Queried audience to establish interest and involvement in Open Banking. Mostly interested in gaining information about the initiative and how ForgeRock are supporting it.
Open demo for people to explore:
ForgeRock to be an OpenBanking reference implementation.
Introduces the concepts of the Initiating Service Providers:
The objective of Open Banking is to allow banks and suppliers to integrate with each other in an open standard.
Presented example detailing how the payment process works. Introduced concept of user consent to authorise the payment and the concept of multiple accounts for users.
The implication of the standard is that it allows a user to conduct a payment without having to store payment credentials on the suppliers site e.g. Amazon. Instead the supplier, given a payment token can initialise the payment with the bank to conduct the payment.
Discussion around the bank selection screen on a supplier site. This comes back to the core principle of how the supplier does not need to identify the user in order to make a transaction.
Introduce the concept of the Remote Consent Service and how it integrates into the standard OAuth2 flow of the Resource Server.
Payment Request Intent
All suppliers need to register with Open Banking to acquire a certificate. Use of dynamic registration allow supplier to connect to the bank to initiate the payment request.
Discussion around pricing for processing payments. Who is responsible for a Implication is that the risk of payment processing moves to the bank rather than the supplier.
Arjan mention the iDEAL System (https://en.wikipedia.org/wiki/IDEAL) in the Netherlands which is a similar initiative. Open Banking has implications for existing payment processing companies like MasterCard and Visa.
Discussion around gaining access to transactions on a users account. User can decide who to give access to and for which transactions in their account. Open Banking details the permissions around access to account transactions.
18th January for the 9 biggest banks to support the Open Banking initiative. Starting in the UK and likely to spread world wide. Argos/Amazon mentioned as suppliers who will adopt the standard. Some one like PayPal will likely take up Open Banking to support small businesses.
Will Apple support this? Possibly. Open Banking is initially focused at web banking to start with.
Mutual TLS and JWT signing discussion. FR preference is for JWT signing to keep things simple.