Tracking: Implementers of FAPI 1.0 and FAPI 2.0

Comments (17)

1. 

   Daniel Fett reporter

   @Joseph Heenan Can you contribute numbers?

   • 2022-11-23T14:13:55+00:00
2. 

   Daniel Fett reporter

   • edited description

   • 2022-11-23T14:14:52+00:00
3. 

   Daniel Fett reporter

   • edited description

   • 2022-11-23T14:15:15+00:00
4. 

   Joseph Heenan

   • edited description

   I made some updates; by way of sources for the info:

   Australia plan to move to FAPI 2: https://github.com/ConsumerDataStandardsAustralia/future-plan/issues/47

   Number of UK banks supporting OBIE specs: https://www.openbanking.org.uk/faqs/

   ‌

   • 2022-11-24T17:37:23+00:00
5. 

   Joseph Heenan

   • edited description

   • 2022-11-24T17:41:04+00:00
6. 

   Tom Jones

   thanks for that - there are some features of the implementations that interest me, like if they are using mtls.

   Also you need to disambiguate FDX - there are too many meanings.

   • 2022-11-24T22:22:55+00:00
7. 

   Joseph Heenan

   • edited description

   • 2022-11-30T14:15:17+00:00
8. 

   Kosuke Koiwai

   (in Japanese) https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_1.pdf

   “Report on the committee regarding the design of Open API” was published in 2017 by a group of participants from Japanese Bankers Association.

   The report states that “Once OpenID Foundation FAPI WG publishes the detailed spec about OAuth2.0 application, the adoption and/or direction towards the adoption of the spec should be considered by each bank”

   • 2022-11-30T14:45:24+00:00
9. 

   Nat Sakimura

   • changed component to FAPI2: Security Profile

   • 2022-12-14T15:35:23+00:00
10. 

    Takahiko Kawasaki

    HelseID in Norway. (“Helse” in Norwegian is “Health” in English.)

    From “Security profile for HelseID Clients”:

    To ensure a high level of security, HelseID uses a profile of the technical protocols that our core services are based on. This is a profile that is customized for high risk domains such as health, finance, eGov and banking etc. The HelseID security profile is based on the FAPI 2.0 Baseline profile, which is maintained by OpenID Foundation (OIDF). Be aware that there might be some minor differences between the FAPI 2.0 standard and HelseIDs profile due to practical considerations.

    This security profile assumes that the reader is familiar with the roles and underlying protocols and specifications as described in the OAuth 2.0 framework and OpenID Connect.

    Please note that some of the requirements are yet to be implemented in HelseID. HelseID will enforce these requirements in the future.

    ‌

    • 2023-01-07T13:56:11+00:00
11. 

    Takahiko Kawasaki

    Open Banking in Russia.

    The title of this page https://wiki.openbankingrussia.ru/ru/security/technical-requirements-for-implementing-security-profiles-fapi is “Технические требования к реализации профилей безопасности FAPI и сценариев базового протокола OpenID Connect Core“, which Google machine-translates into “Technical Requirements for Implementing FAPI Security Profiles and OpenID Connect Core Base Protocol Scenarios“.

    The page is a part of “База знаний Открытого банкинга в России” (Knowledge Base of Open Banking in Russia).

    • 2023-01-07T16:16:47+00:00
12. 

    Takahiko Kawasaki

    “Minna no Ginko” is the first digital bank in Japan (“Ginko” in Japanese means “Bank” in English. “Minna no” means “of Everyone”). It operates a BaaS business which enables corporate customers to incorporate financial services into their services through APIs provided by Minna no Ginko’s BaaS.

    The BaaS service, “Zerobank BaaS Platform 1.0”, was FAPI-certified (FAPI Adv. OP w/ MTLS, JARM) on July 6, 2022 under the name of “Zerobank Design Factory Co., Ltd.”, which is a company that is in charge of implementing and operating the system of Minna no Ginko.

    Their current implementation conforms to FAPI 1.0. In a certain event on December 7, 2022 (“Authlete Customer and Business Partner Meetup 2022“), they said that they wanted to adopt FAPI 2.0 Security Profile when it becomes available. They are using Authlete 2.2 and planning to upgrade it to Authlete 2.3 which supports FAPI 2.0 Security Profile Implementer’s Draft 2, which is supposed to be approved in January, 2023.

    • 2023-01-14T11:09:27+00:00
13. 

    Kristina Yasuda

    I think this list should be added to a public page in openid.net

    • 2023-02-08T09:42:56+00:00
14. 

    Takahiko Kawasaki

    Apparently, Kingdom of Saudi Arabia has defined their profile based on FAPI. AFAIK, their profile requires PAR (RFC 9126) as mandatory.

    Open Banking in Saudi Arabia
    https://openbanking.sa/index-en.html

    • 2023-02-08T10:22:28+00:00
15. 

    Nat Sakimura

    • assigned issue to
      
      Daniel Fett

    • 2023-09-13T14:39:47+00:00
16. 

    Dima Postnikov

    Australia | ConnectID https://connectid.com.au/ | Private sector driven digital identity ecosystem | FAPI 2 MS | |

    • 2023-09-13T14:47:45+00:00
17. 

    Nat Sakimura

    • marked as minor
    • marked as task

    • 2023-09-22T00:20:43+00:00
18. Log in to comment