WSO2 Open Banking 1.4 Now Supports the Australian Consumer Data Standard Specification
- Sachini Siriwardene
- Software Engineer - WSO2
You can now use WSO2 Open Banking to try out the data flow for version 1.0.1 of the Consumer Data Standards (CDS) specification, enabling banks to achieve technical compliance for the Consumer Data Rights (CDR) legislation. This feature focuses on delivering the basic consent management functionality, along with consent validation and Dynamic Client Registration.
New features introduced with the latest WUM release
Consumer authentication
The CDS for Australia differs from the other major specifications for Open Banking in that it uses OpenID Connect (OIDC) scopes for the purpose of consent management. Unlike the UK and Berlin specifications, there is no implicit consent object created.
The consent journey starts with the consumer authentication request followed by the consumer (either an individual account holder or agent of an organization) approving the consent for the specific permissions, which are requested by the Accredited Data Recipient (ADR). The CDS includes a data language mapping that maps the requested scopes to specific permissions; this helps the consumer understand the requested consent in a simplified manner.
WSO2 Open Banking supports this authentication journey, along with support for request object validation. A request object is a signed JSON Web Token, which includes the claims that are requested by the ADR. Also, as mentioned in the consumer standards guideline, the Data Holder can integrate authentication followed by SMS OTP authentication without using a password, which is also supported in WSO2 Open Banking.
Consent Management
Consent grant
After the consumer authentication succeeds, the consumer will be redirected to approve the consent. The consent is displayed according to the relevant scopes that are requested by the ADR in the authorization request. The scopes requested will be translated to the specific data language term in order for the consumer to understand the requested consent in simple terms. The Open Banking solution supports consent granting with options to accept or deny the consent by the consumer.
Consent validation
Consent Validation for the CDS specification includes scope validation, which is handled out-of-the box by WSO2 Open Banking. This prevents an ADR from retrieving details from endpoints, which include scopes other than the authorized scopes for which the access token is issued. In addition, the solution validates whether the account ID sent in the retrieval request is an authenticated account and also whether the sharing duration has not exceeded at the time of requesting for the consumer data from the Data Holder. These features allow the Data Holder to ensure that the ADR-requested data is always approved by the consumer before exposing the consumer details to the ADR.
Consent revocation
The CDS consumer experience guidelines allow consumers to withdraw their authorization and prevent the ADR to access consumer data from the Data Holder. WSO2 Open Banking can support this use case through the consent management application, which allows the consumer to sign in and view the details of the granted consents as well as withdraw the consent when necessary.
Dynamic Client Registration
The Dynamic Client Registration (DCR) protocol allows an OAuth application to be registered at an OAuth server. In the context of CDS, DCR allows an ADR to register their software products at a Data Holder after obtaining a Software Statement Assertion (SSA) from the CDR register (Australian Competition and Consumer Commission). The CDS client registration flow is mostly similar to the UK DCR specification. The main difference is that CDS registration flow only supports the ‘private_key_jwt’ token endpoint authentication method. The CDR Dynamic Client Registration v0.1 specification states that the Data Holder authorization servers should expose the following endpoints in order to support DCR.
POST /register
GET /register/{clientID}
PUT /register/{clientID}
DELETE /register/{clientID} - Optional
WSO2 Open Banking supports all four of the specified endpoints, including the necessary security requirements (TLS Mutual Authentication and HoK). ADRs can manage their software products using the stated endpoints and the Data Holder’s administrator account has the permissions to view and manage all the software products registered using DCR by signing in to the developer portal.
For more information regarding Dynamic Client Registration, please visit WSO2 Open Banking 1.4 Consumer Data Standards - Dynamic Client Registration v0.1 .
Value-added features offered
Swagger-based request validations
WSO2 Open Banking supports swagger-based request validation, which enables the ability to ensure that the request URL or the request payload body conforms to the swagger specification that is published. This will prevent invalid or poorly formatted requests reaching the Data Holder.
Extensible authentication web app support
The authentication web app, which is shipped with the Open Banking solution, can be modified by the Data Holder to integrate with the bank’s endpoints for account retrieval or any other custom validation the bank needs. It also provides the Data Holder the flexibility to deploy the web app in an external location.
For more information on extending the authentication web app, please click here.
Upcoming Features for the CDS Specification
The CDS mentions an Admin API, which the Data Holders should implement for the purpose of obtaining metrics related to API calls and also to update the metadata related to ADRs. WSO2 Open Banking supports analytics capabilities during API invocations. The next release of the solution will customize these capabilities to suit the CDS requirements. Furthermore, we aim to support metadata refresh scenarios, where the CDR register will inform the Data Holders when a new ADR software product becomes active or an ADR Software Product has been deactivated or removed from the CDR Register.
Why choose WSO2 Open Banking?
WSO2 Open Banking includes all the technology requirements for banks to be compliant with the CDS specification. The solution roadmap caters to the specification’s latest modifications. This helps banks to reduce their migration efforts as they do not need to spend time making sure the solution is up to date with the latest release.
WSO2 Open Banking ensures that all security-related tasks are taken care of so that a bank will only need to integrate bank services with the solution. The solution’s flexible architecture provides banks a seamless integration experience, along with the capability to meet technology use cases extending beyond that of open banking.
For more information on how WSO2 Open Banking can help your open banking journey, please visit us at https://wso2.com/solutions/financial/open-banking/.