Meeting Venue and Schedule

• Regular Meetings
  • Pacific zone call: Bi-weekly Tuesday Call @ 11pm UTC
  • Atlantic zone call: Bi-weekly Wednesday Call @ 2pm UTC
  • See the calendar below for the details.
  • Location: https://global.gotomeeting.com/join/321819862
• GoToMeeting software is available on Mac, PC, iPhone, and Android Phone.
• Using VoIP option of GoToMeeting is preferred. If you have to absolutely use plain old telephone some reason, here is the phone number:
  United States: +1 (224) 501-3316 United Kingdom: +44 (0) 20 3713 5011
• Please Note: Number of the participation to the call is limited to 25 most active members at the discretion of the chair due to the number of lines available.