NextGenPSD2 Conference 2017
|
|
- Christiana Small
- 6 years ago
- Views:
Transcription
1 THE Berlin GROUP A EUROPEAN STANDARDS INITIATIVE NextGenPSD2 Conference 2017 General Approach of the Berlin Group PSD2 API Detlef Hillen, SRC
2 Content 1 Services supported by the XS2A interface Core services and extended services Variants of the XS2A interface 2 Scope of the Berlin Group specification 3 Key concepts Messages Transactions Sessions Identification of the TPP at the XS2A interface Strong Customer Authentication Confirmation of the consent of the PSU 2
3 XS2A interface and supported services Focus of the work of the Berlin Group 3
4 Services supported by the XS2A interface Core Services are supported by each implementation of the XS2A interface n Payment initiation service As defined by PSD2 article 66 n Account information service As defined by PSD2 article 67 n Confirmation of funds service As defined by PSD2 article 65 Extended Services may be supported by an implementation of the XS2A interface n To be decided by the ASPSP n May be specified in future By the Berlin Group as part of a new release of the specifications By a group of interested ASPSP By a single ASPSP n No contract between ASPSP and TPP n A contract between ASPSP and TPP might be necessary Deutsche Bank 4
5 Variants of XS2A interfaces Different variants of XS2A interfaces are possible n ASPSP decides which variants are supported n ASPSP informs about its variants as part of its interface documentation For a single service variants can distinguish between n Requirements for the identification of the TPP n Approach for executing strong customer authentication (if needed for the service) n Products to be supported for a service Example of products for PIS: SCT, SCT inst, domestic payments n Data elements needed as part of a service Example for PIS: structured/unstructured remittance information n Etc. 5
6 Scope of the Berlin Group specifications 6
7 Excursion: eidas compliant qualified certificates n eidas regulation Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market n Qualified certificates have to be issued by a qualified trust service provider (QTSP) QTSP do exist in different countries of the EU After registration by the national authority a TPP has to apply for a qualified certificate by one of the existing QTSP n Qualified certificates compliant with EBA RTS are not available today But standardisation has started by corresponding ETSI working group n It is expected that compliant certificates will be provided in time by some QTSP 7
8 Key concepts: Layers of the XS2A interface Application layer n Set of all messages and data elements specified by the Berlin Group and which are exchanged between TPP and ASPSP at the XS2A interface. Transport layer n Technical exchange of the messages between ASPSP and TPP using the internet n TLS-connection with client authentication n https as protocol Deutsche Bank 8
9 Key concepts: Message Transaction Session at XS2A interface n Messages at the XS2A interface Basic building blocks for executing processes at the XS2A interface Message = Set of data elements to be exchanged at the XS2A interface n Current version: pure client/server model of the XS2A interface Request messages sent by TPP to the ASPSP Response message sent by the ASPSP to the TPP n The implementation of the messages is based on a Rest API approach POST, GET, DELETE or PUT https methods REST API stateless API No concept of a "LOGIN" n More details in the coming sessions 9
10 Key concepts: Message Transaction Session at XS2A interface n Transactions at the XS2A interface Set of messages to be exchanged for executing a "business transaction" which is supported at the XS2A interface of an ASPSP Currently defined transactions for core services Payment initiation of a single payment Establish account information consent Get list of reachable accounts Get balances of a dedicated account Get account transaction information of a dedicated account Confirmation of funds 10
11 Key concepts: Message Transaction Session at XS2A interface n Session at the XS2A interface Set of transactions executed consecutively at the XS2A API n Support of sessions at the XS2A interface is optional for the ASPSP n Important: For a single transaction a TPP has to use only one of its roles Within a session a TPP can use different of its roles Deutsche Bank 11
12 Key concepts: Identification of a TPP at the XS2A interface Requirement of the PSD2 n The TPP has to identify itself for each access to the XS2A interface Requirement of EBA RTS n The identification has to be based on qualified certificates n Qualified certificates shall be compliant with the eidas regulation n Qualified certificates shall contain PSD2-specific attributes Reference number of the registration of the TPP by the national authority Name of the national authority One or more roles the TPP is authorised to use 12
13 Key concepts: Identification of a TPP at the XS2A interface TPP ASPSP n Certificate shall contain the role of the TPP which is necessary for the corresponding transaction n Always identification at transport layer n Identification at the application layer only if requested by the ASPSP n ASPSP will reject any request If the identification of the TPP cannot be verified correctly If the certificate does not contain the correct role Deutsche Bank 13
14 Key concepts: Identification of a TPP at the XS2A interface Important n It is the TPP who has the contact to the PSU, who has to identify itself at the XS2A interface of an ASPSP n This is also true, if further (technical) service providers are used by the TPP to access the XS2A interface of an ASPSP 14
15 Key concepts: Strong customer authentication (SCA) Strong customer authentication n Requirement of PSD2 and EBA RTS For access to account information For payment initiation n Exemptions compliant with EBA RTS are possible Exemptions are optional Decision about an exemption is always in the responsibility of the ASPSP n Strong customer authentication has to be used also if accounts are accessed by TPP using the XS2A interface Same exemptions have to be applied 15
16 Key concepts: Strong customer authentication (SCA) Strong customer authentication n Different methods and procedures exist for executing a strong customer authentication of the PSU as part of a transaction ASPSP decides (together with PSU) which methods/procedures have to be used for SCA Specification of the Berlin Group does support all methods/procedures in a generic way ASPSP informs as part of its documentation about methods/procedures to be used and (if necessary) how to implement these as part of the TPP interface 16
17 Key concepts: Strong customer authentication (SCA) Different approaches for implementing SCA n Redirect approach PSU is redirected to web interface provided by the ASPSP n Decoupled approach SCA out-of-band using a special APP Same behaviour as for Online Banking n Embedded approach PSU enters credentials on the interface of the TPP Deutsche Bank 17
18 Key concepts: Authorisation of the PSU consent Each transaction at the XS2A interface is subject to the consent of the PSU n How to proof that a PSU has given its consent to a transaction? n Easy if SCA has to be used for this transaction By executing SCA as part of a transaction the PSU gives its commitment to this transaction n But how to do this if no SCA has to be used for the transaction? if the PSU is not directly involved in the transaction? reading account information by an AISP according to article 31 EBA RTS 18
19 Key concepts: Authorisation of the PSU consent Using the special "Establish account information consent" transaction at the XS2A interface Using OAuth2 protocol for asking the PSU for a confirmation n Includes SCA of the PSU n Result is an access token given to the TPP n TPP can use this for following accesses of account information of that PSU n Result is an access token given to the TPP n TPP can use this for following accesses of account information of that PSU Deutsche Bank 19
20 Key concepts: Optional usage of OAuth2 protocol OAuth2 protocol and XS2A interface can be combined if requested by an ASPSP n OAuth2 protocol can be used to generate and verify access rights of a TPP to resources owned by the PSU n No full integration, but loosely coupled n OAuth2 protocol can be used as a prestep before accessing the XS2A interface Result of the OAuth2 protocol can be reused in the execution of transactions at the XS2A interface Deutsche Bank 20
21 THE Berlin GROUP A EUROPEAN STANDARDS INITIATIVE Thank you for your attention
Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Operational Rules
Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Operational Rules 02.10.2017 Notice This Specification has been prepared by the Participants of the Joint Initiative pan-european
More informationSlovak Banking API Standard. Rastislav Hudec, Marcel Laznia
Slovak Banking API Standard. Rastislav Hudec, Marcel Laznia 01. Slovak Banking API Standard: Introduction 1.1 Why did SBA decide to prepare API standard? We knew that from January 13, 2018, banks in Slovakia
More informationRequest for exemption from the obligation to set up a contingency mechanism (SUP 15C Annex 1D)
Request for exemption from the obligation to set up a contingency mechanism (SUP 15C Annex 1D) Interface name / ID (ASPSPs submitting a return should provide the name or ID used within the PSP to identify
More informationPSD2/EIDAS DEMONSTRATIONS
PSD2/EIDAS DEMONSTRATIONS Chris Kong, Azadian Kornél Réti, Microsec Luigi Rizzo, InfoCert All rights reserved Overview for this Presentation As previously reported and reviewed at ERPB, with ECB and EC,
More informationJoint Initiative on a PSD2 Compliant XS2A Interface XS2A Interface Interoperability Framework Implementation Guidelines
Joint Initiative on a PSD2 Compliant XS2A Interface XS2A Interface Interoperability Framework Implementation Guidelines 02.10.2017 Notice This Specification has been prepared by the Participants of the
More informationIntroduction. Notations. Test with Curl. Value Examples
Introduction The European Union has published a new directive on payment services in the internal market with PSD2. Among others, PSD2 contains regulations of new services to be operated by Third Party
More informationStrong Customer Authentication and common and secure communication under PSD2. PSD2 in a nutshell
Strong Customer Authentication and common and secure communication under PSD2 PSD2 in a nutshell Summary On August 12, the EBA has issued the long-awaited draft of the Regulatory Technical Standards (RTS)
More informationConsents Service - SMBC NextGenPSD2
Consents Service - SMBC NextGenPSD2 1.3.SMBC February 2019 Framework (Berlin Group V1.3) Summary OAS3 SMBC offers third party access to accounts (XS2A) in a safe and efficient way using Application Programming
More informationFIDO & PSD2. Providing for a satisfactory customer journey. April, Copyright 2018 FIDO Alliance All Rights Reserved.
FIDO & PSD2 Providing for a satisfactory customer journey April, 2018 Copyright 2018 FIDO Alliance All Rights Reserved. 1 Introduction When PSD2 is deployed in Europe, users will be able to take advantage
More informationAuthentication (Strong Customer Authentication)
API Evaluation Group Authentication (Strong Customer Authentication) Key topic clarification for API standards initiatives N.B. Views expressed in the document do not necessarily reflect the views of the
More informationPSD2 Data for eidas Certificates
Preta: Open Banking Europe (OBE) PSD2 Data for eidas Certificates For ERPB/ETSI Working Group ERPB Questions for ESI Page 2 CERTIFICATE USAGE FOR PSD2 1. Qualified Electronic Seals or Qualified Website
More informationPSD2 open banking for Prepaid Programme Managers. Implications and Requirements
A RegTech Company PSD2 open banking for Prepaid Programme Managers Implications and Requirements Webinar October 2018 1 David Parker, Advisor & co-founder Konsentus Please ask questions as we go along
More informationAccounts Service - SMBC NextGenPSD2
Accounts Service - SMBC NextGenPSD2 1.3.SMBC February 2019 Framework (Berlin Group V1.3) Summary OAS3 SMBC offers third party access to accounts (XS2A) in a safe and efficient way using Application Programming
More informationOpen Banking Operational Guidelines
Version v1.0 1.1. An Introduction to Open Banking 31 January 2019 Open Banking Operational Guidelines Get Started Operational Guidelines Disclaimer: The contents of the Operational Guidelines ( OG ) and
More informationFIDO Alliance Response to the European Banking Authority (EBA)
FIDO Alliance Response to the European Banking Authority (EBA) Consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation
More informationPSD2 webinar session - Q&A
PSD2 webinar session - Q&A Q: How does hardware based solutions such as OTP tokens will provide dynamic linking with single transactions? In general, users can enter payment information, such as the amount
More informationPSD2 Compliance - Q&A
PSD2 Compliance - Q&A Q: How do hardware-based solutions such as OTP tokens provide dynamic linking with single transactions? In general, users can enter payment information such as the amount of money
More informationPSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK
PSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK 03 INTRODUCTION 05 THE CHALLENGE 08 A CLOSER LOOK AT THIRD-PARTY ACCESS Access Facilitated By Open APIs
More informationWhite Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security
White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:
More informationOpen Banking Consent Model Guidelines. Part 1: Implementation
Open Banking Consent Model Guidelines Part 1: Implementation Open Banking Read/Write API October 2017 Contents 1 Introduction 3 2 Open Banking Consent Model - Consent, Authentication and Authorisation
More informationPowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility
PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means
More informationConsent Model Guidelines
Consent Model Guidelines Part 1: Implementation Open Banking Read/Write API Date: October 2017 Version: v1.0 Classification: PUBLIC OBIE PUBLIC CONSENT MODEL GUIDELINES Page 1 of 25 Contents 1 Introduction
More informationHow Ezio ebanking Solutions help banks comply with PSD2
How Ezio ebanking Solutions help banks comply with PSD2 Are you ready for PSD2? TABLE OF CONTENTS Executive Summary 3 The Revised Payment Services Directive (PSD2) 4 Key milestone 5 Drivers for the change
More informationAuthentication (SCA) and Common and Secure Communication
PSD2: Understanding paving the way the Impact towards of a the new Regulatory payment and Technical Standards digital banking (RTS) landscape on Strong Customer Authentication (SCA) and Common and Secure
More informationSTET PSD2 API. Documentation. Author: Robache Hervé. Date: Version: (English)
STET PSD2 API Documentation Author: Robache Hervé Date: 2017-11-15 Version: 1.2.3 (English) Table of content 1. INTRODUCTION... 7 1.1. Context... 7 1.2. Mission... 7 1.3. Licence... 8 2. BUSINESS MODEL...
More informationJoint Initiative on a PSD2 Compliant XS2A Interface. NextGenPSD2 XS2A Framework Errata for Version 1.3
Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Errata for Version 1.3 14 February 2019 License Notice This Specification has been prepared by the Participants of the Joint
More informationPSD2 AND OPEN BANKING SOLUTION GUIDE
PSD2 AND OPEN BANKING SOLUTION GUIDE IMPLEMENTING FINANCIAL-GRADE API SECURITY TABLE OF CONTENTS 03 03 04 08 11 20 21 INTRODUCTION SCOPE OF THE DOCUMENT WHAT IS FINANCIAL-GRADE API SECURITY? TECHNICAL
More informationIdentity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID
Identity Ecosystem Design challenges Wim Coulier eidas Expert Belgian Mobile ID Belgian Mobile ID respects the guidelines provided by is the reference for digital identification and authentication in Belgium
More informationeidas compliant Trust Services with Utimaco HSMs
eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas
More informationeidas Regulation (EU) 910/2014 eidas implementation State of Play
eidas Regulation (EU) 910/2014 eidas implementation State of Play CA-Day 19 September 2016 Elena Alampi DG CONNECT, European Commission elena.alampi@ec.europa.eu eidas The Regulation in a nutshell 2 MAIN
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.12.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationPSD2: Risks, Opportunities and New Horizons
PSD2: Risks, Opportunities and New Horizons Contents 02 Timeline 3 April, 2014 Parliamentary plenary session 23 July, 2014 Further compromise text 14 October, 2014 Further compromise text 31 December,
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationCross-Operator Identity Services. 13. January 2012, Telekom Innovation Laboratories
Cross-Operator Identity Services. Ingo.Friese@telekom.de 13. January 2012, Introduction. Successful Telco Identity needs joint R&D. We believe that IdM is one of the most important application enabler,
More informationMobile strong customer authentication under PSD2: comparisons and considerations
Mobile strong customer authentication under PSD2: comparisons and considerations About CAPS The CAPS Open Framework is a large multi-stakeholder market initiative that aims to make Payment Services Directive
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.10.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationMediaAUTH Draft Proposal
MediaAUTH Draft Proposal August 21, 2012 Contents 1 Introduction 2 2 Service & User Perspective 2 2.1 Login...................................... 2 2.2 Soft Login.................................... 3
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationDigitalisation and electronic signatures
Digitalisation and electronic signatures eidas - a game changer Cryptomathic 2017 - All rights reserved Agenda Digitalisation - a global trend Key challenges in the implementation of digital Signatures
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company D-TRUST GmbH Kommandantenstraße 15 10969 Berlin, Germany to confirm that its trust service D-TRUST qualified
More informationEBICS Change Requests
www.quali-sign.com EBICS Change Requests Michael Adams +44 (0) 7808 203856 13 th July 2016 Table of Contents 1 HAA Order... 3 1.1 EBICS Working Group Response... 3 2 HTD / HKD Order UsageOrderTypes...
More informationIdentity & security CLOUDCARD+ When security meets convenience
Identity & security CLOUDCARD+ When security meets convenience CLOUDCARD+ When security meets convenience We live in an ever connected world. Digital technology is leading the way to greater mobility and
More information3DS2 and Strong Auth with PR API. Ian Jacobs, April 2018
3DS2 and Strong Auth with PR API Ian Jacobs, April 2018 Overview 3DS2 Summary How best to pair 3DS2 as specified with PR API (e.g., for use cases where already required by regulation). Identify opportunities
More informationETSI ESI and Signature Validation Services
ETSI ESI and Signature Validation Services Presented by: Andrea Röck For: Universign and ETSI STF 524 expert 24.10.2018 CA day ETSI 2018 Agenda Update on standardisation under eidas Signature validation
More informationSOA S90-20A. SOA Security Lab. Download Full Version :
SOA S90-20A SOA Security Lab Download Full Version : https://killexams.com/pass4sure/exam-detail/s90-20a protocol. Before invoking Service A, Service Consumer A must request a ticket granting ticket and
More informationeidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?
eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal? public 1 AGENDA 1. eidas Strategic View 2. Website Certificates 3. Electronic Seals
More informationSándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary
Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary Introduction Private Hungarian IT company since 1984 Custom specific IT system
More informationTechnical guidelines implementing eidas
Technical guidelines implementing eidas Sławek Górniak CA/Day Berlin 19 th September 2016 European Union Agency for Network and Information Security About ENISA 2 Positioning ENISA activities 3 ENISA and
More informationTRUST ELEVATION WITH SAFELAYER TRUSTEDX. David Ruana, Helena Pujol 14Q4
TRUST ELEVATION WITH SAFELAYER TRUSTEDX David Ruana, Helena Pujol 14Q4 About Safelayer Providing ID technologies for Multi-factor Authentication PKI Authentication Digital Signature Since 1999 WWW.SAFELAYER.COM
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationDraft ETSI TS V0.0.3 ( )
Draft TS 119 495 V0.0.3 (2018-01) TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under
More informationPayment Services Directive (PSD2) Opening the doors to a secure business
Payment Services Directive (PSD2) Opening the doors to a secure business for third parties, it is clear they will attract more customers and new revenue models. This has an obvious upside for banking customers
More informationBankline support guides
Bankline support guides Using Bankline with Third Party Provider (TPP) services In this guide Introduction to the TPP consent process Understanding Bankline roles For Bankline administrators setting up
More informationMobile ios Configuration Guide
Mobile ios Configuration Guide Version 23 SP-WX-MBLIOS-CG-201807--R023.00 Sage 2018. All rights reserved. This document contains information proprietary to Sage and may not be reproduced, disclosed, or
More informationMobile ios Configuration Guide
Mobile ios Configuration Guide Version 21 SP-WX-MBLIOS-CG-201801--R021.00 Sage 2018. All rights reserved. This document contains information proprietary to Sage and may not be reproduced, disclosed, or
More informationeidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote
eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote arvid.vermote@be.ey.com EY eidas Certification scheme Scheme EY CertifyPoint B.V. is currently
More informationMobile Android Configuration Guide
Mobile Android Configuration Guide Version 21 SP-WX-MBLAND-CG-201801--R021.00 Sage 2018. All rights reserved. This document contains information proprietary to Sage and may not be reproduced, disclosed,
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company D-TRUST GmbH Kommandantenstraße 15 10969 Berlin, Germany to confirm that its trust service D-TRUST qualified
More informationConformity Assessment Report: Conformity Certificate and Summary. T-Systems U Trust Service Provider: Connect Solutions
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0262.U.08.2018 Trust Service Provider: Connect Solutions Conformity Certificate T-Systems.031.0262.12.2017 Attachment No.
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationPSD2 API INTERFACE SPECIFICATION
PSD2 API INTERFACE SPECIFICATION CONTENTS Contents... 2 List of figures... 3 List of tables... 3 Document information... 4 List of acronyms... 5 References... 6 1 Introduction... 7 1.1 Main focus... 7
More informationConformity Assessment Report: Conformity Certificate and Summary. T-Systems Trust Service Provider: Connect Solutions
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0262.12.2017 Trust Service Provider: Connect Solutions Conformity Certificate T-Systems.031.0262.12.2017 pursuant to Article
More informationData Privacy Statement for myportal to go
Data Privacy Statement for myportal to go Contents 1. Scope... 2 2. Data Handled by Unify Through myportal to go... 2 3. Disclosure of Your Personal Data... 3 4. Accessing, Correcting and Deleting Your
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.03.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationOpen Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014
The enabler of solutions Alexander Summerer, Giesecke & Devrient 30th Oct. 2014 SIMalliance Allows usage of Secure Elements in Mobile Devices Designed for Open Handset OS platforms Common API for Apps
More informationDeutsche Bank Global Transaction Banking. Digipass 270XH. Getting 4 Started.
Deutsche Bank Global Transaction Banking Digipass 270XH Getting 4 Started www.db.com Contents 1. What is a Digipass 270XH 3 2. Prepare your Digipass 4 3. Log-in 5 4. Authorisation with your Digipass 7
More informationLIPPU-API: Security Considerations
LIPPU-API: Security Considerations Interoperability of ticket and payment systems project 27th of November 2017 1 Contents 1 Introduction... 2 2 Threat modeling... 2 3 Layered security architecture and
More informationSELF SERVICE INTERFACE CODE OF CONNECTION
SELF SERVICE INTERFACE CODE OF CONNECTION Definitions SSI Administration User Identity Management System Identity Provider Service Policy Enforcement Point (or PEP) SAML Security Patch Smart Card Token
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
More informationUser Directories. Overview, Pros and Cons
User Directories Overview, Pros and Cons Overview Secure ISMS can operate with one or more of the following user directories. Secure ISMS Users (ISMS) Internal users local to the Secure ISMS application
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company SK ID Solutions AS Pärnu avenue 141 11314 Tallinn, Estonia to confirm that its trust service EID-SK
More informationTechnical Guideline TR eid-server Part 3: eidas-middleware-service for eidas-token
Technical Guideline TR-03130-3 eid-server Part 3: eidas-middleware-service for eidas-token Version 1.0 5. May 2017 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899
More informationPRICE LIST TRUST SERVICE PRODUCTS. Price List Version 5.9 Berlin, April Copyright 2018, Bundesdruckerei GmbH. Seite 1/9
PRICE LIST TRUST SERVICE PRODUCTS Price List Version 5.9 Berlin, April 2018 Copyright 2018, Bundesdruckerei GmbH Seite 1/9 Qualified Single Signature Cards D-TRUST Card 3.0 EU Signature card according
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationUser Manual. University Application Service for International Students in Spain. Application for accreditation. Uned Tudela
University Application Service for International Students in Spain User Manual Application for accreditation Uned Tudela CONTENT This manual explains the steps that the student must follow to make the
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationThe T2S Dedicated Link solution. Connectivity Workshop 27 February S. Orsini, B. Giangregorio, D. Bernabucci Banca d Italia (4CB)
The T2S Dedicated Link solution Connectivity Workshop 27 February 2012 S. Orsini, B. Giangregorio, D. Bernabucci Banca d Italia (4CB) 1 Disclaimer The following slides summarize the envisaged implementation
More informationElectronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015
Electronic registered delivery services (ERDS) in light of the eidas regulation Warsaw Common Sign Conference 2015 ! 1. e-delivery and the eidas regulation - EU legislative framework - French legislative
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company Microsec Ltd. Záhony utca 7. H-1031 Budapest, Hungary to confirm that its trust service e-szignó Qualified
More informationPSD2 Gateway Solution Overview
1 PSD2 Gateway PSD2 Gateway Solution Overview 4 th September 2017 PURPOSE OF THE DOCUMENT PSD2 Gateway is a small team of Fintech experts, developing a standard API solution to fulfil the PSD2 regulation
More informationCS6120: Intelligent Media Systems. User Models. How is User Model Data Obtained? 11/01/2014
CS6120: Intelligent Media Systems Dr. Derek Bridge School of Computer Science & Information Technology UCC User Models For personalization, we need user models which contain some or all of: Identification
More informationedelivery Tutorial How can CEF help you set-up your edelivery infrastructure? November 2016
edelivery Tutorial How can CEF help you set-up your edelivery infrastructure? November 2016 Version Control Version Date Created by Description V1.2 November 2016 CEF Project & Architecture Office Final
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationA NEW MODEL FOR AUTHENTICATION
All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company Asseco Data Systems S.A. Certum CA, ul. Bajeczna 13 71-838 Szczecin, Poland to confirm that its trust
More informationElectronic and digital signatures in Adobe Sign for government.
Electronic and digital signatures in Adobe Sign for government. Adobe Sign lets you comply with local and international regulations using one scalable signature solution. A White Paper September 2017 TABLE
More informationTo make that choice, please click under privacy policy the checkbox (https://www.uniassist.de/en/privacy-policy/)
Privacy Information Protecting your privacy is important to us, the ARBEITS- UND SERVICESTELLE FÜR INTERNATIONALE STUDIENBEWERBUNGEN (uni-assist) e.v., Geneststraße 5, 10829 Berlin, Germany. You may also
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationMore than just being signed-in or signed-out. Parul Jain, Architect,
More than just being signed-in or signed-out Parul Jain, Architect, Intuit @ParulJainTweety Why do we care? TRUST & SECURITY EASE OF ACCESS Can t eliminate friction? Delay it Authentication Levels to balance
More informationMonitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution
RSA Adaptive Authentication On-Premise Implementation Guide Partner Information Last Modified: June 12, 2013 Product Information Partner Name Web Site www.monitise.com Product Name Version & Platform 5.0
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationThe appendix to the certificate is part of the certificate and consists of 3 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company Asseco Data Systems S.A. Certum CA, ul. Bajeczna 13 71-838 Szczecin, Poland to confirm that its trust
More informationBIAN PNC Open APIs for Banking
BIAN PNC Open APIs for Banking Capstone Project at Carnegie Mellon University Mark Grobaker, Arashdeep Kaur, Chaitanya Kommuru Wenting Tao, Pallavi Thakur 10th May 2017 Contents Executive Summary 03 Acknowledgements
More information