Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Strong Customer Authentication
Sachithra Dangalla
Software Engineer
WSO2 Open Banking Team
All your questions answered
Agenda
● What is SCA?
● The RTS for SCA
● Exemptions from SCA
● SCA Approaches
● Configuring default authenticators
● Custo...
What is Strong Customer Authentication?
Authentication
Factors
Password, PIN, ID number Key, mobile device, token or
Smart...
RTS for SCA
https://eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+
and+CSC+under+PSD2+%28EBA-RTS-2017-02%29...
When SCA is exempted:
Exemptions from SCA
Transaction amount
> 10000 SGD
Transaction amount
< 10000 SGD
Basic Authenticati...
SCA Approaches
Redirect Approach
AISP Bank AISP
SCA Approaches
Decoupled Approach
AISP AISP
Bank
SCA Approaches
Embedded Approach
AISP AISP
Bank
User
credentials
Authentication
result
WSO2 Open Banking
• SCA Approach defines the high level functionality
• SCA methods define more granular functionality
• Authenticator = SCA m...
Implementation guide:
• Local authenticator:
https://docs.wso2.com/display/IS570/Writing+a+Custom+Local+Authenti
cator
• F...
● Custom authenticator:
○ .jar file ~ authenticator logic
○ .war ~ user interfaces
● Copy the .jar file to <wso2_obkm>/repos...
• Add a authenticator config element to the application-authentication.xml
file in the <wso2_obkm>/repository/conf/identity/...
Configuring Default Authenticators
Configuring Default Authenticators
Demo
https://openbanking.wso2.com/
Open Banking Flows
Login and
accessing account
information via
web/mobile
application
Initiation
account info
Login page
2...
Multi-step and multi-option
Configuration per application
Multi-Step : Add any number of
authentication steps
Multi-Option ...
● Further flexibility can be achieved by customizing
the key manager extension
○ Set different combinations of authenticato...
● Create a custom java component and add the
below dependencies
○ com.wso2.finance.open.banking.sca.keymanager
○ org.wso2.c...
• Build the module and add the component in
OB-APIM/repository/components/dropins.
• Modify the <KeyManagerClientImpl> ele...
Upcoming Webinars
• Webinar 4: OBIE Directory Integration - A Technical Deep Dive - May 7
• Webinar 5: PISP journey based ...
Additional Resources
More Information http://wso2.com/solutions/financial/open-banking/
Try out WSO2 Open Banking https://o...
THANK YOU
wso2.com
Prochain SlideShare
Chargement dans…5
×

Strong Customer Authentication - All Your Questions Answered

78 vues

Publié le

This deck will cover what is SCA, the regulatory requirements, the exemptions, SCA approaches, configuring default authenticators and customizing SCA based components.

Watch the Webinar On-Demand here - https://wso2.com/solutions/financial/open-banking/webinars/uk/

Publié dans : Technologie
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Strong Customer Authentication - All Your Questions Answered

  1. 1. Strong Customer Authentication Sachithra Dangalla Software Engineer WSO2 Open Banking Team All your questions answered
  2. 2. Agenda ● What is SCA? ● The RTS for SCA ● Exemptions from SCA ● SCA Approaches ● Configuring default authenticators ● Customizing SCA based components ○ Implementing custom authenticators ○ Customizing Key Manager Extension
  3. 3. What is Strong Customer Authentication? Authentication Factors Password, PIN, ID number Key, mobile device, token or Smart card Fingerprint, face or voice recognition Knowledge Possession Inherence Authentication = Verifying the identity of a user Strong customer Authentication = Authenticating by using at least 2 out of the 3 elements
  4. 4. RTS for SCA https://eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+ and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf 6 Chapters ~ 32 Articles ● General Provisions ● Security Measures for the Application of Strong Customer Authentication ● Exceptions from Strong Customer Authentication ● Confidentiality and Integrity of the Payment Service Users’ Personalized Security Credentials ● Common and Secure Open Standards of Communication ● Final Provisions
  5. 5. When SCA is exempted: Exemptions from SCA Transaction amount > 10000 SGD Transaction amount < 10000 SGD Basic Authentication SMS OTP Authentication Basic Authentication Authenticated Authenticated
  6. 6. SCA Approaches Redirect Approach AISP Bank AISP
  7. 7. SCA Approaches Decoupled Approach AISP AISP Bank
  8. 8. SCA Approaches Embedded Approach AISP AISP Bank User credentials Authentication result
  9. 9. WSO2 Open Banking
  10. 10. • SCA Approach defines the high level functionality • SCA methods define more granular functionality • Authenticator = SCA methods implementation • https://store.wso2.com/store/assets/isconnector/list Authenticators • Local and federated authenticators Local: Basic / IWA (zero password login) / FIDO (First Identity Online) Federated: SAML2/ OIDC / MePIN / Email OTP / SMS OTP
  11. 11. Implementation guide: • Local authenticator: https://docs.wso2.com/display/IS570/Writing+a+Custom+Local+Authenti cator • Federated authenticator: https://docs.wso2.com/display/IS570/Writing+a+Custom+Federated+Aut henticator Implementing Custom Authenticators
  12. 12. ● Custom authenticator: ○ .jar file ~ authenticator logic ○ .war ~ user interfaces ● Copy the .jar file to <wso2_obkm>/repository/components/dropins directory and restart the Key Manager component. ● Copy the .war file to <wso2_obkm>/repository/deployment/server/webapps directory and make sure web application deployed successfully from the Key manager logs. Implementing Custom Authenticators
  13. 13. • Add a authenticator config element to the application-authentication.xml file in the <wso2_obkm>/repository/conf/identity/ directory and you can define and parameters that could be used in the implementation of authenticator. Configure Custom Authenticators <AuthenticatorConfig name="FacebookAuthenticator" enabled="true"> <Parameter name="AuthTokenEndpoint">https://graph.facebook.com/abcd</Parameter> <Parameter name="AuthnEndpoint">http://www.facebook.com/dialog/oauth</Parameter> </AuthenticatorConfig>
  14. 14. Configuring Default Authenticators
  15. 15. Configuring Default Authenticators
  16. 16. Demo https://openbanking.wso2.com/
  17. 17. Open Banking Flows Login and accessing account information via web/mobile application Initiation account info Login page 2 Factor authentication Customer consent Token Get account information Web/Mobile Apps Token 1 2 3 4 5 6 7
  18. 18. Multi-step and multi-option Configuration per application Multi-Step : Add any number of authentication steps Multi-Option : Add any number of authenticators for a step
  19. 19. ● Further flexibility can be achieved by customizing the key manager extension ○ Set different combinations of authenticators ○ Set different authenticators for production and sandbox applications ○ Set authenticators dynamically under different circumstances Customizing Key Manager Extension
  20. 20. ● Create a custom java component and add the below dependencies ○ com.wso2.finance.open.banking.sca.keymanager ○ org.wso2.carbon.apimgt.impl ● Java class should extend “SCABasedKeyManagerClient” ● Override method “setAuthenticators” Customizing Key Manager Extension
  21. 21. • Build the module and add the component in OB-APIM/repository/components/dropins. • Modify the <KeyManagerClientImpl> element in api-manager.xml of OB-APIM/repository/conf/ directory with FQN of your extended class Customizing Key Manager Extension <APIKeyManager> <KeyManagerClientImpl>com.wso2.sample.SampleKeyManagerClient</KeyManagerClientImpl> </APIKeyManager>
  22. 22. Upcoming Webinars • Webinar 4: OBIE Directory Integration - A Technical Deep Dive - May 7 • Webinar 5: PISP journey based on Open Banking UK - May 8 • Webinar 6: Verify Your Conformance Against OBIE - May 9 • All webinars will be at 10.00 a.m. GMT.
  23. 23. Additional Resources More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com Solution RoadMap How WSO2 Open Banking Adheres to the Open Banking UK Standard What’s new in WSO2 Open Banking
  24. 24. THANK YOU wso2.com

×