Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | OB Standards |
---|
|
Commence support for eIDAS QWAC certificates | Commence support for eIDAS QSEAL certificates | | Commence support for OBIE QWAC-like certificates | Commence support for OBIE QSEAL-like certificates | Cease support for OBIE non eIDAS-like certificates for transport | Cease support for OBIE non eIDAS-like certificates for signing | Support for MTLS token endpoint authentication | Support for private_key_jwt token endpoint authentication | Cease support for client id and client secret token endpoint authentication | Panel |
---|
borderStyle | dashed |
---|
title | Implementation |
---|
|
Page Properties |
---|
|
Directory? | Open Banking | Location of Well Known Endpoints? | OB Technical Directory | API Standard Implemented? | Open Banking | Name of Account Holder Implementation Date? | N/A | Supported identification method? | MTLS with OB Certificates / MTLS with eIDAS Certificates post RTS | Major Milestones (Inc Other Products, API Updates, API Deprecations,etc) | - | FAPI Compliant? | Yes | CIBA | No | Using Open Banking as your eIDAS Trust Framework? | Yes | Are you caching the Directory? | Yes | Transaction IDs | panelThis Section applies to ASPSPs that have implemented OB Standards Page Properties |
---|
icon | false |
---|
id | TC-OB Standards-Production |
---|
| Implement Open Data v2.2 | Implement Read/Write API Specification v3.1 | Implement Customer Experience Guidelines v1.1 | Implement App-to-App Redirection | Implement OB Security Profile Implementer's Draft v1.1.2 | Implement FAPI Profile Implementers Draft 2 | Implement CIBA Profile Implementers Draft 1 | Implement Dynamic Client Registration v1.1 | Implement Dynamic Client Registration v3.1 | Decommission Read/Write API Specification v1.x/2.x | Decommission OB Security Profile Implementer's Draft v1.x | Article 10 SCA Exemption (for 90 days) | Resources covered (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements |
---|
|
Panel |
---|
borderStyle | dashed |
---|
title | Method of Identification |
---|
|
Page Properties |
---|
|
|
-Have you Implemented OB Standards? | |
|
---|
Open Data - Which version have you Implemented? | |
|
---|
Read/Write API Specification Implemented or planning to implement (Lowest version = Current, Highest version = Planned) | - V3.0
- V3.1
- V3.1.1
- V3.1.2
- V3.1.3
- V3.1.4
- V3.1.5
- V3.1.6
- V3.1.7
- V3.1.8
- V3.1.9
- V3.1.10
- V3.1.11
- V4.0
|
|
---|
Read/Write API - Which date are you planning to implement your latest version? |
|
|
---|
Have you implemented v4.0 information flows, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | |
|
---|
DCR - Which date are you planning to implement your latest version? |
|
|
---|
Have you implemented Trusted beneficiaries, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
Have you implemented Reverse Payments, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
Have you implemented ECA Standard? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
ECA Implementation details |
| Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide your status with respect to the Standard] |
---|
Have you implemented Bulk/File Payments? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
Have you implemented VRP – Sweeping, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
---|
Have you implemented VRP non-Sweeping, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
| Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide implementation details relevant to VRP] |
---|
PISP - Single Payment Limit | £ |
|
---|
PISP - Daily Payment Limit | £ |
|
---|
How many months of transaction do you provide? |
|
|
---|
Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement? |
|
|
---|
What is your approach to Implementing TRIs? | - Accept payload with TRI fields – Process all fields
- Accept payload with TRI fields – Ignore all fields
- Reject payload with TRI fields – Error back to TPP
- Accept payload with TRI fields – Process few fields (Provide list of accepted fields)
|
|
---|
|
|
Panel |
---|
borderStyle | dashed |
---|
title | SCA-RTS 90-day reauth Implementation |
---|
|
Page Properties |
---|
|
Which date are you planning on implementing the SCA reauthentication exemption? |
|
|
---|
What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance) |
| Example approach: Issue a long-lived refresh token during one final SCA, with refresh token rotation implemented. [Please use this space to provide more details on your approach] |
---|
Article 10A - Endpoints exempt of SCA-RTS | -
Accounts -
Transactions (90days) -
Balances -
Standing orders -
Direct debits -
Beneficiaries -
Products -
Offers -
Parties -
Scheduled Payments -
Statements
|
|
---|
Article 10A - Endpoints not exempt of SCA-RTS | |
|
---|
Article 10A - Maximum time period after authentication |
| Please specify the time period in minutes |
---|
SCA-RTS implementation status (updated by OBL PS team only) | Status |
---|
colour | Green |
---|
title | Implemented |
---|
|
|
|
---|
|
|
Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | Security Profile |
---|
|
Page Properties |
---|
|
-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | - OB Security Profile (Legacy)
- FAPI (ID2)
- FAPI 1 Advanced
- Other (Please define)
|
|
---|
Security Profile - Next Planned Version Implementation Date |
|
|
---|
CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned) | - None
- CIBA
- CIBA FAPI Profile
|
|
---|
CIBA Profile - Next Planned Version Implementation Date |
|
|
---|
Security Profile Certification date? | |
|
---|
Token Endpoint Authentication Methods Supported | -
client_secret_post -
client_secret_basic -
client_secret_jwt -
tls_client_auth - Private_key_jwt
|
|
---|
Planned date to Cease support for client id and client secret token endpoint authentication |
|
|
---|
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) | - eIDAS QWAC
- eIDAS QSealC
- OB legacy (obtransport, obsigning)
- OBWAC
- OBSeal
- Other (Please define)
|
|
---|
|
|
Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | Customer Journey |
---|
|
Page Properties |
---|
|
-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)? |
---|
Yes | Implementing Bespoke User Journeys? | No | Implementing App to App? | No | App to App Implementation Date? | N/A | Options on 90 day re-authentication? | Inline with RTS and Customer Experience Guidelines | Support Embedded Flow? | No(tick all that apply) | - Already Implemented
- Planning to implement or upgrade
- Not planning to implement CEG
|
|
---|
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | - V3.1.2
- V3.1.3
- V3.1.4
- V3.1.5
- V3.1.6
- V3.1.7
- V3.1.8
- V3.1.9
- V3.1.10
- V3.1.11
- V4.0
|
|
---|
Which date are you planning to implement your latest CEG version? |
|
|
---|
Redirection Model | - App to App redirection
- Decoupled authentication
- Embedded Flow
- Bespoke User Journeys
|
|
---|
|
|
Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | PSD2 |
---|
|
Page Properties |
---|
| Dispute Management System? | TBC | |
---|
-Which Directory are you using as your Trust Framework? | Open Banking |
|
---|
Are you caching the Directory? | Yes |
|
---|
Transaction IDs Supported |
|
|
---|
Are you Seeking Fallback Exemption? | |
---|
Adjusted or Fallback Interface? | No | Adjusted or Fallback URL? | N/A | Contact Email or Phone Number? | Dev Portal URL? |
| Article 10 - Maximum time period after authentication |
|
|
---|
Article 10 - Endpoints exempt of SCA |
|
|
---|
Major Milestones |
|
|
---|
Brand(s) |
|
|
---|
|
|
Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | ASPSP Dev Portal and Contact Details |
---|
|
Page Properties |
---|
|
Implementation Date? | Production Interface Implementation Date? | | Authentication Method - Open Banking Channel (Browser)? | Credentials + OTP | Authentication Method - Open Banking Channel (APP)? | Credentials + OTP | Authentication Method - Private Channel (Browser)? | Credentials + OTP | Authentication Method - Private Channel (APP)? | Credentials + OTP | Authentication Method Implementation Date (Open Banking Channel)? | September 2019 | Authentication Method Implementation Date (Private Channel)? | September 2019 | SCA Implementation Date? | September 2019 | SCA Scope? (will it inhibit non PSD2 accounts) | NoURL |
|
|
---|
Brand Landing Pages URL |
| [You can use this space to explain your guidance on using Brand logos] |
---|
ASPSP Support Desk Email or Phone Number (including queries about consent success rates) |
|
|
---|
|
|
Panel |
---|
titleColor | Black |
---|
borderStyle | dashed |
---|
title | Key Implementations |
---|
|
|