[Openid-specs-fapi] Fwd: Berlin Group publishes Version 1.0 of the NextGenPSD2 Framework

Sat May 26 07:40:57 UTC 2018

Hi Brian

Yep - the examples are still broken, but hopefully they will get fixed in
the next release.

Torsten, have you fed back about the examples?

Thanks

Dave

On 25 May 2018 at 23:36, Brian Campbell <bcampbell at pingidentity.com> wrote:

> As a disclaimer I did not read or review the whole document. I just
> glanced at that section. But right after the part that Dave had the
> screenshot of are the following examples, which are still pretty broken. A
> not necessarily complete list of issues is listed under each.
>
> client_id and response_type are still camel case
> client_id value probably shouldn't be quoted or, if that's really the
> value, the quotes need to be urlencoded as %22
> extraneous space in the value of state
> the S256 value of code_challenge_method shoudn't be quoted
> the code_challenge value looks hex encoded (maybe?) where it should be
> base64url encoded
>
>
>
> 
> client_id value issue with quotes
> grant_type value is camel case but should be authorization_code
> extra space in redirect_uri value
>
>
>
> On Mon, May 14, 2018 at 3:18 AM, Dave Tonge via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>
>> v1.1 camel case issue is fixed :-)
>>
>> 
>> https://www.berlin-group.org/nextgenpsd2-downloads
>>
>>
>>
>> On 11 May 2018 at 16:14, Dave Tonge <dave.tonge at momentumft.co.uk> wrote:
>>
>>> Thanks Torsten
>>>
>>> Still camel case... :-(
>>>
>>>
>>> 
>>>
>>> On 8 February 2018 at 19:15, Torsten Lodderstedt via Openid-specs-fapi <
>>> openid-specs-fapi at lists.openid.net> wrote:
>>>
>>>>
>>>>
>>>> Anfang der weitergeleiteten Nachricht:
>>>>
>>>> *Von: *<info at berlin-group.org>
>>>> *Betreff: **Berlin Group publishes Version 1.0 of the NextGenPSD2
>>>> Framework*
>>>> *Datum: *8. Februar 2018 um 18:31:35 MEZ
>>>> *An: *<info at berlin-group.org>
>>>>
>>>> Today, the Berlin Group has published Version 1.0 of the NextGenPSD2
>>>> Access to Accounts (XS2A) Framework that enables Third Party Providers
>>>> (TPPs) to access bank accounts under the revised Payment Services Directive
>>>> (PSD2). Version 1.0 integrates extensive public market consultation
>>>> feedback and is based on the European Commission adopted European Banking
>>>> Authority (EBA) Regulatory Technical Standards (RTS) for Strong Customer
>>>> Authentication and Common and Secure Open Standards of Communication.
>>>>
>>>> Based on open industry standards, the NextGenPSD2 Framework offers a
>>>> modern, harmonised and interoperable set of Application Programming
>>>> Interfaces (APIs) as the safest and most efficient way to provide data
>>>> securely. The NextGenPSD2 Framework reduces XS2A complexity, addresses the
>>>> problem of multiple competing standards in Europe and, aligned with the
>>>> goals of the Euro Retail Payments Board, enables European banking customers
>>>> to benefit from innovative products and services (‘Banking as a Service’)
>>>> by granting TPPs safe and secure (authenticated and authorised) access to
>>>> their bank accounts and financial data. The APIs support the PSD2 required
>>>> account information (AIS), payment issuer instrument (PIIS) and payment
>>>> initiation (PIS) services and are among others built on RESTful and JSON
>>>> standards, relying on ISO20022 standards for the data elements to be
>>>> exchanged.
>>>>
>>>> The NextGenPSD2 Framework aligns with market requirements as expressed
>>>> in the market feedback from the public market consultation of
>>>> October/November 2017 for which a total of approximately 1,000 market
>>>> comments from 59 organisations have been processed. The Framework also
>>>> integrates applicable legislations and regulations as it is based on the
>>>> European Commission adopted EBA RTS version (adopted on 27 November 2017).
>>>> The NextGenPSD2 Framework Version 1.0 comprises Operational Rules and
>>>> Implementation Guidelines and is ready to be used by banks and TPPs for
>>>> implementing PSD2-required bank account access.
>>>>
>>>> The NextGenPSD2 Framework has been made available for download on the
>>>> Berlin Group website (www.berlin-group.org/psd2-access-to-bank-accounts).
>>>> For your convenience, the NextGenPSD2 Framework Version 1.0 documents are
>>>> already attached to this message (the Introduction document in a
>>>> low-resolution version to accommodate email transport; a high-resolution
>>>> version can be downloaded on the website).
>>>>
>>>> *Future work*
>>>> With this Version 1.0 publication we continue to reach out to market
>>>> participants for further improvement. Your future feedback with suggestions
>>>> for improvement is kindly received at info at berlin-group.org.
>>>>
>>>> The Version 1.0 Framework documents will be complemented in early March
>>>> 2018 with an OpenAPI technical specification, a detailed FAQ document and a
>>>> resolved market consultation feedback issues document.
>>>>
>>>> The Version 1.0 Framework documents still assume the need for further
>>>> standardisation items, extensions, and clarifications in consultation with
>>>> National Competent Authorities and the European Banking Authority. It is
>>>> currently difficult to anticipate how much time is needed for these work
>>>> items. In the coming months we will frequently issue errata documents with
>>>> textual improvements and further regulatory clarifications as soon as they
>>>> occur. A minor release update V1.1 might then follow after the summer 2018.
>>>>
>>>> *Further market involvement*
>>>> Current NextGenPSD2 governance restricts participation to the market
>>>> supply-side that is mandated by PSD2 and EBA RTS to provide an XS2A
>>>> interface and is liable for any damages. However, NextGenPSD2 aims to
>>>> provide a more permanent governance structure that involves broader market
>>>> interests as well. Further details are likely to become available towards
>>>> the end of Q1 2018. We will update you as soon as possible.
>>>>
>>>> kind regards,
>>>>
>>>> Berlin Group NextGenPSD2
>>>>
>>>> *The Berlin Group respects and protects your personal information and
>>>> obeys Privacy Protection Laws and Regulations. All your personal data is
>>>> treated with the greatest care and confidentiality. Your e-mail address is
>>>> only used for the envisaged business purpose of this message. If you want
>>>> to unsubscribe from this list or update your personal data you can do this
>>>> by sending us a reply e-mail.*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-fapi mailing list
>>>> Openid-specs-fapi at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>>>
>>>>
>>>
>>>
>>> --
>>> Dave Tonge
>>> CTO
>>> [image: Moneyhub Enterprise]
>>> <http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
>>> Moneyhub Financial Technology, 2nd Floor, Whitefriars Business Centre,
>>> Lewins Mead, Bristol, BS1 2NT
>>> t: +44 (0)117 280 5120
>>>
>>> Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
>>> Limited which is authorised and regulated by the Financial Conduct
>>> Authority ("FCA"). Moneyhub Financial Technology is entered on the
>>> Financial Services Register (FRN 561538) at fca.org.uk/register. Moneyh
>>> ub Financial Technology is registered in England & Wales, company
>>> registration number 06909772 © . Moneyhub Financial Technology Limited
>>> 2018. DISCLAIMER: This email (including any attachments) is subject to
>>> copyright, and the information in it is confidential. Use of this email or
>>> of any information in it other than by the addressee is unauthorised and
>>> unlawful. Whilst reasonable efforts are made to ensure that any attachments
>>> are virus-free, it is the recipient's sole responsibility to scan all
>>> attachments for viruses. All calls and emails to and from this company may
>>> be monitored and recorded for legitimate purposes relating to this
>>> company's business. Any opinions expressed in this email (or in any
>>> attachments) are those of the author and do not necessarily represent the
>>> opinions of Momentum Financial Technology Limited or of any other group
>>> company.
>>>
>>
>>
>>
>> --
>> Dave Tonge
>> CTO
>> [image: Moneyhub Enterprise]
>> <http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
>> Moneyhub Financial Technology, 2nd Floor, Whitefriars Business Centre,
>> Lewins Mead, Bristol, BS1 2NT
>> t: +44 (0)117 280 5120
>>
>> Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
>> Limited which is authorised and regulated by the Financial Conduct
>> Authority ("FCA"). Moneyhub Financial Technology is entered on the
>> Financial Services Register (FRN 561538) at fca.org.uk/register. Moneyhub Financial
>> Technology is registered in England & Wales, company registration number
>> 06909772 © . Moneyhub Financial Technology Limited 2018. DISCLAIMER:
>> This email (including any attachments) is subject to copyright, and the
>> information in it is confidential. Use of this email or of any information
>> in it other than by the addressee is unauthorised and unlawful. Whilst
>> reasonable efforts are made to ensure that any attachments are virus-free,
>> it is the recipient's sole responsibility to scan all attachments for
>> viruses. All calls and emails to and from this company may be monitored and
>> recorded for legitimate purposes relating to this company's business. Any
>> opinions expressed in this email (or in any attachments) are those of the
>> author and do not necessarily represent the opinions of Momentum Financial
>> Technology Limited or of any other group company.
>>
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>
>>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*

-- 
Dave Tonge
CTO
[image: Moneyhub Enterprise]
<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
Moneyhub Financial Technology, 2nd Floor, Whitefriars Business Centre,
Lewins Mead, Bristol, BS1 2NT
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Moneyhub Financial Technology is entered on the
Financial Services Register (FRN 561538) at fca.org.uk/register.
Moneyhub Financial
Technology is registered in England & Wales, company registration number
06909772 © . Moneyhub Financial Technology Limited 2018. DISCLAIMER: This
email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180526/2582b612/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2018-05-14 at 11.16.21.png
Type: image/png
Size: 149973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180526/2582b612/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2018-05-25 at 3.16.10 PM.png
Type: image/png
Size: 108200 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180526/2582b612/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2018-05-11 at 16.13.13.png
Type: image/png
Size: 287466 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180526/2582b612/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2018-05-25 at 3.25.30 PM.png
Type: image/png
Size: 158783 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180526/2582b612/attachment-0007.png>