[Openid-specs-fapi] The UK Open Banking Standard working with the FAPI WG

Dave Tonge dave.tonge at momentumft.co.uk
Mon Jun 27 12:22:19 UTC 2016


Hi all

Some of the contributors to the UK's OBWG report
<https://github.com/OpenBankingStandard/framework/blob/master/obwg_report_final.pdf>
have started collaborating together on the technical work for a UK Open
Banking Standard.

The github repository for the group is here:
https://github.com/OpenBankingStandard

We are still in the early stages in the development of the standard and
were delighted to find out about the FAPI WG. We had a call of the Core
Technical Committee last week and we agreed to collaborate with the FAPI WG.

We will continue work in the Open Banking Standard as there are some UK
specific elements that need to be taken care of - for example the initial
release of the Midata data-set. However on the security / auth side we
agreed to work closely with the FAPI WG with the likely outcome being that
we simply recommend whatever the output of the FAPI WG is.

In light of this I've started researching Token Binding and have
joined the Token
Binding mailing list <https://datatracker.ietf.org/wg/tokbind/documents/>.
Currently there aren't many implementations in the wild - but I've got some
useful info from the group -
https://mailarchive.ietf.org/arch/search/?email_list=unbearable. Google are
currently open sourcing their library for token binding (this works with
OpenSSL and BoringSSL). Once this is released I will attempt custom builds
of Nginx and Node.JS with token binding enabled.

In regards to the DDA Schema I do have a concern. One of the aims that we
have with the Open Banking Standard is to have an open development history
of any schemas that are developed - so that those looking at or
implementing the spec can go back and see why formats, naming conventions,
etc. were chosen.  The DDA schema seems to have come out of nowhere though.
Perhaps this can be addressed by a thorough debate on the mailing list /
bitbucket over all the aspects of the schema - but I thought it is worth
raising.

So in conclusion I will work closely with both groups - the development of
an open, standards based, financial API is one of my key personal
objectives. Where possible I will seek to avoid duplication of effort
between the 2 groups.

Thanks

-- 
Dave Tonge
CTO
10 Temple Back | Bristol | BS1 6FL
t: +44 (0)117 280 5120
m: +44 (0)7577 815570

Momentum Financial Technology Ltd is authorised and regulated by the
Financial Conduct Authority (Register number 561538). Registered in England
& Wales, company registration number 06909772. DISCLAIMER: This email
(including any attachments) is subject to copyright, and the information in
it is confidential. Use of this email or of any information in it other
than by the addressee is unauthorised and unlawful. Whilst reasonable
efforts are made to ensure that any attachments are virus-free, it is the
recipient's sole responsibility to scan all attachments for viruses. All
calls and emails to and from this company may be monitored and recorded for
legitimate purposes relating to this company's business. Any opinions
expressed in this email (or in any attachments) are those of the author and
do not necessarily represent the opinions of Momentum Financial Technology
Ltd or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20160627/55469bc6/attachment.html>


More information about the Openid-specs-fapi mailing list