Barclays Bank UK Plc

OB Standards

Implement Open Data v2.2	COMPLETE
Implement Read/Write API Specification v3.1	COMPLETE
Implement Customer Experience Guidelines v1.1	COMPLETE
Implement App-to-App Redirection	COMPLETE
Implement OB Security Profile Implementer's Draft v1.1.2	COMPLETE
Implement FAPI Profile Implementers Draft 2	TBC	Plans to be confirmed
Implement CIBA Profile Implementers Draft 1	TBC	Plans to be confirmed
Implement Dynamic Client Registration v1.1	Not Delivered
Implement Dynamic Client Registration v3.1	TBC	Plans to be confirmed
Decommission Read/Write API Specification v1.x/2.x	TBC - No Plans
Decommission OB Security Profile Implementer's Draft v1.x	TBC - No Plans
Article 10 SCA Exemption (for 90 days)	N / A	Barclays provide access for a maximum period of 90 days if requested, however we will require no additional authorisation should the PSU consent to more than 90 days worth of data Resources covered (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements
Contingency Mechanism (if applicable)	N / A	Method (delete as appropriate): Existing PSU interface, but with header signed using signing cert Adapted (clone) version of a PSU interface, with TLS secured using transport cert

Method of Identification

Commence support for eIDAS QWAC certificates	TBC	Plans to be confirmed
Commence support for eIDAS QSEAL certificates	TBC	Plans to be confirmed
Commence support for OBIE QWAC-like certificates	TBC	Plans to be confirmed
Commence support for OBIE QSEAL-like certificates	TBC	Plans to be confirmed
Cease support for OBIE non eIDAS-like certificates for transport	TBC - No Plans
Cease support for OBIE non eIDAS-like certificates for signing	TBC - No Plans
Support for MTLS token endpoint authentication	TBC - No Plans
Support for private_key_jwt token endpoint authentication	June 2019
Cease support for client id and client secret token endpoint authentication	TBC - No Plans

Implementation

Directory?	Open Banking
Location of Well Known Endpoints?	OB Technical Directory
API Standard Implemented?	Open Banking
Name of Account Holder Implementation Date?	September 2019
Supported identification method?	OB identity provider service OB-WAC / OB-SEAL from September
Major Milestones	v3.1 – 14 Mar 2019 v3.1.1 – 14 Sep 2019
FAPI Compliant?	Yes
CIBA	TBC
Using Open Banking as your eIDAS Trust Framework?
Are you caching the Directory?

Customer Journey

Implementing Customer Experience Guidelines?	Yes
Implementing Bespoke User Journeys?	No
Implementing App to App?	Yes
App to App Implementation Date?	Live
Options on 90 day re-authentication?	90 day re-authentication required across all Open Banking flows
Support Embedded Flow?	No

PSD2

Dispute Management System?	Yes
Seeking Fallback Exemption?	Yes
Adjusted or Fallback Interface?	No
Adjusted or Fallback URL?
Contact Email or Phone Number?
Test Facility Implementation Date?	14 Mar 2019
Production Interface Implementation Date?	14 Mar 2019
Authentication Method - Open Banking Channel (Browser)?	SCA compliant digital channel logon
Authentication Method - Open Banking Channel (APP)?	SCA compliant digital channel logon
Authentication Method - Private Channel (Browser)?	SCA compliant digital channel logon
Authentication Method - Private Channel (APP)?	SCA compliant digital channel logon
Authentication Method Implementation Date (Open Banking Channel)?	Live
Authentication Method Implementation Date (Private Channel)?	Live
SCA Implementation Date?	Live
SCA Scope? (will it inhibit non PSD2 accounts)	No	Scope of Open Banking flows limited to PSD2 accounts only