Open Banking Europe (OBE) has published its JSON Web Signature Profile for Open Banking for industry review. The publication of this draft standard is aimed at addressing concerns about standardization and security in signing Open Banking APIs and at aligning European APIs onto one security model.
The work on this standard has been led by OBE and ETSI (Electronic Telecommunications Standards Institute) and has brought together experts from the different PSD2 API Communities – Berlin Group, STET, SIBS (Portugal), Czech Open Banking, UK Open Banking, Polish Bank Association, Team Digitale (Italy), Consorzio CBI (Customer to Business Interaction – Italy), Borica (Bulgaria), Slovak Banking Association – with experts on signature formats from ETSI. The profile is geared at meeting the requirements of the ETSI “JAdES” specification, which is currently under development for advanced electronic signatures and seals in line with the EU eIDAS (Electronic Identification, Authentication & Trust Services) Regulation.
“With this work, we are pleased to continue the mission of Open Banking Europe to describe and standardize Open Banking practices in Europe following the implementation of PSD2,” said John Broxis, managing director of PRETA/Open Banking Europe. Preta is a wholly-owned subsidiary of EBA Clearing, which has major banks as shareholders such as ING, J.P. Morgan, Société Générale, among numerous others.
“This standard is a great step forward in harmonizing signing solutions. It builds directly on the IETF JSON Web Signature, takes advantage of ETSI’s experience in working on signature formats for two decades, and brings together the existing approaches of the PSD2 API communities into a single approach”, said Nick Pope, vice-chair of ETSI TC on Electronic Signatures and Infrastructures. No final date on the consultation has yet been set.