W006
Description | Connections between Santander to Open Banking are specified below.
Out of the above, Santander's understanding is that only point 3 and 4 need to be accessed over TLS MA. Santander is using a B2B proxy to connect to these, where we currently don’t support TLS MA. Note: The MIT directory is allowing TLS only connections and does not support TLS MA, therefore we have not been able to test a solution from our B2B proxy which will take some weeks before we can test and support this with the Production environment. |
---|---|
Risk assessment | If OB resources are made available only on TLS MA, we cannot verify TPPs SSAs and on board them via the Access Token requests and therefore cannot stand the Developers Portal or API calls for go-live. |
Mitigating controls | The OB resource endpoints can be made available on both TLS and TLS MA including token endpoint, but this is against current policy. In addition to this, the published production endpoints support non-TLSMA connections. |
Impact if refused | |
Financial cost (if any) £ | |
Resource cost (if any) £ |
© Open Banking Limited 2019 | https://www.openbanking.org.uk/open-licence | https://www.openbanking.org.uk