Camunda BPM - Said Mengi
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie Strong Customer Authentication - All Your Questions Answered (20)
Weitere von WSO2 (20)
Aktuellste (20)
Strong Customer Authentication - All Your Questions Answered
- 1. Strong Customer Authentication Sachithra Dangalla Software Engineer WSO2 Open Banking Team All your questions answered
- 2. Agenda ● What is SCA? ● The RTS for SCA ● Exemptions from SCA ● SCA Approaches ● Configuring default authenticators ● Customizing SCA based components ○ Implementing custom authenticators ○ Customizing Key Manager Extension
- 3. What is Strong Customer Authentication? Authentication Factors Password, PIN, ID number Key, mobile device, token or Smart card Fingerprint, face or voice recognition Knowledge Possession Inherence Authentication = Verifying the identity of a user Strong customer Authentication = Authenticating by using at least 2 out of the 3 elements
- 4. RTS for SCA https://eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+ and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf 6 Chapters ~ 32 Articles ● General Provisions ● Security Measures for the Application of Strong Customer Authentication ● Exceptions from Strong Customer Authentication ● Confidentiality and Integrity of the Payment Service Users’ Personalized Security Credentials ● Common and Secure Open Standards of Communication ● Final Provisions
- 5. When SCA is exempted: Exemptions from SCA Transaction amount > 10000 SGD Transaction amount < 10000 SGD Basic Authentication SMS OTP Authentication Basic Authentication Authenticated Authenticated
- 6. SCA Approaches Redirect Approach AISP Bank AISP
- 7. SCA Approaches Decoupled Approach AISP AISP Bank
- 8. SCA Approaches Embedded Approach AISP AISP Bank User credentials Authentication result
- 9. WSO2 Open Banking
- 10. • SCA Approach defines the high level functionality • SCA methods define more granular functionality • Authenticator = SCA methods implementation • https://store.wso2.com/store/assets/isconnector/list Authenticators • Local and federated authenticators Local: Basic / IWA (zero password login) / FIDO (First Identity Online) Federated: SAML2/ OIDC / MePIN / Email OTP / SMS OTP
- 11. Implementation guide: • Local authenticator: https://docs.wso2.com/display/IS570/Writing+a+Custom+Local+Authenti cator • Federated authenticator: https://docs.wso2.com/display/IS570/Writing+a+Custom+Federated+Aut henticator Implementing Custom Authenticators
- 12. ● Custom authenticator: ○ .jar file ~ authenticator logic ○ .war ~ user interfaces ● Copy the .jar file to <wso2_obkm>/repository/components/dropins directory and restart the Key Manager component. ● Copy the .war file to <wso2_obkm>/repository/deployment/server/webapps directory and make sure web application deployed successfully from the Key manager logs. Implementing Custom Authenticators
- 13. • Add a authenticator config element to the application-authentication.xml file in the <wso2_obkm>/repository/conf/identity/ directory and you can define and parameters that could be used in the implementation of authenticator. Configure Custom Authenticators <AuthenticatorConfig name="FacebookAuthenticator" enabled="true"> <Parameter name="AuthTokenEndpoint">https://graph.facebook.com/abcd</Parameter> <Parameter name="AuthnEndpoint">http://www.facebook.com/dialog/oauth</Parameter> </AuthenticatorConfig>
- 14. Configuring Default Authenticators
- 15. Configuring Default Authenticators
- 16. Demo https://openbanking.wso2.com/
- 17. Open Banking Flows Login and accessing account information via web/mobile application Initiation account info Login page 2 Factor authentication Customer consent Token Get account information Web/Mobile Apps Token 1 2 3 4 5 6 7
- 18. Multi-step and multi-option Configuration per application Multi-Step : Add any number of authentication steps Multi-Option : Add any number of authenticators for a step
- 19. ● Further flexibility can be achieved by customizing the key manager extension ○ Set different combinations of authenticators ○ Set different authenticators for production and sandbox applications ○ Set authenticators dynamically under different circumstances Customizing Key Manager Extension
- 20. ● Create a custom java component and add the below dependencies ○ com.wso2.finance.open.banking.sca.keymanager ○ org.wso2.carbon.apimgt.impl ● Java class should extend “SCABasedKeyManagerClient” ● Override method “setAuthenticators” Customizing Key Manager Extension
- 21. • Build the module and add the component in OB-APIM/repository/components/dropins. • Modify the <KeyManagerClientImpl> element in api-manager.xml of OB-APIM/repository/conf/ directory with FQN of your extended class Customizing Key Manager Extension <APIKeyManager> <KeyManagerClientImpl>com.wso2.sample.SampleKeyManagerClient</KeyManagerClientImpl> </APIKeyManager>
- 22. Upcoming Webinars • Webinar 4: OBIE Directory Integration - A Technical Deep Dive - May 7 • Webinar 5: PISP journey based on Open Banking UK - May 8 • Webinar 6: Verify Your Conformance Against OBIE - May 9 • All webinars will be at 10.00 a.m. GMT.
- 23. Additional Resources More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com Solution RoadMap How WSO2 Open Banking Adheres to the Open Banking UK Standard What’s new in WSO2 Open Banking
- 24. THANK YOU wso2.com
