FAPI and UMA 2.0

Issue #410 new
Dave Tonge created an issue

We had some discussion on this in the last call.

It would be good to do some analysis to see if UMA 2 can be used with FAPI 1/2.

Part of the reason for this is that the UK Pensions Dashboard project is planning to use UMA 2


Comments (5)

  1. Lukasz Jaromin

    The UK Pensions Dashboards is important yet still it is the only business case mentioned here. It would be good to have more of them to perform such analysis. Does anyone have any other real life case in mind that would be worth to refer in this context?

    A bank using a partner to host resources consumed by its own customers could be the one.

  2. Nicholas Irving

    To be honest I never knew why UMA was not considered from the beginning for OpenBanking (well i do, as the complexity of integration outweighs the end user benefits). It gives a much tighter end user consent model, as there is only one place to manage and the end user is not left wondering when they revoked consent in the app if the app is still accessing their data, as they need to check another place to discover if it was actioned.

    One example from the ASX would be the management of announcements by issuers. There can be a complex relationship between Entities and Instruments and who can do what wih them. For example I can engage a 3rd party to announce on a particular instrument on my behalf. Then within those 3rd parties there can be further segregation of this model, leading to quite a complex tree of authorisation.

    Other examples would be

    • Health Records, as in Australia this has become digital and needs a good consent model that is user controlled on who (GP / pharmacist / Hospital / Insurer) can see their data and when.
    • Vaccination Status / Passport (to some degree this is a one off task and not a good use case for long term UMA usage)

  3. Log in to comment