Open Banking Security Profile Certifications (version 3 of the OBIE Standard)
The following certifications relate to the OBIE API Specification v3.0 and the Open Banking Security Profile Implementer's Draft v1.1.2. These are based on the OB Conformance Tool v2.0.6 (released 12 Sep 2018).
Click here to expand...
Generating page properties report...
Open Banking Security Profile Certifications (version 2 of the OBIE Standard)
The following certifications relate to the OBIE API Specification v2.x and the Open Banking Security Profile Implementer's Draft v1.1.2. These are based on the OB Conformance Tool v2.0.x.
When the TPP does not pass the algorithm used to sign the request object, the Key Storage service correctly throws a 400 error but preauth service is not appending the proper error description of invalid request_object.
When the consent journey is completed an authorisation code is issued which is valid for 5 mins and should be for one-time use only, i.e., revoked once used.
When the redirect URL to consent pre-auth service includes a query parameter the journey breaks, which breaks the consent journey. The fix has been applied to the OIDC API.
Planned fix and certification date: 4th Feb 2019
Nationwide
SEE NOTES
Known issue(s) in current implementation:
Failing ob-code-id-token-with-secret-basic-and-matls - Does not support multiple query parameters in the redirect_uri - Fix in October
Supports old TLS 1.0 and TLS 1.1 connections.
Failing matching-key-in-authorization-request-code-id-token - No screenshots.
Failing request-object-signature-algorithm-is-not-none-code-id-token - No screenshots.
One or more failures where there is an agreed (by standards body or regulator) workaround/mitigation
FAIL
One or more failures where there is no agreed workaround/mitigation
Open Banking Security Profile Certifications (version 1 of the OBIE Standard)
The following certifications relate to the OBIE API Specification v1.x and the Open Banking Security Profile Implementer's Draft v1.1.x. These are based on the OB Conformance Tool v1.1.x.
scope not present in token response -> Agreed with OBIE that it is not a breaking defect
· This is a limitation of the current software version for the platform, and will be resolved in the next release..
Error from account request endpoint (406 Error) -> Expected Error because of incorrect values in Headers (Swagger v/s FAPI standards)
· We currently check for application/json being present within the headers only as a strict interpretation as per Swagger / OBIE specifications and not to the FAPI standard
NB: Platform currently unable to handle query parameters in redirect URI. Incorrect error returned in response to access token sent as a query parameter. Both issues shortly to be resolved. Platform accepts TLS1.0&1.1 connections due to limitations in customer base.