[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie PSD2 & Open Banking: How to go from standards to implementation and compliance (20)
Weitere von Rogue Wave Software (20)
Aktuellste (20)
PSD2 & Open Banking: How to go from standards to implementation and compliance
- 1. 1© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD2 & Open Banking: How to go from standards to implementation and compliance Olaf van Gorp
- 2. 2© 2018 Rogue Wave Software, Inc. All Rights Reserved. Presenter Olaf van Gorp Technical Sales Europe - Akana olaf.van.gorp@roguewave.com
- 3. 3© 2018 Rogue Wave Software, Inc. All Rights Reserved. Agenda • PSD2 and APIs • Implementation standards • Added value of API management • Q & A
- 4. 4© 2018 Rogue Wave Software, Inc. All Rights Reserved. Watch the on-demand webinar
- 5. 5© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD2 and APIs
- 6. 6© 2018 Rogue Wave Software, Inc. All Rights Reserved. Third party provider account information Third party provider account information payment initiation Third party provider payment initiation Third party provider account information Third party provider payment initiation Third party provider account information Third party provider confirmation of funds Third party provider
- 7. 7© 2018 Rogue Wave Software, Inc. All Rights Reserved. APIs! (really..?)
- 8. 8© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD2? APIs?
- 9. 9© 2018 Rogue Wave Software, Inc. All Rights Reserved. Understand PSD2… …technical compliance.
- 10. 10© 2018 Rogue Wave Software, Inc. All Rights Reserved. Verify request integrity Strong customer authentication Mutual authentication Dynamic linking Consumer authorization
- 11. 11© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD 2 APIs ! PSD 2 APIs !
- 12. 12© 2018 Rogue Wave Software, Inc. All Rights Reserved. A sample PSD2 component architecture IAM: Identity and access management APIM: API management PSD2 APIM IAM Fraud detection Banking system
- 13. 13© 2018 Rogue Wave Software, Inc. All Rights Reserved. What are APIs and API management? APIs Expose a business capability to designated consumers in a secure and controlled manner. API management Gives you control over the API across it’s entire lifecycle, from design to deployment to operational health. API management solutions Provide the capabilities to address and automate your API management requirements.
- 14. 14© 2018 Rogue Wave Software, Inc. All Rights Reserved. Sample API architecture
- 15. 15© 2018 Rogue Wave Software, Inc. All Rights Reserved. In addition, take care of ‘implicit’ API requirements Summary: Benefits of an APIM solution for PSD2 Delegate PSD2 API requirements Decouple published API from downstream landscape Offer flexibility re. published API • In particular: API security, authorization • Rate limiting, consumer management, API lifecycle management, etc. • Interoperability, different target consumers, etc.
- 16. 16© 2018 Rogue Wave Software, Inc. All Rights Reserved. Watch the on-demand webinar
- 17. 17© 2018 Rogue Wave Software, Inc. All Rights Reserved. Implementation standards
- 18. 18© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD2 / OB standards • Regulatory Technical Standards (RTS) on strong customer authentication and secure communication • UK Open Banking (with PSD2 additions) • Berlin Group • STET • Polish API (and others)
- 19. 19© 2018 Rogue Wave Software, Inc. All Rights Reserved. Standards comparison • UK Open Banking (≠ PSD2): – Fully open standards-based (OAuth2.0, OIDC, PKI, JWT, etc.) – Swagger docs published • Berlin Group: – Standards like OAuth2.0 optional rather than preferred – Deviation and divergence • E.g. OAuth scopes, signing HTTP messages, ..
- 20. 20© 2018 Rogue Wave Software, Inc. All Rights Reserved. Standards divergence • Deviations force customization • Interoperability consequences? – …across ‘standards’?
- 21. 21© 2018 Rogue Wave Software, Inc. All Rights Reserved. Multiple initiatives (that may not be compatible) Summary: Standards Indispensable for effective technical implementation, yet.. Not yet complete ‘Exotic’ elements may force customization Interoperability concerns
- 22. 22© 2018 Rogue Wave Software, Inc. All Rights Reserved. Added value of API management
- 23. 23© 2018 Rogue Wave Software, Inc. All Rights Reserved. Sample PSD2 portal
- 24. 24© 2018 Rogue Wave Software, Inc. All Rights Reserved. Import PSD2 specified API
- 25. 25© 2018 Rogue Wave Software, Inc. All Rights Reserved. PSD2 requirements: API security • Certificate-based client authentication • OAuth2.0 (as one way to deal with authorization) Policies - configurable - reusable - versioned
- 26. 26© 2018 Rogue Wave Software, Inc. All Rights Reserved. API best practice: rate limiting • Limit the number of requests • Protect your downstream systems (request overload)
- 27. 27© 2018 Rogue Wave Software, Inc. All Rights Reserved. API best practice: API lifecycle management • API development lifecycle – E.g. dev, test, QA, prod • API consumption lifecycle – Accepted, rejected, suspended, revoked • API versioning – Notification, parallel versions
- 28. 28© 2018 Rogue Wave Software, Inc. All Rights Reserved. API best practice: API analytics • Does my API provide the expected business value? • What consumption trends do I see? • Do my APIs function as expected?
- 29. 29© 2018 Rogue Wave Software, Inc. All Rights Reserved. Non-mandatory APIs • Open banking as a business opportunity… • …offering a much wider range of services… • …that will make your bank stand out.
- 30. 30© 2018 Rogue Wave Software, Inc. All Rights Reserved. Allow for effective consumer on-boarding and management Summary Help you with the technical implementation of your PSD2 API-based interface Provide you with a flexible/adaptable solution Ensure effective management of your APIs Offer great possibilities to offer additional functionality (opening up further business opportunities) An APIM solution is indispensable for an effective implementation of the PSD2 interface. It will:
- 31. 31© 2018 Rogue Wave Software, Inc. All Rights Reserved. Q & A
- 32. 32© 2018 Rogue Wave Software, Inc. All Rights Reserved. Next steps: Learn more in our blog series on PSD2 & Open Banking at: blog.akana.com Watch the full webinar on-demand.
- 33. 33© 2018 Rogue Wave Software, Inc. All Rights Reserved.
