- Created by Adam Pretlove (Unlicensed) , last modified by Alessandro Greco on Dec 04, 2020
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 64 Next »
| Implement Open Data v2.2 | September 2019 | |
|---|---|---|
| Implement Read/Write API Specification v3.1 | September 2019 | |
| Implement Customer Experience Guidelines v1.1 | September 2019 | |
| Implement App-to-App Redirection | N/A | N/A, as the mobile app is currently not in scope. |
| Implement OB Security Profile Implementer's Draft v1.1.2 | September 2019 | |
| Implement FAPI Profile Implementers Draft 2 | September 2019 | |
| Implement CIBA Profile Implementers Draft 1 | N/A | |
| Implement Dynamic Client Registration v1.1 | ||
| Implement Dynamic Client Registration v3.1 | ||
| Decommission Read/Write API Specification v1.x/2.x | ||
| Decommission OB Security Profile Implementer's Draft v1.x |
Will be implemented in line with PSD2 deadline.
| Commence support for eIDAS QWAC certificates | 14 Sept 2019 | |
|---|---|---|
| Commence support for eIDAS QSEAL certificates | N/A | |
Commence support for OBIE QWAC-like certificates | 14 Sept 2019 | |
| Commence support for OBIE QSEAL-like certificates | 14 Sept 2019 | |
| Cease support for OBIE non eIDAS-like certificates for transport | N/A | Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support |
| Cease support for OBIE non eIDAS-like certificates for signing | N/A | Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support |
| Support for MTLS token endpoint authentication | ||
| Support for private_key_jwt token endpoint authentication | ||
| Cease support for client id and client secret token endpoint authentication |
| PRE-BREXIT - Certificates Accepted (until 31st Dec 2020) |
| EIDAS certificates will be validated using the OBIE directory. |
|---|---|---|
| POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021) |
| |
| POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) |
| |
| Planned Implementation Date to Satisfy FCA's Post Transition | This info will be provided shortly | |
| TPP PSU Migration Outcomes Supported | Dynamic certificate authentication process. | Outcome 4: You can continue to use your OBseal for client authentication Outcome 5: Continue using the key pair for client authentication Outcome 8: Switch to a new OBseal to use with private-key-jwt |
| POST-BREXIT Certificate Implementation Status (updated by OBIE IES team) | READY |
|
Directory? | Open Banking | ||
|---|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | The Well Known Endpoint for our Sandbox is: https://sandbox.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: https://sandbox.caterallen.co.uk/store/site/pages/faq.jag The Production Well Known Endpoint is: https://developer.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: | |
API Standard Implemented? | Open Banking v3.1 | ||
Name of Account Holder Implementation Date? | TBC (see notes) | This optional field has not been implemented yet but is planned for some time in the future. | |
| Date of Current eIDAS Implementation? | 14/09/19 | ||
| Current Certificates used for Identification? | MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory | ||
| Current Certificates used for Transport? | OB Transport OBWAC QWAC | EIDAS certificates will be validated using the OBIE directory | |
| Current Certificates used for Signing? | OB Signing OBSEAL | EIDAS certificates will be validated using the OBIE directory | |
| Date of Future eIDAS Implementation? | No future update currently planned. | ||
| Future Certificates used for Identification? | |||
| Future Certificates used for Transport? | |||
| Future Certificates used for Signing? | |||
Major Milestones | Version 3.1 was implemented in June 2019 and Security Conformance SUITE certification was achieved on August 2019 | (Inc Other Products, API Updates, API Deprecations, etc) | |
| Brand(s) | |||
| Security Profile? | FAPI Open ID | ||
| Security Profile Certification? | Yes | ||
CIBA | No | ||
| Using Open Banking as your eIDAS Trust Framework? | Yes | ||
| Are you caching the Directory? | No | ||
| Transaction IDs | Yes | The TransactionID is retrieved from our core system |
Implementing Customer Experience Guidelines? | Yes | |
|---|---|---|
| Current CEG Version? | v. 3.1.3 | |
| Next CEG Version? | v 3.1.6 | |
| Next Version Implementation Date | TBC | |
Implementing Bespoke User Journeys? | Yes (see notes) | Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019. |
Implementing App to App? | N/A | |
| App to App Implementation Date? | N/A | |
Options on 90 day re-authentication? | 90 Days | A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed. |
Support Embedded Flow? | No |
Dispute Management System? | Yes | System implementation in line with OBIE implementation dates. |
|---|---|---|
| FCA Adjustment Period - Maintaining Screen Scraping? | ||
Seeking Fallback Exemption? | Yes | |
Adjusted or Fallback Interface? | N/A | |
| Adjusted or Fallback URL? | N/A | |
| Contact Email or Phone Number? | 07727855715 / caterallenopenbanking@santander.co.uk | |
| Dev Portal URL? | For Production URL we are live with AIS, PIS and CBPII. Full live proving has been provided for AIS and PIS. For CBPII endpoints we are in Managed Rollout phase testing. Please contact us for further information. | |
Test Facility Implementation Date? | ||
| Production Interface Implementation Date? | - Currently Live AIS, PIS and CBPII | AIS: our APIs are live. PIS: APIs are live and presently in Managed Roll-out phase. CBPII: APIs are live and presently in Managed Roll-out phase. NOTE: “Cater Allen is pleased to inform that the final migration of customers to the new banking platform planned for this weekend has successfully completed. As a consequence all customers will be able to use the OB services. Please contact us on caterallenopenbanking@santander.co.uk for further information”. |
| Contingency Measures | Subject to FCA exemption decision | |
| Article 10 - Maximum time period after authentication? | N/A | No SCA applied on AISP |
| Article 10 - Endpoints exempt of SCA | N/A | For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away. Please note: We do not display statements |
Authentication Method - Open Banking Channel (Browser)? | Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile. | |
Authentication Method - Open Banking Channel (APP)? | N/A | N/A, as the mobile app is currently not in scope. |
Authentication Method - Private Channel (Browser)? | Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile. | |
Authentication Method - Private Channel (APP)? | N/A | N/A, as the mobile app is currently not in scope. |
Authentication Method Implementation Date (Open Banking Channel)? | 14 Sept 2019 | |
Authentication Method Implementation Date (Private Channel)? | 14 Sept 2019 | |
SCA Implementation Date? | ||
SCA Scope? (will it inhibit non PSD2 accounts) | No (see notes) | No. All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed. |
High Cost Credit | Cater Allen - HCC.xlsx |
|---|
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header | - |
|---|
- No labels