[Openid-specs-fapi] [Bitbucket] Issue #353: FAPI for Berlin Group openFinance Framework (openid/fapi)

Anders Rundgren anders.rundgren.net at gmail.com
Sun Jan 10 05:51:05 UTC 2021


Hi Francis,

After revisiting this issue I have come to the conclusion that this topic probably is out of scope for the FAPI WG.

Why is that?  Well, this conclusion builds on the following (maybe incorrect) assumptions:
- The FAPI WG define standards and profiles targeting Open Banking (and more) but do not define specific methods for performing account lookups etc.
- The proposal would (hopefully) not affect any of the existing FAPI standards or profiles.

The core idea splitting an Open Banking API in two layers is though very good [*]. However, with respect to FAPI, I believe their stuff would only live in the AuthZ layer.  Although the security between the AuthZ layer and the "purified" Banking API is yet to be defined, I don't see this as a natural task for FAPI WG since this part is not supposed to be exposed outside of the bank environment.

That is, adopting FAPI profiles seems like a question for the Berlin Group only although it may surely be of interest to other parties as well.

It is also important keeping in mind that Berlin Group's revised take on Open Banking goes way beyond the scope of OBIE.

thanx,
Anders

*] Your proposal is essentially a MUCH better version of my "Direct Mode" solution:
https://github.com/cyberphone/swedbank-psd2-saturn#swedbank-psd2saturn-interface


More information about the Openid-specs-fapi mailing list