On 23 August 2018, OBIE's Technical Design Authority (TDA) agreed a decision to switch from the Open Banking Security Profile to the Financial Grade API (FAPI) Profile. Due
Due to the tight timelines of the CMA Order and PSD2/RTS, several ASPSPs were unable to support this switch prior to 14 September 2019. As such OBIE agreed to continue continued support for both the Open Banking Security Profile and the related Conformance Tool for a period of time to allow ASPSPs to migrate to the FAPI Profile, and for these ASPSPs to allow TPPs to also make this migration. As such, OBIE will continue OBIE also continued to support the Open Banking Security Profile and the related Conformance Tool until 14 September 2019, and will continue continued to issue and publish related Conformance Certificates until this time. After
Since 14 September 2019, OBIE will mark has marked the Open Banking Security Profile and the Conformance Tool as 'archived' and will no longer accept accepts requests for related Conformance Certificates.
OBIE encourages all ASPSPs to make the switch to FAPI as soon as possible and to apply for a related Conformance Certificate direct from the Open ID Foundation.
An OBIE Security Profile Conformance Certificate allows an Implementer to demonstrate that they have successfully implemented either of the following security profiles:
- Open Banking Security Profile using the Open Banking Security Profile Conformance Tool (available till 14 Sep 2019).
- Dynamic Client Registration (DCR) Profile using the Dynamic Client Registration Conformance Tool (due TBC).
For Open Banking Security Profile Conformance Certificates:
- Although the Implementer may download and run tests locally, Conformance Certificates will only be issued when the tests have been run and evidence supplied using the hosted version of the Open Banking Security Profile Conformance Tool .
- The Implementer must have implemented the Open Banking Security Profile and use the Conformance Tool to test their implementation.
- The Implementer must use the latest or most recent previously published version of the Conformance Tool.
- The Implementer must ensure that all sensitive information (e.g. private keys and authorisation headers) are redacted or removed prior to submission to OBIE.
- OBIE will not normally publish new versions of the tool more frequently than every two weeks.
- The tool will which generate a file which includes:
- List of all tests run.
- For each test run, a description, pass/fail flag, and link to the relevant specification reference.
- The Implementer must also complete a signed attestation form to confirm that all evidence submitted is accurate and has not been altered in any way.
Number of Conformance Certificates needed
It is up to each Implementer as to how many Conformance Certificates they apply for.
For ASPSPs, each Conformance Certificate covers one base URL (e.g. api.bank.com). This URL may include multiple brands and/or products, based on the same Security Profile. It is up to the Implementer to ensure they have run and submitted sufficient tests which cover all relevant brands/products as part of their Conformance Certification Request.
An ASPSP may have other brands/products on separate base URLs which have the exact same functionality, and may decide to declare that these bands/products are also covered by a single Conformance Certificate. However OBIE will only publish the Conformance Certificate based on the single base URL submitted by the Implementer.
Open Banking Conformance Certificates
|Page Properties Report|
as soon as possible and to apply for a related Conformance Certificate direct from the OpenID Foundation
FAPI Conformance Certificates
Please see previous/expired certificates here Open Banking Security Profile Conformance