Security Profiles

The existing Open Banking Security Profile has been extended during 2018 to cover both re-direct and decoupled flows, based on the Open ID Foundation’s Financial Grade API (FAPI) and Client Initiated Backchannel Authentication (CIBA) profiles.

 

Open Banking Security Profile

Security profile based on the OpenID Foundations Financial API Read+Write specification document, FAPI-RW. The OpenBanking profile further shapes these two base profiles with clauses and provisions necessary to reduce delivery risk for ASPSPs.

Financial Grade API (FAPI) Profile

The OIDF Financial-grade API (FAPI) is a REST API that provides JSON data representing higher risk data. These APIs are protected by the OAuth 2.0 Authorization Framework that consists of [RFC6749], [RFC6750], [RFC7636], and other specifications. This profile describes security provisions for the server and client that are appropriate for Financial-grade APIs.

    Client Initiated Backchannel Authentication (CIBA) Profile

    A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow CIBA, that supports decoupled interaction method.  This document profiles the CIBA specification to bring it in line with the other FAPI parts and provides security recommendations for its use with APIs that require financial-grade security.