Tracking: Implementers of FAPI 1.0 and FAPI 2.0
As discussed on the call, we should keep track of implementers and adopters of FAPI 1.0 and FAPI 2.0.
Please update the following table with available information (as far as it can be made public):
Country | Adopting Body | FAPI Version | Statistics (No. of IDPs/End-Users/etc.) |
---|---|---|---|
UK | Open Banking UK | 1.0 Advanced (Some/most using ID2) | ~70 IDPs |
Australia | ACCC/ConsumerDataRights | 1.0 Advanced (2.0 planned) | |
Brazil | OpenFinance, OpenInsurance | 1.0 Advanced | |
Germany | yes.com (private-sector open banking ecosystem) | 2.0 with minor differences | ~1100 banks as IDPs |
USA | FDX ( https://financialdataexchange.org ) | 1.0 Advanced | |
New Zealand |
Comments (17)
-
reporter -
reporter - edited description
-
reporter - edited description
-
- edited description
I made some updates; by way of sources for the info:
Australia plan to move to FAPI 2: https://github.com/ConsumerDataStandardsAustralia/future-plan/issues/47
Number of UK banks supporting OBIE specs: https://www.openbanking.org.uk/faqs/
-
- edited description
-
thanks for that - there are some features of the implementations that interest me, like if they are using mtls.
Also you need to disambiguate FDX - there are too many meanings.
-
- edited description
-
(in Japanese) https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_1.pdf
“Report on the committee regarding the design of Open API” was published in 2017 by a group of participants from Japanese Bankers Association.
The report states that “Once OpenID Foundation FAPI WG publishes the detailed spec about OAuth2.0 application, the adoption and/or direction towards the adoption of the spec should be considered by each bank”
-
- changed component to FAPI2: Security Profile
-
HelseID in Norway. (“Helse” in Norwegian is “Health” in English.)
From “Security profile for HelseID Clients”:
To ensure a high level of security, HelseID uses a profile of the technical protocols that our core services are based on. This is a profile that is customized for high risk domains such as health, finance, eGov and banking etc. The HelseID security profile is based on the FAPI 2.0 Baseline profile, which is maintained by OpenID Foundation (OIDF). Be aware that there might be some minor differences between the FAPI 2.0 standard and HelseIDs profile due to practical considerations.
This security profile assumes that the reader is familiar with the roles and underlying protocols and specifications as described in the OAuth 2.0 framework and OpenID Connect.
Please note that some of the requirements are yet to be implemented in HelseID. HelseID will enforce these requirements in the future.
-
Open Banking in Russia.
The title of this page https://wiki.openbankingrussia.ru/ru/security/technical-requirements-for-implementing-security-profiles-fapi is “Технические требования к реализации профилей безопасности FAPI и сценариев базового протокола OpenID Connect Core“, which Google machine-translates into “Technical Requirements for Implementing FAPI Security Profiles and OpenID Connect Core Base Protocol Scenarios“.
The page is a part of “База знаний Открытого банкинга в России” (Knowledge Base of Open Banking in Russia).
-
“Minna no Ginko” is the first digital bank in Japan (“Ginko” in Japanese means “Bank” in English. “Minna no” means “of Everyone”). It operates a BaaS business which enables corporate customers to incorporate financial services into their services through APIs provided by Minna no Ginko’s BaaS.
The BaaS service, “Zerobank BaaS Platform 1.0”, was FAPI-certified (FAPI Adv. OP w/ MTLS, JARM) on July 6, 2022 under the name of “Zerobank Design Factory Co., Ltd.”, which is a company that is in charge of implementing and operating the system of Minna no Ginko.
Their current implementation conforms to FAPI 1.0. In a certain event on December 7, 2022 (“Authlete Customer and Business Partner Meetup 2022“), they said that they wanted to adopt FAPI 2.0 Security Profile when it becomes available. They are using Authlete 2.2 and planning to upgrade it to Authlete 2.3 which supports FAPI 2.0 Security Profile Implementer’s Draft 2, which is supposed to be approved in January, 2023.
-
I think this list should be added to a public page in openid.net
-
Apparently, Kingdom of Saudi Arabia has defined their profile based on FAPI. AFAIK, their profile requires PAR (RFC 9126) as mandatory.
Open Banking in Saudi Arabia
https://openbanking.sa/index-en.html -
-
assigned issue to
-
assigned issue to
-
Australia | ConnectID https://connectid.com.au/ | Private sector driven digital identity ecosystem | FAPI 2 MS | |
-
- Log in to comment
@Joseph Heenan Can you contribute numbers?