fapi.openid.netFAPI Working Group - OpenID Foundation

FOUNDATION Join the OpenID Foundation Board of Directors Sponsoring Members Foundation Leadership Intellectual Property OpenID Foundation Contribution Agreements Software Grant and Contribution License Agreements Community Group Participation Agreements Organizational Documents and Policies SPECIFICATIONS Discover OpenID and OpenID Connect How OpenID Connect Works Explore All Specifications JWT, JWS, JWE, JWK, and JWA Implementations Certified OpenID Connect Implementations Uncertified OpenID Connect Implementations CERTIFICATION OpenID Certification Frequently Asked Questions About the OpenID Certified Mark How to Certify Your Implementation Fee Schedule to Certify Your Implementation Certified OpenID Developer Tools Certification Program Policies Certification Conformance Testing Disclosure and Reporting Policy Open-Source Project Certification Policy Third-Party Support Certification Policy GROUPS Working Groups AB/Connect Working Group Overview Charter Specifications AuthZEN Working Group Overview Charter Specifications Digital Credentials Protocols (DCP) Working Group Overview Charter Specifications Repositories EAP Working Group Overview Charter Specifications eKYC & IDA Working Group Overview Charter Specifications FAPI Working Group Overview Charter Specifications FastFed Working Group Overview Charter Specifications HEART Working Group Overview Charter Specifications iGov Working Group Overview Charter Specifications MODRNA Working Group Overview Charter Specifications R&E Working Group Overview Charter Specifications Shared Signals Working Group Overview Charter Specifications Community Groups GAIN POC Overview Proof of Concept Related Specifications Participation Agreements Special Topic Groups OpenID for Verifiable Credentials Overview Specifications Libraries Working Group Resources CALENDAR Menu FOUNDATION Join the OpenID Foundation Board of Directors Sponsoring Members Foundation Leadership Intellectual Property OpenID Foundation Contribution Agreements Software Grant and Contribution License Agreements Community Group Participation Agreements Organizational Documents and Policies SPECIFICATIONS Discover OpenID and OpenID Connect How OpenID Connect Works Explore All Specifications JWT, JWS, JWE, JWK, and JWA Implementations Certified OpenID Connect Implementations Uncertified OpenID Connect Implementations CERTIFICATION OpenID Certification Frequently Asked Questions About the OpenID Certified Mark How to Certify Your Implementation Fee Schedule to Certify Your Implementation Certified OpenID Developer Tools Certification Program Policies Certification Conformance Testing Disclosure and Reporting Policy Open-Source Project Certification Policy Third-Party Support Certification Policy GROUPS Working Groups AB/Connect Working Group Overview Charter Specifications AuthZEN Working Group Overview Charter Specifications Digital Credentials Protocols (DCP) Working Group Overview Charter Specifications Repositories EAP Working Group Overview Charter Specifications eKYC & IDA Working Group Overview Charter Specifications FAPI Working Group Overview Charter Specifications FastFed Working Group Overview Charter Specifications HEART Working Group Overview Charter Specifications iGov Working Group Overview Charter Specifications MODRNA Working Group Overview Charter Specifications R&E Working Group Overview Charter Specifications Shared Signals Working Group Overview Charter Specifications Community Groups GAIN POC Overview Proof of Concept Related Specifications Participation Agreements Special Topic Groups OpenID for Verifiable Credentials Overview Specifications Libraries Working Group Resources CALENDAR Search Search Sign-In OpenID FoundationWorking GroupsFAPI Working Group FAPI Working Group - Overview The FAPI working group provides JSON data schemas, security and privacy recommendations and protocols to enable applications to utilize the data stored in a financial account, to enable applications to interact with a financial account, and enable users to control the security and privacy settings. FAPI Working Group OVERVIEW FAPI Working Group CHARTER FAPI Working Group SPECIFICATIONS FAPI Working Group REPOSITORY What is FAPI Working Group? FAPI was previously known as the Financial-grade API but there was consensus within the working group to update the name to just FAPI to reflect that the specification is appropriate for many high-value use-cases requiring a more secure model beyond just financial services. In many cases, Fintech services such as aggregation services use screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, it should utilize an API model with structured data and to cope with insecurity, it should utilize a token model such as OAuth [RFC6749, RFC6750]. This working group aims to rectify the situation by developing a REST/JSON model protected by OAuth. Specifically, the FAPI WG aims to provide JSON data schemas, security and privacy recommendations and protocols to: enable applications to utilize the data stored in the financial account, enable applications to interact with the financial account, and enable users to control security and privacy settings. Both commercial and investment banking account as well as insurance, and credit card accounts are to be considered. Papers and Presentations Open Banking, Open Data, and the Financial Grade API,” March 2022 A primer for markets looking at enabling Open Banking and Open Data, covering the origins of user-consent” based data sharing, global adoption, key standards, implementation considerations, and application across industry verticals. Open Banking and Open Data: Ready to Cross Borders?”, July 2022, working draft The whitepaper offers an overview of the global open data landscape and makes a hypothesis that the next stage of open data development will be focused on global interoperability. Financial-grade API (FAPI) Profiles”, July 2022 This paper provides a comparison of available FAPI profiles and recommendations for new markets looking to implement FAPI as their security profile. Overview of the FAPI Profiles April 20, 2021 Working Group Chairs Nat Sakimura (NAT Consulting) Anoop Saxena (Intuit) Anthony Nadalin Dave Tonge (Moneyhub) The chairs can be reached at openid-specs-fapi-owner@lists.openid.net Participation To monitor progress and connect with working group members, join the mailing list . To participate in or contribute to a specification within the working group requires the submission of an Intellectual Property Rights (IPR) contribution agreement. You can complete this electronically or by paper at openid.net/intellectual-property . Be sure to specify, in the working groups box, the exact name: Meeting Schedule Regular Meetings Pacific zone call: Bi-weekly Thursday Call @ 11pm UTC Atlantic zone call: Weekly Wednesday Call @ 2pm UTC Zoom software is available on Mac, PC, iPhone, and Android Phone. Join Meeting Meeting Minutes View Calendar Frequently asked Questions What is the FAPI Working Group? The FAPI Working Group is a working group at the OpenID Foundation. FAPI was previously known as the Financial-grade API but there was consensus within the working group to update the name to just FAPI to reflect that the specification is appropriate for many high-value use-cases requiring a more secure model beyond just financial services. The group has expert members from the Identity and Access Management sector. The working group was initially formed to help develop security profiles and API standards for financial APIs. Over time the group has focussed its efforts on security profiles that while applicable for financial APIs, can be used in other industries and ecosystems. The security profiles developed by the working group are based on the OAuth 2.0 and OpenID Connect suite of standards. OAuth 2.0 is an authorization framework which can be used for both low and high value operations. The standards...