Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 74 Current »

This page lists previous certifications relating to the now deprecated Open Banking Security Profile.

Please see Security Profile Conformance for current certifications.

Open Banking Security Profile Certifications (version 3 of the OBIE Standard)

The following certifications relate to the OBIE API Specification v3.0 and the Open Banking Security Profile Implementer's Draft v1.1.2. These are based on the OB Conformance Tool v2.0.6 (released 12 Sep 2018). 


 Click here to expand...

Generating page properties report...

Open Banking Security Profile Certifications (version 2 of the OBIE Standard)

The following certifications relate to the OBIE API Specification v2.x and the Open Banking Security Profile Implementer's Draft v1.1.2. These are based on the OB Conformance Tool v2.0.x.


 Click here to expand...
ASPSP/BrandSecurity Profile VersionSuite VersionClient Authentication TypeResponse TypeDate

Submission

Status#FailedNotes (including mitigations for any failures)

AIB Group (UK) p.l.c. / First Trust Bank

v1.1.2v2.0.6client secret basiccode id_token DownloadPASS0
Bank of Irelandv1.1.2v2.0.6client secret basiccode id_token DownloadPASS0
Barclays





SEE NOTES
Known issue(s) in current implementation:
  • Failing. Scopes must be returned by the token endpoint.
Planned fix and certification date: March 2019 (waiting for vendor upgrade).
Danskev1.1.2v2.0.6client secret postcode id_token DownloadPASS

HSBC / Retail Banking and Wealth Managementv1.1.2v2.0.4client secret basiccode, code id_token DownloadPASS0
HSBC / Commercial bankingv1.1.2v2.0.4client secret basiccode, code id_token DownloadPASS0
HSBC / First Direct Bankv1.1.2v2.0.4client secret basiccode, code id_token DownloadPASS0
HSBC / Marks and Spencer Bankv1.1.2v2.0.4client secret basiccode, code id_token DownloadPASS0
Lloyds Bank





SEE NOTES

Known issue(s) in current implementation::

  • When the TPP does not pass the algorithm used to sign the request object, the Key Storage service correctly throws a 400 error but preauth service is not appending the proper error description of invalid request_object.

  • When the consent journey is completed an authorisation code is issued which is valid for 5 mins and should be for one-time use only, i.e., revoked once used.

  • When the redirect URL to consent pre-auth service includes a query parameter the journey breaks, which breaks the consent journey. The fix has been applied to the OIDC API.

    Planned fix and certification date: 4th Feb 2019

Nationwide





SEE NOTES
Known issue(s) in current implementation:
  • Failing ob-code-id-token-with-secret-basic-and-matls - Does not support multiple query parameters in the redirect_uri - Fix in October
  • Supports old TLS 1.0 and TLS 1.1 connections.
  • Failing matching-key-in-authorization-request-code-id-token - No screenshots.
  • Failing request-object-signature-algorithm-is-not-none-code-id-token - No screenshots.
Planned fix and certification date: TBC
RBSv1.1.2v2.0.4mtlscode, code id_token
PASS

Santanderv1.1.2v2.0.4client secret basiccode, code id_token DownloadPASS

Ping Identity (Platform Vendor)v1.1.2v2.0.2mtls, private key, client secret basic, client secret postcode, code id_token 
PASS0Ping Identity - PSD2 & Open Banking
Authlete (Platform Vendor)v1.1.2v2.0.4mtlscode id_token DownloadPASS0See https://www.authlete.com/
Ozone (Mock Bank)v1.1.2v2.0.6client secret basic, client secret post, private keycode, code id_token DownloadPASS0See O3-Ozone
Forgerock (Platform Vendor / Mock Bank)v1.1.2v2.0.6client secret basic, client secret post, private keycode id_token DownloadPASS0See https://backstage.forgerock.com/knowledge/openbanking/home

Ostia Software Solutions

v1.1.2v2.0.6client secret basiccode id_token DownloadPASS0See: https://www.ostiasolutions.com
WSO2v1.1.2v2.0.6mtls, private key, client secret basic, client secret postcode, code id_token DownloadPASS0See https://wso2.com/
Key
ASPSPOP tests
TPPRP tests
Vendor/TSP OP and/or RP tests
PASS
Pass with no failures
PROVISIONAL
One or more failures where there is an agreed (by standards body or regulator) workaround/mitigation
FAIL
One or more failures where there is no agreed workaround/mitigation

Open Banking Security Profile Certifications (version 1 of the OBIE Standard)

The following certifications relate to the OBIE API Specification v1.x and the Open Banking Security Profile Implementer's Draft v1.1.x. These are based on the OB Conformance Tool v1.1.x.


 Click here to expand...
ASPSP/BrandSecurity Profile VersionSuite VersionClient Authentication TypeResponse TypeDate

Submission

Status#Warning#FailedNotes

AIB Group (UK) p.l.c. / First Trust Bank

v1.1.1v1.1.7Client secret basiccode id_token
 
DownloadPASS10
Bank of Ireland









Barclaysv1.1.1v1.1.10client secret basic, client secret postcode DownloadPROVISIONAL22
scope not present in token response  ->  Agreed with OBIE that it is not a breaking defect
·         This is a limitation of the current software version for the platform, and will be resolved in the next release..
Error from account request endpoint (406 Error) -> Expected Error because of incorrect values in Headers (Swagger v/s FAPI standards)
·         We currently check for application/json being present within the headers only as a strict interpretation as per Swagger / OBIE specifications and not to the FAPI standard
Danske









HSBCv1.1.2v1.1.11Client secret basiccode, code id_token DownloadPASS20
First Direct Bankv1.1.2v1.1.11Client secret basiccode, code id_token DownloadPASS2

Marks and Spencer Bankv1.1.2v1.1.11Client secret basiccode, code id_token DownloadPASS2

Lloyds Bankv1.1.1v1.1.9Client secret basic, client secret postcode, code id_token DownloadPASS11NB: Platform currently unable to handle query parameters in redirect URI. To be resolved. 1 test still to be run. Non-blocking issue. 
Nationwidev1.1.2v1.1.9Client secret basiccode id_token DownloadPASS11NB: Platform currently unable to handle query parameters in redirect URI. Incorrect error returned in response to access token sent as a query parameter. Both issues shortly to be resolved. Platform accepts TLS1.0&1.1 connections due to limitations in customer base. 
RBS









Santanderv1.1.1v1.1.11client secret basiccode id_token DownloadPASS10
Ozone (Mock Bank)v1.1.2v1.1.7client secret basic, client secret post, private keycode, code id_token DownloadPASS10See O3-Ozone
Forgerock (Platform Vendor and Sandbox Provider)v1.1.2v1.1.9Private keycode, code id_token DownloadPASS10See https://backstage.forgerock.com/knowledge/openbanking/home
Ostia Solutions (Sandbox Provider)v1.1.2v1.1.9Private keycode DownloadPASS00See Ostia Solutions
Key
ASPSPOP tests
TPPRP tests
Vendor/TSP OP and/or RP tests
PASS
Pass with no failures
PROVISIONAL
One or more failures where there is an agreed (by standards body or regulator) workaround/mitigation
FAIL
One or more failures where there is no agreed workaround/mitigation
  • No labels

© Open Banking Limited 2019 | https://www.openbanking.org.uk/open-licence | https://www.openbanking.org.uk