<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Open Sans Light";
panose-1:2 11 3 6 3 5 4 2 2 4;}
@font-face
{font-family:"Open Sans Medium";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Open Sans Light",sans-serif;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
page-break-after:avoid;
font-size:13.0pt;
font-family:"Open Sans Light",sans-serif;
font-weight:normal;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Open Sans Light",sans-serif;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Open Sans Light",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:609557153;
mso-list-template-ids:-1314079266;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:●;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:○;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:■;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:●;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:○;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:■;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:●;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:○;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:■;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
@list l1
{mso-list-id:813793129;
mso-list-type:hybrid;
mso-list-template-ids:1344062860 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:1157453996;
mso-list-template-ids:346311200;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1213691065;
mso-list-type:hybrid;
mso-list-template-ids:1786399700 -426573920 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:2128885495;
mso-list-type:hybrid;
mso-list-template-ids:-1070018308 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">FAPI WG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">I am pleased to confirm that the OpenID Foundation submitted comments on the NISTIR 8389 publication on Open Banking, as per their March 3 deadline today. That submission is below, including
the draft Open Banking whitepaper. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Many thanks to Dave for his herculean efforts to draft the NIST comments and the whitepaper so swiftly, and ensuring a quality submission to NIST. Also, many thanks to the FAPI WG for your
comments in the draft and in the WG calls. <o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">We invite the WG to make any further comments by EOD March 14<sup>th</sup> so that we can move to “final”, and send it to NIST and publish it for the benefit of the global community.</span></b><span style="font-family:"Calibri",sans-serif">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Please pay special attention to the following:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo6"><span style="font-family:"Calibri",sans-serif">OIDF recommendations in the whitepaper, to ensure they reflect the consensus view of the WG <o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo6"><span style="font-family:"Calibri",sans-serif">Our references to market implementations, we want to ensure we are accurate, fair, and balanced – for implementations that selected FAPI
and those that have not. <o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Google Doc Link:
<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">https://docs.google.com/document/d/18i1f-lYd7VgAyw_2vYZChlFcSZwG_yK_epF7wAJkBaw/edit#heading=h.o66ldbq1qca8<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Gail<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black">From:
</span></b><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black">Gail Hodges <gail.hodges@oidf.org><br>
<b>Date: </b>Thursday, March 3, 2022 at 12:30 PM<br>
<b>To: </b>"nistir-8389-comments@nist.gov" <nistir-8389-comments@nist.gov><br>
<b>Cc: </b>Dave Tonge <dave.tonge@moneyhub.com>, nat_fwd <nat@nat.consulting>, Don Thibeau <don@oidf.org>, Mike Leszcz <mike.leszcz@oidf.org><br>
<b>Subject: </b>Comments on NISTIR 8389 -- OpenID Foundation<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN">Attn: National Institute of Standards and Technology; Computer Security Division, Information Technology Laboratory<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN" style="font-family:"Open Sans Medium"">Re: Comments on NISTIR 8389 - Cybersecurity Considerations for Open Banking Technology and Emerging Standards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN">Dear Sir or Madam,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">Thank you for this publication, it is informative and we hope will be a useful resource for those seeking to understand Open Banking.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">The OpenID Foundation has played a pivotal role in Open Banking security standards, and we welcome your reference to our standards work on FAPI in NISTIR 8389. As a non-profit standards body, we are keen to ensure our standards
continue to serve the global community.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">We are pleased to share an advance copy of our Open Banking Whitepaper, in draft format, which shares some of our experience globally. We will share the final version of this whitepaper, targeted for publication March 16,
2022. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">In addition to the whitepaper we have the following comments on NISTIR 8389:<o:p></o:p></span></p>
<h3><a name="_q4aj28s1bx08"></a><span lang="EN">Lines 586-629 - Australia<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">The CDR ecosystem originally didn’t include payment and action initiation (line 609) It is being discussed as a future roadmap item now.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">The original CDR design included a lot of custom extensions that caused multiple security and interoperability concerns. These are still being remediated by the industry as a part of complete alignment to FAPI1 and transition
to FAPI2.<o:p></o:p></span></p>
<h3><a name="_5kk2q3jhb9m3"></a><span lang="EN">Lines 793-797 - Brazil<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">It is mandatory for large to mid-sized financial institutions and any institution that will interact with those covered by the Brazilian legal framework.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">A trust model and a directory were created such that parties are not required to put in place direct contracts to interact.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">A payment initiation protocol was defined such that multiple payment operators are emerging.<o:p></o:p></span></p>
<h3><a name="_j40c759x2izs"></a><span lang="EN">Lines 800-805 - Japan<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">Most banks are strongly advised by FSA to offer APIs to Fintechs by 2019 and most banks obliged although they are not standardized. Banks and Fintechs are mandated to get into individual contractual agreements which limited
scalability in terms of interconnection among them. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">For QR code payment, Paypay that is offered by Z Holding is the most prevalent one. As a standardization effort, there is a scheme code JPQR which standardized some aspects of the QR code payment.<o:p></o:p></span></p>
<h3><a name="_yomous9s80ng"></a><span lang="EN">Lines 943-946 - API Security<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">We suggest that you strongly recommend that any Open Banking or Open Finance initiative should adopt an established API security profile. From a security perspective there are many increased risks when an initiative “rolls
its own” security profile. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">We suggest that as well as mentioning the UK that reference be made to other jurisdictions like Australia, Brazil, New Zealand, Russia, US/Canada (FDX) and many private ecosystems who are also using FAPI as their security
profile.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">We also ask that you remove the space between “Open” and “ID” - it is a single word “OpenID”. In addition is it possible to use the abbreviation, FAPI, after the reference to “Financial Grade API”.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">Please can you mention the fact that FAPI security profiles went through formal security analysis and come with comprehensive conformance tests and certification for both, data providers and data recipients. FAPI conformance
testing covers a large range of positive and negative test cases and focuses on security and interoperability. The FAPI conformance tests have caught
</span><span lang="EN" style="font-family:"Open Sans Medium"">serious security vulnerabilities and interoperability issues in API platform implementations</span><span lang="EN"> developed by large multinational banks, despite those passing through many rounds
of internal and external security testing. Vendors from around the world, and hundreds of data providers and data recipients in the UK, Australia, and Brazil have completed FAPI certification. All certifications are published on the OIDF website:
<a href="https://openid.net/certification/"><span style="color:#1155CC">https://openid.net/certification/</span></a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">It is strongly recommended by global open banking community:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="margin-bottom:0in;mso-list:l0 level1 lfo3"><span lang="EN">for all participants to complete FAPI conformance testing before joining the ecosystem, and to consider the cadence of recertification.<o:p></o:p></span></li><li class="MsoNormal" style="margin-bottom:0in;mso-list:l0 level1 lfo3"><span lang="EN">All ecosystem API interactions should follow the same security profile.<o:p></o:p></span></li><li class="MsoNormal" style="margin-bottom:0in;mso-list:l0 level1 lfo3"><span lang="EN">Ecosystem to perform regular end-to-end security review of the ecosystem including all participants (data recipients, data providers and the registry).<o:p></o:p></span></li><li class="MsoNormal" style="margin-bottom:0in;mso-list:l0 level1 lfo3"><span lang="EN">Simplify participant interactions and avoid custom standards.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level1 lfo3"><span lang="EN">New ecosystems should consider adopting the FAPI 2 framework (the next iteration of the FAPI specs that builds on the experience of rolling out FAPI 1 in many ecosystems). This will significantly
simplify security profile compliance for all participants. <o:p></o:p></span></li></ul>
<h3><a name="_m68tu8tnj925"></a><span lang="EN">Lines 947 to 951 - SAML<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">We are not sure whether it is worth mentioning SAML here. It is primarily a single sign-on protocol and is missing many features which are needed for secure implementations of Open Banking.
<o:p></o:p></span></p>
<h3><a name="_jqmkc0c3ksv0"></a><span lang="EN">Lines 959-964 - Privacy and Consent<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">Privacy is an integral part of any Open Banking initiative, and user consent is one of its most important building blocks. Open Banking and Open Finance are about data sharing that cannot happen without user consent.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">To ensure interoperability in the ecosystem, adequate security and satisfaction of privacy regulations, user consent at API and flow level shall be standardized across jurisdictions and based on solid, broadly recognized
standards.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">OpenID's FAPI not only refers to the privacy framework but also aims to standardize consent requests and consent management. It is designed to support user experience defined by various jurisdictions. It leverages proven
broadly adopted open standards. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">We suggest paying more attention in NISTIR 8389 to user consent. We also suggest recognizing FAPI as the recommended API and flow-level standard for consent-related operations. It will help limit the proliferation of jurisdiction-specific
consent operations approaches in the open banking and open finance spaces. We believe that such recommendations will strengthen security, improve interoperability and speed up ecosystem growth.
<o:p></o:p></span></p>
<h3><a name="_gn9w7wyjteib"></a><span lang="EN">Line 978<o:p></o:p></span></h3>
<p class="MsoNormal"><span lang="EN">Is it worth mentioning the financial data exchange (FDX) here? It has 208 member organizations and is currently the driving force behind Open Banking in the US, and a key participant in the Open Banking effort in Canada
as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">Last, the OpenID Foundation anticipates making additional recommendations regarding Dynamic Client Registration, the operations of participant registration, and how other technologies like decentralized solutions can complement
the FAPI family of standards. Those comments will be included in the final draft of the whitepaper targeted for March 16, 2022.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">Many thanks for the opportunity to provide our comments. As per the whitepaper, you are welcome to contact the OpenID Foundation at
<a href="mailto:Director@oidf.org"><span style="color:#1155CC">Director@oidf.org</span></a> with any follow-up question, or to talk through our comments.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN">Dave Tonge <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span lang="EN"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span lang="EN">Co-Chair FAPI WG
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN">OpenID Foundation </span><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</div>
</body>
</html>