| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | OB Standards |
|---|
|
Commence support for eIDAS QWAC certificates | Commence support for eIDAS QSEAL certificates | | Commence support for OBIE QWAC-like certificates | Commence support for OBIE QSEAL-like certificates | Cease support for OBIE non eIDAS-like certificates for transport | Cease support for OBIE non eIDAS-like certificates for signing | Support for MTLS token endpoint authentication | Support for private_key_jwt token endpoint authentication | Cease support for client id and client secret token endpoint authentication | | Panel |
|---|
| borderStyle | dashed |
|---|
| title | Implementation |
|---|
|
| Page Properties |
|---|
|
Directory? | Open Banking | Location of Well Known Endpoints? | OB Technical Directory | API Standard Implemented? | Open Banking | Name of Account Holder Implementation Date? | N/A | Supported identification method? | MTLS with OB Certificates / MTLS with eIDAS Certificates post RTS | Major Milestones | - | (Inc Other Products, API Updates, API Deprecations, etc) |
|---|
FAPI Compliant? | Yes | CIBA | No | Using Open Banking as your eIDAS Trust Framework? | Yes | Are you caching the Directory? | Yes | Transaction IDs | panelThis Section applies to ASPSPs that have implemented OB Standards | Page Properties |
|---|
| icon | false |
|---|
| id | TC-OB Standards-Production |
|---|
| Implement Open Data v2.2 | Implement Read/Write API Specification v3.1 | Implement Customer Experience Guidelines v1.1 | Implement App-to-App Redirection | Implement OB Security Profile Implementer's Draft v1.1.2 | Implement FAPI Profile Implementers Draft 2 | Implement CIBA Profile Implementers Draft 1 | Implement Dynamic Client Registration v1.1 | Implement Dynamic Client Registration v3.1 | Decommission Read/Write API Specification v1.x/2.x | Decommission OB Security Profile Implementer's Draft v1.x | Article 10 SCA Exemption (for 90 days) | Resources covered (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements |
|---|
|
| Panel |
|---|
| borderStyle | dashed |
|---|
| title | Method of Identification |
|---|
|
| Page Properties |
|---|
|
|
| -Have you Implemented OB Standards? | |
|
|---|
| Open Data - Which version have you Implemented? | |
|
|---|
Read/Write API Specification Implemented or planning to implement (Lowest version = Current, Highest version = Planned) | - V3.0
- V3.1
- V3.1.1
- V3.1.2
- V3.1.3
- V3.1.4
- V3.1.5
- V3.1.6
- V3.1.7
- V3.1.8
- V3.1.9
- V3.1.10
- V3.1.11
- V4.0
|
|
|---|
| Read/Write API - Which date are you planning to implement your latest version? |
|
|
|---|
Have you implemented v4.0 information flows, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | |
|
|---|
| DCR - Which date are you planning to implement your latest version? |
|
|
|---|
Have you implemented Trusted beneficiaries, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
Have you implemented Reverse Payments, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
Have you implemented ECA Standard? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
ECA Implementation details |
| Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide your status with respect to the Standard] |
|---|
Have you implemented Bulk/File Payments? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
Have you implemented VRP – Sweeping, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
|
|
|---|
Have you implemented VRP non-Sweeping, if not date planned to Implement? | - Already Implemented
- Planning to implement
- Not planning to implement
| Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide implementation details relevant to VRP] |
|---|
| PISP - Single Payment Limit | £ |
|
|---|
| PISP - Daily Payment Limit | £ |
|
|---|
| How many months of transaction do you provide? |
|
|
|---|
| Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement? |
|
|
|---|
| What is your approach to Implementing TRIs? | - Accept payload with TRI fields – Process all fields
- Accept payload with TRI fields – Ignore all fields
- Reject payload with TRI fields – Error back to TPP
- Accept payload with TRI fields – Process few fields (Provide list of accepted fields)
|
|
|---|
|
|
| Panel |
|---|
| borderStyle | dashed |
|---|
| title | SCA-RTS 90-day reauth Implementation |
|---|
|
| Page Properties |
|---|
|
Which date are you planning on implementing the SCA reauthentication exemption? |
|
|
|---|
What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance) |
| Example approach:
Issue a long-lived refresh token during one final SCA, with refresh token rotation implemented. [Please use this space to provide more details on your approach] |
|---|
| Article 10A - Endpoints exempt of SCA-RTS | -
Accounts -
Transactions (90days) -
Balances -
Standing orders -
Direct debits -
Beneficiaries -
Products -
Offers -
Parties -
Scheduled Payments -
Statements
|
|
|---|
| Article 10A - Endpoints not exempt of SCA-RTS | |
|
|---|
| Article 10A - Maximum time period after authentication |
| Please specify the time period in minutes |
|---|
| SCA-RTS implementation status (updated by OBL PS team only) | | Status |
|---|
| colour | Green |
|---|
| title | Implemented |
|---|
|
|
|
|---|
|
|
| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | Security Profile |
|---|
|
| Page Properties |
|---|
|
-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | - OB Security Profile (Legacy)
- FAPI (ID2)
- FAPI 1 Advanced
- Other (Please define)
|
|
|---|
| Security Profile - Next Planned Version Implementation Date |
|
|
|---|
| CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned) | - None
- CIBA
- CIBA FAPI Profile
|
|
|---|
| CIBA Profile - Next Planned Version Implementation Date |
|
|
|---|
| Security Profile Certification date? | |
|
|---|
| Token Endpoint Authentication Methods Supported | -
client_secret_post -
client_secret_basic -
client_secret_jwt -
tls_client_auth - Private_key_jwt
|
|
|---|
| Planned date to Cease support for client id and client secret token endpoint authentication |
|
|
|---|
| POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) | - eIDAS QWAC
- eIDAS QSealC
- OB legacy (obtransport, obsigning)
- OBWAC
- OBSeal
- Other (Please define)
|
|
|---|
|
|
| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | Customer Journey |
|---|
|
| Page Properties |
|---|
|
-What is your approach to Implementing OBL Customer Experience Guidelines |
|---|
?Yes | Implementing Bespoke User Journeys? | No | Implementing App to App? | No | App to App Implementation Date? | N/A | Options on 90 day re-authentication? | Inline with RTS and Customer Experience Guidelines | Support Embedded Flow? | No | (CEG)? (tick all that apply) | - Already Implemented
- Planning to implement or upgrade
- Not planning to implement CEG
|
|
|---|
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | - V3.1.2
- V3.1.3
- V3.1.4
- V3.1.5
- V3.1.6
- V3.1.7
- V3.1.8
- V3.1.9
- V3.1.10
- V3.1.11
- V4.0
|
|
|---|
| Which date are you planning to implement your latest CEG version? |
|
|
|---|
| Redirection Model | - App to App redirection
- Decoupled authentication
- Embedded Flow
- Bespoke User Journeys
|
|
|---|
|
|
| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | PSD2 |
|---|
|
| Page Properties |
|---|
| Dispute Management System? | TBC | |
|---|
| -Which Directory are you using as your Trust Framework? | Open Banking |
|
|---|
| Are you caching the Directory? | Yes |
|
|---|
| Transaction IDs Supported |
|
|
|---|
Are you Seeking Fallback Exemption? | |
|---|
Adjusted or Fallback Interface? | No | Adjusted or Fallback URL? | N/A | Contact Email or Phone Number? | Dev Portal URL? |
| | Article 10 - Maximum time period after authentication |
|
|
|---|
| Article 10 - Endpoints exempt of SCA |
|
|
|---|
| Major Milestones |
|
|
|---|
| Brand(s) |
|
|
|---|
|
|
| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | ASPSP Dev Portal and Contact Details |
|---|
|
| Page Properties |
|---|
|
Implementation Date?| | Production Interface Implementation Date? | | Authentication Method - Open Banking Channel (Browser)? | Credentials + OTP | Authentication Method - Open Banking Channel (APP)? | Credentials + OTP | Authentication Method - Private Channel (Browser)? | Credentials + OTP | Authentication Method - Private Channel (APP)? | Credentials + OTP | Authentication Method Implementation Date (Open Banking Channel)? | September 2019 | Authentication Method Implementation Date (Private Channel)? | September 2019 | SCA Implementation Date? | September 2019 | SCA Scope? (will it inhibit non PSD2 accounts) | No| URL |
|
|
|---|
| Brand Landing Pages URL |
| [You can use this space to explain your guidance on using Brand logos] |
|---|
ASPSP Support Desk Email or Phone Number (including queries about consent success rates) |
|
|
|---|
|
|
| Panel |
|---|
| titleColor | Black |
|---|
| borderStyle | dashed |
|---|
| title | Key Implementations |
|---|
|
|
