Versions Compared

Old Version 13

changes.mady.by.user Chris Michael

Saved on

compared with

New Version 14

changes.mady.by.user Chris Michael

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Open Banking Limited (hereafter known as OBIE) provide a suite of Conformance Tools to help Implementers (which includes Account Providers, Third-Party Providers, Vendors and Technical Service Providers) test that they have implemented each part of the OBIE Standard correctly.

OBIE offers a Conformance Certification Service to allow Implementers to use these tools to self-attest, so that OBIE can then validate and publish a Conformance Certificate. These Conformance Certificates can be used by Implementers as evidence to the ecosystem (including Regulators) that they have followed the OBIE Standard correctly.

Initially, the focus is to enable ASPSPs to use these Conformance Certificates as evidence that they have followed the OBIE Standard without deviation when applying to their National Competent Authority (NCA) for an exemption from a contingency mechanism. 

...

Version

Date

Author

Comments

1.0

OBIE

Initial baselined version

1.1 OBIEMinor update to include further clarity of difference between OBIE and OIDF security profile conformance
1.2 OBIEUpdate to the range of Conformance Tools and Certificates available
1.3 OBIEUpdate to the range of Conformance Tools and Certificates available (DCR)

2. Overview

The following table shows the range of Conformance Tools and Conformance Certificates that are offered by OBIE.

...

TypeConformance CertificatesFee per Conformance CertificateNumber of Conformance Certificates needed
Security Profile ConformanceFinancial Grade API (FAPI) Conformance Certificates *See https://openid.net/certification/fees/One per base URL (e.g. api.bank.com). 

Client-Initiated Backchannel Authentication (CIBA) Conformance Certificates *See https://openid.net/certification/fees/One per base URL (e.g. api.bank.com). 
Functional ConformanceFunctional Conformance Certificates: AIS£1,000One per base URL (e.g. api.bank.com). 

Functional Conformance Certificates: PIS£1,000One per base URL (e.g. api.bank.com). 

Functional Conformance Certificates: CBPII£1,000One per base URL (e.g. api.bank.com). 

Dynamic Client Registration Conformance Certificates£1,000One per base URL (e.g. api.bank.com). 
Customer Experience Guidelines ConformanceCustomer Experience Guidelines Conformance CertificatesPrice on applicationOne per branded set of customer journeys. 

...

  1. Implementer downloads relevant Conformance Tool or Checklist and completes all required tests.
    1. Functional Conformance Tool for AIS, PIS and CBPII
    2. Dynamic Client Registration Tool
  2. Implementer signs relevant order form (including agreeing terms and conditions and payment terms) to order a Conformance Certificate.

  3. Implementer purchases a Conformance Certification Service from OBIE via the Service Desk (servicedesk@openbanking.org.uk)

  4. Once the Implementer has signed the relevant order form (including agreeing terms and conditions), OBIE sends Conformance Certificate Request link to Implementer.

  5. Implementer completes Conformance Certificate Request, including

    Desk Conformance Certification Order Form

  6. OBIE validates Conformance Certificate Request.
  7. Implementer uploads all required supporting evidence together with a signed Self Certification Form.
  8. OBIE validates Conformance Certificate Request.OBIE will provide support to the Implementer during the validation period, as detailed above.
  9. OBIE publishes Conformance Certificate and notifies Implementer.

Once a Conformance Certificate has been published by OBIE, no further support will be provided to the Implementer and the Certificate Request will be marked as ‘Complete’‘Closed’.

To re-apply for the same Conformance Certificate, or to request a new Conformance Certificate, the Implementer will need to sign a new order form to re-start the above process.

...

For the CEG, video evidence and a completed CEG Checklist will be submitted by the applicant which will be reviewed and assessed by the Office of the Trustee. The cost of this service is more than for other Conformance Certificates as it requires more manual review given the subjective nature of applications. For CEG Conformance Certificates OBIE anticipate more dialogue during the review process, and will support this.

For the OG, OBIE will review the completed OG Checklist and self-attestation submitted by Implementers, as well as any performance and availability metrics that are provided.

5. Publication of Conformance Certificates

...

  • Status
    colourGreen
    titleCertified
          Conformance Certificates will only be marked as ‘Certified’ if Implementers conform completely to all required or mandatory elements of the relevant OBIE Standard. If an Implementer also conforms to recommendations or optional elements of the relevant OBIE Standard, then these will also be marked on the relevant Conformance Certificate, e.g. meeting the OBIE recommended benchmarks for performance and availability.
  • Status
    colourYellow
    titlePartial
          If an Implementer only partially conforms, i.e. fails one or more test(s) or does not complete all required/mandatory elements, then they can still request OBIE to publish the results which will show where the Implementer has deviated from the relevant OBIE Standard. The Conformance Certificate will be published but with a status of ‘Partial’.

The issuance and publication of Conformance Certificates is are at the sole discretion of OBIE.

...