Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UK Fintech Update

Taka
March 12, 2019

UK Fintech Update

Presentation material of the speech by Takahiko Kawasaki (Authlete, Inc.) at British Embassy Tokyo on March 12, 2019.

Taka

March 12, 2019
Tweet

More Decks by Taka

Other Decks in Technology

Transcript

  1. Jan. 2014 ! Starts to implement Authlete Sep. 2015 !

    Establishes Authlete, Inc. Sep. 2016 ! Establishes Authlete UK, Ltd. Nov. 2016 ! Joins FINOLAB Feb. 2017 ! Joins OpenID Foundation Mar. 2017 ! Wins FIBC 2017 Grand Prize May 2017 ! Joins Level39 May 2017 ! Fund Raising (seed round) Jul. 2017 ! Gets OpenID Certification Aug. 2017 ! Cyber39 Founding Member Sep. 2017 ! Tech in Asia Tokyo 2017 Finalist Feb. 2018 ! Fund Raising (pre-series A) Apr. 2018 ! Wins IBM Prize at Draper Nexus B2B Summit 2018 Jul. 2018 ! Joins Fintech Association of Japan Jul. 2018 ! Organizes Japan/UK Open Banking and APIs Summit 2018 Jul. 2018 ! Supports Financial-grade API (Authlete 2.0) Aug. 2018 ! Passes Open Banking Security Profile Test Jan. 2019 ! Supervises "OAuth " (book) Feb. 2019 ! Supports CIBA 2 Name Authlete, Inc. Establishment September 18, 2015 Capital 444,710,000 JPY (including the capital reserve) Representative Takahiko Kawasaki Company Profile Offices Tokyo FINOLAB, Otemachi Bldg 4F, Otemachi 1-6-1, Chiyoda-ku, Tokyo, 100-0004, Japan London Level39, One Canada Square, Canary Wharf, London E14 5AB, UK History Team Takahiko Kawasaki – co-founder, software engineer Ali Adnan – co-founder, multilingual serial entrepreneur Joseph Heenan – lead of official OpenID test suite Justin Richer – author of "OAuth 2 in Action" Tatsuo Kudo – digital identity professional and others
  2. Bank Financial Services Internet Banking Branch Office bank teller user

    user application (computer program) API Application Programming Interface 4
  3. TPP Third Party Provider Bank Financial Services Fintech application API

    TPP Third Party Provider Fintech application 5
  4. Bank API Bank API Bank API TPP Third Party Provider

    Fintech application Japanese French German 6
  5. TPP Third Party Provider Bank API Bank API Bank API

    English English English English Speaker Fintech application 7
  6. OBIE Open Banking Implementation Entity Open Banking Standard 1 Allied

    Irish Bank 2 Bank of Ireland 3 Barclays 4 Danske 5 HSBC 6 Lloyds Banking Group 7 Nationwide 8 RBS Group 9 Santander Others https://www.openbanking.org.uk/providers/standards/ 01 Read/Write API Specifications 02 Security Profile 03 Customer Experience Guidelines 04 Operational Guidelines 8
  7. Technical Specification Stack OAuth 2.0 API authorization OpenID Connect (OIDC)

    verifiable user identity Financial-grade API (FAPI) higher security Open Banking Profile (OBP) standardized bank API OBIE OIDF OpenID Foundation defines defines defines defines 9
  8. Technical Specification Stack OAuth 2.0 API authorization OpenID Connect (OIDC)

    verifiable user identity Financial-grade API (FAPI) higher security Open Banking Profile (OBP) standardized bank API implements implements implements Authlete, Inc. 1. provides a solution (implementation) 2. contributes to spec development 3. contributes to the official test suite 10
  9. Bank TPP Before starting to use bank APIs apply KYC

    contract register a client application issue a client ID 11
  10. Bank TPP TPP TPP TPP TPP TPP Bank Bank Bank

    Bank Bank apply, KYC, contract, register a client application, issue a client ID 12
  11. Bank TPP TPP TPP TPP TPP TPP Bank Bank Bank

    Bank Bank Open Banking Directory 13
  12. 15 2017 2 Part 1 of Financial API Implementer's Draft

    Version 1 was approved 2017 7 Part 2 of Financial API Implementer's Draft Version 1 was approved 2018 10 Financial-grade API Implementer's Draft Version 2 was approved From Foreword of Financial-grade API Implementer's Draft Version 2: History of Financial-grade API 2019 2 CIBA Core 1.0 Implementer's Draft Version 1 was approved Financial-grade API consists of the following parts: • Part 1: Read-Only API Security Profile • Part 2: Read and Write API Security Profile • Part 3: Client Initiated Backchannel Authentication Profile NEW
  13. 16 CIBA enables to separate the authentication device on which

    a user is authenticated and API authorization is granted from the consumption device on which a client application that use APIs runs. smart speaker Purchase ABC. backend system authorization server that supports CIBA asks for the permission authentication device consumption device resource server that provides APIs grants the permission The system is asking for the permission. Approve? calls APIs 4 1 2 3 5 6 7
  14. 18 ü Open Banking Standard for ecosystem ü Financial-grade API

    for higher security ü CIBA for new use cases
  15. 20 Open Banking Website https://www.openbanking.org.uk/ Open Banking Developer Zone https://openbanking.atlassian.net/wiki/spaces/DZ/overview

    Financial-grade API Working Group Website https://openid.net/wg/fapi/ Financial-grade API Working Group Official Repository https://bitbucket.org/openid/fapi/src/master/ Financial-grade API Official Conformance Test Suite https://gitlab.com/fintechlabs/fapi-conformance-suite "CIBA", a new authentication/authorization technology in 2019, explained by an implementer https://medium.com/@darutk/ciba-a-new-authentication-authorization-technology-in-2019- explained-by-an-implementer-d1e0ac1311b4 2019   API %#()&"*  FAPI+Financial-grade API, https://qiita.com/TakahikoKawasaki/items/83c47c9830097dba2744 2019    CIBA https://qiita.com/TakahikoKawasaki/items/9b9616b999d4ce959ba3 Authlete ! CIBA  $*'*! https://qiita.com/hidebike712/items/8fc2938055d0b49cfc0a Financial-grade API Implementer's Draft Version 2 Part 1: Read-Only API Security Profile https://openid.net/specs/openid-financial-api-part-1-ID2.html Part 2: Read and Write API Security Profile https://openid.net/specs/openid-financial-api-part-2-ID2.html MODRNA Working Group Website https://openid.net/wg/mobile/ MODRNA Working Group Official Repository https://bitbucket.org/openid/mobile/src/default/ CIBA Core 1.0 Implementer's Draft Version 1 https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html Authlete Website https://www.authlete.com/ Authlete API Document https://docs.authlete.com/ Authlete Knowledge Base https://kb.authlete.com/ Authlete Open Source Repository https://github.com/authlete/