2017/05 ! Level39 % 2017/05 ! 5'4,6 2017/07 ! OpenID Certification 2017/08 ! Cyber39 03-4 2017/09 ! Tech in Asia Tokyo 2017 2018/02 ! 5.2'14)A6 2018/04 ! Draper Nexus B2B Summit 2018 %$ IBM
2018/07 ! Fintech 2018/07 ! Japan/UK Open Banking and APIs Summit 2018 ! 2018/07 ! Financial-grade API (Authlete 2.0) &/4+ 2018/08 ! Open Banking Security Profile *(+ 2019/01 ! "OAuth # 2019/02 ! CIBA &/4+ 2 , A O, A 2B y O S lt 1 12564,- uvhv 4 I A 6B . B 7E F . B F 9 F 4CB CB 0 ,- 83 cNo K La W ‒ W Whiv K L r Niv K 6D B2 e U Nh q e v dcqN K 6, B , CB U K f t W fve e nu d rit U Upv N
4 (KJ C J e (KJ C J e (KJ C J e P v f ays k c P P A KJ C J FD r P P ay P P A L A KJ C J E J hn o dil ) P h SRmiTgW b u WO p hn t b • (KJ • . F • . AI FL M • 0 • ( II 7FB E F JA I • -AE E A C ( . • 271 • CA EJ (II JAFE • F (JJ A KJ I • E ) EBAE K AJM F AC • .)( • ( 2 • 87 ( II 7FB E • . ME DA CA EJ AIJ JAFE
OBIE Open Banking Implementation Entity Open Banking Standard 1 Allied Irish Bank 2 Bank of Ireland 3 Barclays 4 Danske 5 HSBC 6 Lloyds Banking Group 7 Nationwide 8 RBS Group 9 Santander Others https://www.openbanking.org.uk/providers/standards/ 01 02 03 04 6
13 2017 2 02 2 0 1 A B :F I 2017 7 02 2 0 1 A B :F I 2018 10 02 2 0 1 -. A B :F I 02 2 0 1 -. A B :F I C 02 2 0 1 -. 2019 2 . A B :F I Financial-grade API consists of the following parts: • Part 1: Read-Only API Security Profile • Part 2: Read and Write API Security Profile • Part 3: Client Initiated Backchannel Authentication Profile NEW
15 • 02/. q .42P. I A:I: gm 6 9:K 6 I A:I: C:I • i fadq P I 7 8DB 6 I A:I: 6K6 D6 I : K: • . I :CI 86I DC 1:K 8: bce P8 76 B 6 I A:I: 8DB • 0DC B I DC 1:K 8: bce P8 76 B 6 I A:I: 8DB • ls t T vkn u ils q r 02/. jw II - I6 8DB 56 6 D36 6 6 I:B 7 7 9 8: 76 . I A:I: p 02/. h i o II - I6 8DB 9:7 :* I:B 8 9 7 8 8 6
18 2018 10 5 5 :A5 ( , 2 DA (D A 5 0 - A .(D ,(0- M 5 5 :A5 ( R sol U f h uip ie P , 2 z cW ISd uip i e{ cS O PcI,(0- e } ) lJg e ) 5 : 5 DA T O cI ( ) 5A HTTP/1.1 302 Found Location: Ft fugl 0 ?response={JWT} uip i z Iuip insrJ J O A adcI
21 I0 / .2 A C A A= B C = C AC: A C A ? L/ .2M o pf .2 mkcS _ l ti ndP / .2 ui _ ti _ p S tls_client_auth 1- ti self_signed_tls_client_auth eahs ti _ ti K _Sr O C : A C A - H ? ? T g
24 . 2 1-0F M hC l I 1-0 l h 32 4 7 B M I h L Mf T d B I u c u IMe 8 B B eg B P ag B l r B Sh Pi eg 8 l B l 2 3 2 7 24 ih .1-0 lr B ShP M h “Authlete FAPI Enhancements” by t u n A B at t on https://youtu.be/hYhHan5FzlA
27 e i o i t p 27 36 . 7 32 e i e i e i P e i P F u 27 36 . 7 32 R B R I Rp e i P nF C t P u 27 36 . 7 32 R A s P p t h e i 27 36 . 7 32 rD 7 1.7. e i o l e c 27 36 . 7 32
28 fi fp fne p o l fi fp fi fp fi fp tR A S R tKa . . . 3 32 21 2. . . 3 3 31 cr KaC I c tI A I R fi fp O I AL I t sI SKaS 2 3 . 32 c S O I R fi fpc Ka c I tc a SA cKa S A fi fpc K fi fp P c R a fi fp c K a o l u C R c v l C I A
7B C 7 y 7B FB97 • epdcr ni Mi .521 SP yS J • ni Mi , 0 797 7 u a O J T RIni Mi L s a J 0 /5 tls_client_auth_subject_dn, tls_client_auth_san_dns, tls_client_auth_san_uri, tls_client_auth_san_ip, tls_client_auth_san_email, tls_client_certificate_bound_access_tokens . 0 authorization_signed_response_alg, authorization_encrypted_response_alg, authorization_encrypted_response_enc backchannel_client_notification_endpoint, backchannel_authentication_request_signing_alg, backchannel_user_code_parameter N
, 2 F 7 D C7 A CA A A 2B A 7 D C7 A y , 2 F 7 D C7 A 07 7 CA A A
puh q N b ed qd c np nN d O np n l s O np nN b g r e q ed q c b _ N N O 1 1 2 4 6 4 3 1 :4 4 # bS N a np nN b 4 4/0 / 4 : /2: 4 /24 5 20 4/1 3/0224 / 4 102 2 0 4:/ 4 /2 34/ 0 0 4 4 b np n nkJc bN S _ . , e i mf q ot k b
L ts u t e s c l _i Oa _Om D s 0 54 c c O_e a _Om c s u i m a _Om L _i Oa _Om FFF I 1, ce software_id software_version aOP R m 5A C 4 5 A 1 7 A 4A ce O Unk eD t s s iDt c client_id m _Om ts s 1, I y m D 0 21. aD 0 cs m s D ts u t k c m Unk R 7 A 4A 35 A3 a 7 A 4A 3455 3A 9 mRD L ci pk L 7 A 4A aOP r Om R m a c aUoD RFFF aOP Dg o c software_statement FFF e mRDUnR RD OaUo
36 Open Banking Website https://www.openbanking.org.uk/ Open Banking Developer Zone https://openbanking.atlassian.net/wiki/spaces/DZ/overview Financial-grade API Working Group Website https://openid.net/wg/fapi/ Financial-grade API Working Group Official Repository https://bitbucket.org/openid/fapi/src/master/ Financial-grade API Official Conformance Test Suite https://gitlab.com/fintechlabs/fapi-conformance-suite "CIBA", a new authentication/authorization technology in 2019, explained by an implementer https://medium.com/@darutk/ciba-a-new-authentication-authorization-technology-in-2019- explained-by-an-implementer-d1e0ac1311b4 2019
API %#()&"* FAPI+Financial-grade API, https://qiita.com/TakahikoKawasaki/items/83c47c9830097dba2744 2019
CIBA https://qiita.com/TakahikoKawasaki/items/9b9616b999d4ce959ba3 Authlete ! CIBA $*'*! https://qiita.com/hidebike712/items/8fc2938055d0b49cfc0a Financial-grade API Implementer's Draft Version 2 Part 1: Read-Only API Security Profile https://openid.net/specs/openid-financial-api-part-1-ID2.html Part 2: Read and Write API Security Profile https://openid.net/specs/openid-financial-api-part-2-ID2.html MODRNA Working Group Website https://openid.net/wg/mobile/ MODRNA Working Group Official Repository https://bitbucket.org/openid/mobile/src/default/ CIBA Core 1.0 Implementer's Draft Version 1 https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html Authlete Website https://www.authlete.com/ Authlete API Document https://docs.authlete.com/ Authlete Knowledge Base https://kb.authlete.com/ Authlete Open Source Repository https://github.com/authlete/
takahikokawasaki
yusuke
autifyhq
matsuihidetoshi
takatsunobuhiro
nagix
pauli
kentosuzuki
nagiss
i524
k_koheyi
yokawasa
nonsquared
swwweet
reverentgeek
addyosmani
eileencodes
jakevdp
rmw
jlugia
erikaheidi
brettharned
sachag
tmm1