Versions Compared

Old Version 42

changes.mady.by.user Anthony Evans

Saved on

compared with

New Version Current

changes.mady.by.user Anthony Evans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Latest communications and News

Recently a number of Production tickets have been raised as a result of TPPs continuing to use the original RS256 endpoint.  This can be overcome by using an alternative end point also available.  Sam Odubade of the OB Support Desk provided the following information

'Participants who are using current OB SCIM API to generate software statement assertion (SSA) are being issued RS256 signed SSA token irrespective of time of day SSA token is generated. 

This creates a problem when target ASPSP endpoint accepts only PS256 signed SSA token.

To avoid this problem, participants who need PS256 signed SSA token should use the new version of OB SCIM API:

https://matls-dirapi.openbankingtest.org.uk/organisation/<organisation_type>/<organisation_id>/software-statement/<software-statement_id>/software-statement-assertion

Summary:

RS256 signed SSA token (Production):

PS256 signed SSA token (Production):

For an RS256 signed SSA token (Sandbox):

For a PS256 signed SSA token (Sandbox):

https://matls-dirapi.openbankingtest.org.uk/organisation/<organisation_type>/<organisation_id>/software-statement/<software-statement_id>/software-statement-assertion 
Info
titleSwitching to New PS256 End Point
New Functionality in OB DIrectory

The PS256 issues that have previously caused difficulties have now been resolved.  In addition new functionality is now available on the OB Directory - the following summary (from the OB Directory Usage Page) may be helpful:

Using the Open Banking Directory APIs

Functionality that was previously only available via the DFI can now be accessed via Open Banking APIs:

  • manage organisation contacts (CRU)
  • manage software statements (CRU)
  • generate software statement assertions
  • upload/manage signing keys
  • upload/manage encryption keys
  • generate/manage OB non-ETSI certs
  • generate OBWAC/OBSeal certs
  • upload eIDAS QWAC/QSeal certs

The above require the generation of an organisational OAuth client.  Until the Dynamic Client Registration (DCR) service is made available, please submit a Service Desk ticket requesting an organisational OAuth client.

To understand how to use the API, please read the Directory API Swagger specification. This is an attachment to the Directory 2.0 Technical Overview DRAFT 1.


Info
titleOB Comms Email Regarding Directory Upgrade

(Please note that this email, sent on 8th March is primarily around eIDAS - but it is also regarded as the key date for PS256.  This information is provided just for information)

'Dear Participant,

OBIE would like to update the previous communication regarding the planned release next week to support eIDAS.

NB: The JWKS Keystore will not have an outage.

This is a major release, and will bring Production into line with the Directory Sandbox (which has had ETSI certificate capability since January 2019).

Some of the work OBIE intends to carry out next week will require a service outage to the Directory, and this will also include work to the JWKS (JSON Web Key Set) store to migrate certificates to the new format during part of the release.

OBIE would therefore like to notify the following maintenance windows:

Monday 11th March: 1800 to 2200 - Preparatory work with no expected service impact.

Tuesday 12th March: 1800 to 0600 (Wednesday) - Directory outage.

Wednesday 13th March: 1800 to 0600 (Thursday) - Directory outage.

The JWKS and OCSP responder will not be impacted by this release.

As ever, if you have any questions relating to this, please do not hesitate to contact the Service Desk at servicedesk@openbanking.org.uk or on 0203 217 8188

Kind regards,

The Open Banking Team'

In a separate note, Head of Directory Mike Mayfield also pointed out that:

'The keystore (and indeed the SCIM end points) will be available at all times but there is a period when it will be in read only (i.e. you won't be able to mint certs)'

...