Weitere ähnliche Inhalte Ähnlich wie PSD2 & Open Banking: How to go from standards to implementation and compliance (20) Mehr von Rogue Wave Software (20) Kürzlich hochgeladen (20) PSD2 & Open Banking: How to go from standards to implementation and compliance1. 1© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD2 & Open Banking:
How to go from standards to
implementation and compliance
Olaf van Gorp
2. 2© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Presenter
Olaf van Gorp
Technical Sales Europe - Akana
olaf.van.gorp@roguewave.com
3. 3© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Agenda
• PSD2 and APIs
• Implementation standards
• Added value of API management
• Q & A
4. 4© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Watch the on-demand webinar
5. 5© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD2 and APIs
6. 6© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Third
party
provider
account
information
Third
party
provider
account
information
payment
initiation
Third
party
provider
payment initiation
Third
party
provider
account
information
Third
party
provider
payment
initiation
Third
party
provider
account
information
Third
party
provider
confirmation of
funds Third
party
provider
7. 7© 2018 Rogue Wave Software, Inc. All Rights Reserved.
APIs!
(really..?)
8. 8© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD2? APIs?
9. 9© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Understand PSD2…
…technical compliance.
10. 10© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Verify request integrity
Strong customer authentication
Mutual authentication
Dynamic linking
Consumer authorization
11. 11© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD
2
APIs
!
PSD
2
APIs
!
12. 12© 2018 Rogue Wave Software, Inc. All Rights Reserved.
A sample PSD2 component architecture
IAM: Identity and access management
APIM: API management
PSD2
APIM
IAM
Fraud
detection
Banking
system
13. 13© 2018 Rogue Wave Software, Inc. All Rights Reserved.
What are APIs and API management?
APIs
Expose a business
capability to
designated
consumers in a
secure and controlled
manner.
API
management
Gives you control
over the API across
it’s entire lifecycle,
from design to
deployment to
operational health.
API management
solutions
Provide the
capabilities to
address and
automate your API
management
requirements.
14. 14© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Sample API architecture
15. 15© 2018 Rogue Wave Software, Inc. All Rights Reserved.
In addition, take care of ‘implicit’ API requirements
Summary: Benefits of an APIM solution for
PSD2
Delegate PSD2 API requirements
Decouple published API from downstream landscape
Offer flexibility re. published API
• In particular: API security, authorization
• Rate limiting, consumer management, API lifecycle management, etc.
• Interoperability, different target consumers, etc.
16. 16© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Watch the on-demand webinar
17. 17© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Implementation standards
18. 18© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD2 / OB standards
• Regulatory Technical Standards (RTS)
on strong customer authentication
and secure communication
• UK Open Banking (with PSD2 additions)
• Berlin Group
• STET
• Polish API (and others)
19. 19© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Standards comparison
• UK Open Banking (≠ PSD2):
– Fully open standards-based
(OAuth2.0, OIDC, PKI, JWT, etc.)
– Swagger docs published
• Berlin Group:
– Standards like OAuth2.0 optional rather than preferred
– Deviation and divergence
• E.g. OAuth scopes, signing HTTP messages, ..
20. 20© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Standards divergence
• Deviations force customization
• Interoperability consequences?
– …across ‘standards’?
21. 21© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Multiple initiatives (that may not be compatible)
Summary: Standards
Indispensable for effective technical implementation, yet..
Not yet complete
‘Exotic’ elements may force customization
Interoperability concerns
22. 22© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Added value of
API management
23. 23© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Sample PSD2 portal
24. 24© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Import PSD2 specified API
25. 25© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PSD2 requirements: API security
• Certificate-based client authentication
• OAuth2.0 (as one way to deal with authorization)
Policies
- configurable
- reusable
- versioned
26. 26© 2018 Rogue Wave Software, Inc. All Rights Reserved.
API best practice: rate limiting
• Limit the number of requests
• Protect your downstream systems (request overload)
27. 27© 2018 Rogue Wave Software, Inc. All Rights Reserved.
API best practice: API lifecycle management
• API development lifecycle
– E.g. dev, test, QA, prod
• API consumption lifecycle
– Accepted, rejected, suspended, revoked
• API versioning
– Notification, parallel versions
28. 28© 2018 Rogue Wave Software, Inc. All Rights Reserved.
API best practice: API analytics
• Does my API provide the
expected business value?
• What consumption trends do
I see?
• Do my APIs function as
expected?
29. 29© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Non-mandatory APIs
• Open banking as a business opportunity…
• …offering a much wider range of services…
• …that will make your bank stand out.
30. 30© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Allow for effective consumer on-boarding and management
Summary
Help you with the technical implementation of your
PSD2 API-based interface
Provide you with a flexible/adaptable solution
Ensure effective management of your APIs
Offer great possibilities to offer additional functionality (opening up further
business opportunities)
An APIM solution is indispensable for an effective implementation of the
PSD2 interface. It will:
32. 32© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Next steps:
Learn more in our blog series on PSD2 &
Open Banking at:
blog.akana.com
Watch the full webinar
on-demand.