Adventures in Open Banking - Understanding OAuth and OpenID Client Ecosystems

Explore the complex world of Open Banking in this 45-minute conference talk from RSA Conference. Delve into the thrills and challenges of standards profiles and security measures forming the OpenID Foundation's UK Open Banking profile. Gain insights into OAuth and OpenID Connect client registration differences, Open Banking goals and their relationship to API security best practices, and the specific OAuth and OpenID Connect components profiled for open banking use. Learn about PSD2, regulatory technical specifications, identity directives, and the role of UK OpenBanking as a competent authority. Examine challenges in layer integration, communicating intent, and transitive trust at scale. Understand the importance of dynamic profiles, software statements, and defined metadata in the Open Banking ecosystem. Discover how to apply UK OpenBanking principles to your own context and explore future directions for standards in this field.

Intro
PSD2: EU Payment Services Directive v2
PSD2 Regulatory Technical Specification (RTS) Prime Identity Directives
PSD2 Roles Decoded* A
UK OpenBanking: A Competent Authority
OpenBanking UK World
OpenBanking UK Invested in Standards
Problems & Pushes: Layer 3/7 Integration
Problems & Pushes: Communicating Intent
Problems & Pushes: Transitive Trust at Scale
OAuth 2 & OpenID Connect Dynamic Profiles are like swiping right
Software Statements constrain the Dating Pool to vetted clients
Dynamic Client Reg Challenges
RFC 7591 Defined Metadata
OBUK Example Software Statement
Where Might this Go?
Next Steps for Standards World
Apply UK OpenBanking to YOUR World