Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »

OB Standards
Implement Open Data v2.2N/A
Implement Read/Write API Specification v3.1 
Implement Customer Experience Guidelines v1.1 
Implement App-to-App RedirectionN/A
Implement OB Security Profile Implementer's Draft v1.1.2 
Implement FAPI Profile Implementers Draft 2 
Implement CIBA Profile Implementers Draft 1N/A
Implement Dynamic Client Registration v1.1N/A
Implement Dynamic Client Registration v3.1N/A
Decommission Read/Write API Specification v1.x/2.xN/A
Decommission OB Security Profile Implementer's Draft v1.xN/A
Method of Identification
Commence support for eIDAS QWAC certificatesFrom Q2 2020
Commence support for eIDAS QSEAL certificates
 From Q2 2020

Commence support for OBIE QWAC-like certificates

From 14th September
Commence support for OBIE QSEAL-like certificatesFrom 14th September
Cease support for OBIE non eIDAS-like certificates for transportNo Plans
Cease support for OBIE non eIDAS-like certificates for signingNo Plans
Support for MTLS token endpoint authenticationFrom 14th September
Support for private_key_jwt token endpoint authenticationFrom 14th September
Cease support for client id and client secret token endpoint authenticationNo PlansAlpha FX suggests TPPs to use Private Key JWT but won’t stop the support for client id and secret
Post Brexit Certificate Implementation
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition



TPP PSU Migration Outcomes Supported



POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)



Implementation

Directory?

Open Banking

Location of Well Known Endpoints?

Dev Portal

API Standard Implemented?

Open Banking v3.1

Name of Account Holder Implementation Date?

TBC

Date of Current eIDAS Implementation?
MTLS against OB Certificates, Investigating implementation of eIDAS certificates.
Current Certificates used for Identification?




Current Certificates used for Transport?


Current Certificates used for Signing?


Date of Future eIDAS Implementation?No future update currently planned.

Future Certificates used for Identification?


Future Certificates used for Transport?




Future Certificates used for Signing?


Major Milestones

Releasing at Version 3.1, no plans for subsequent versions as of yet.(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)


Security Profile?Open Banking

Security Profile Certification?Yes

CIBA

N/A

Using Open Banking as your eIDAS Trust Framework?Yes

Are you caching the Directory?No

Transaction IDsOption 1

Customer Journey

Implementing Customer Experience Guidelines?

Yes
Current CEG Version?

Next CEG Version?

Next Version Implementation Date



Implementing Bespoke User Journeys?

No

Implementing App to App?

No
App to App Implementation Date?No

Options on 90 day re-authentication?

Same as our online journey. PSU needs to re-authenticate as per standard Open Banking AIS journey (TPP will redirect PSU to AlphaFX login screen, select account, re-authenticate, redirected back to app)

Support Embedded Flow?

No
PSD2

Dispute Management System?

No (See notes)We have our own operational process in place
FCA Adjustment Period - Maintaining Screen Scraping?No

Seeking Fallback Exemption?

Exemption granted on  


Adjusted or Fallback Interface?

We are planning to scope the work required for a fallback interface should the exemption fail so that the interface fallback can be confirmed as possible within the required 2 month window. If exemption is achieved we’ll keep the implementation plan for the fallback in place for the possible revocation of the exemption.


Adjusted or Fallback URL?N/A
Contact Email or Phone Number?clientservices@alphafx.co.uk.
Dev Portal URL?https://developer.alpha-fx.co.uk/

Test Facility Implementation Date?

 
Production Interface Implementation Date? 
Contingency MeasuresAlpha FX are aligned to FCA adjustment period and supporting the phased migration of Screen Scraping by TPPs
Article 10 - Maximum time period after authentication?No restrictions applied other than SCA at Auth and Re-Auth
Article 10 - Endpoints exempt of SCANone

Authentication Method - Open Banking Channel (Browser)?

Login credentials (Username and password) + SMS OTP to begin with, then as we move to our SCA solution we will have:

Biometric + Trusted device

Password + Trusted Device

SMS OTP + Password (for clients without our mobile app)

Authentication Method - Open Banking Channel (APP)?

See Authentication Method - Open Banking Channel (Browser)? above


Authentication Method - Private Channel (Browser)?

See Authentication Method - Open Banking Channel (Browser)? above


Authentication Method - Private Channel (APP)?

See Authentication Method - Open Banking Channel (Browser)? above


Authentication Method Implementation Date (Open Banking Channel)?

TBC

Authentication Method Implementation Date (Private Channel)?

TBC

SCA Implementation Date?

 

SCA Scope? (will it inhibit non PSD2 accounts)

PSD2 Accounts only
Key Implementations

High Cost Credit

TBC

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

-

     Functional Certificate (PIS): AlphaFX 2019

  • No labels