[Openid-specs-fapi] NextGenPSD2 API support of Discovery Services

Anders Rundgren anders.rundgren.net at gmail.com
Sat Jan 25 14:18:14 UTC 2020


Hi FAPIers,
https://thepaypers.com/interviews/what-does-the-future-hold-for-tpps-and-banks-in-a-post-psd2-era-and-the-art-of-standardising-apis-interview-with-the-berlin-group--1239600

For me this sounds quite interesting since discovery services is a core element of Saturn/Open Banking Wallet

I believe that the way this is used in Saturn could be used in essentially any Open API system.  This is how it works:
1. The caller has in some way acquired an URL to a discovery service to an API it wants to call.
2. Then the caller retrieves the object which may contain:
- Type and version of the API
- API service end-points
- Public keys
- Algorithms
- Extensions
- Signatures
- Etc.
3. Then the caller adapts its call after the read data (or concludes that it cannot call because it is incompatible).

Live example: https://mobilepki.org/webpay-payeebank/

In Saturn discovery comes with a twist; the caller provides a URL to its own discovery service to make central registers like PRETA unnecessary.  Yes, the data must of course (in an Open Banking scenario), be signed by the associated NCA.

thanx,
Anders
https://cyberphone.github.io/doc/research/casting-apis-in-stone.pdf





More information about the Openid-specs-fapi mailing list