Analysts and leading industry surveys have found more and more banks, even in countries with an absence of open banking regulation, have prioritized implementing open banking to fast-track digital transformation and achieve business goals. This means, to stand out in the crowd in mature open banking ecosystems, and to secure a lasting competitive advantage as an early adopter in new markets, banks should select open banking technology that delivers advanced capabilities and scalability backed by a strong vision and industry-understanding. In this release webinar, you will learn how WSO2 Open Banking 2.0 improves the way we help your developers and business teams create, quickly deploy, manage and monetize APIs that add real value for your internal teams, partners, and consumers. We will also help you understand how our technology can be best deployed as a part of a successful open banking strategy.

1. What’s New With WSO2 Open Banking?
October 2020 Release
November 2020

2. Hello!
Imesh Umayanga
Lalaji Sureshika
Release Manager, WSO2 Open Banking
lalaji@wso2.com
imeshu@wso2.com
Head of R&D, WSO2 Open Banking

3. Introduction to WSO2 Open Banking
What’s New With 2.0
Support for Microservices Architecture
Updated Support for Open Banking Standards
Enabling Premium Open Banking Capabilities
Future Roadmap
3
Today’s Session

4. 4
Open Banking Evolution
Industry-Driven “Open Banking”
Progressive banks working with “fintech” to build new consumer value
WSO2 working with banks since 2005 on building ecosystems
2017
Regulated Open Banking
PSD2 forces API-based data sharing on all banks, intent is compliance
WSO2 launches formal open banking solution with digital transformation focus
2019/ 2020
Banks Switch Mindset
Banks see digital transformation potential of open banking
WSO2 formalizes technology & consultancy model

5. WSO2 Open Banking

6. WSO2 Open Banking delivers accelerated compliance to global standards built on
proven, extensible & industry-leading API-technology to realise the transformative
potential of open banking for the bank, it’s partners and consumers.
6
Simplify Open Banking Success

7. Comprehensive Open Banking Technology
7
WSO2 Open
Banking
Technology
Standards
-Based
API Templates
Third Party
Onboarding &
Management
Developer
Portal &
API Marketplace
Premium APIs
& Monetization
Banking
Systems
IntegrationData Analytics
Data
Security
Fraud
Detection
Consent
Management
Consumer
Authentication

8. Open Banking APIs Use Cases You Can Build
Account & Product Information APIs
Aggregation & Comparison
Lending & Credit Scoring
Debt Advice & Restructuring
KYC & Verification
Payment Initiation APIs
Payment Request Initiation
Refunds or Payment Reversals
Premium APIs
Personal Financial Management
SME Financial Management
Business Invoicing & Payments
Advanced Lending & Credit Scoring
Advanced KYC & Verification
Loyalty & Rewards
8

9. What’s New With 2.0

10. Support for Microservices Architecture
10

11. 11
● Lightweight API micro gateway support
● Inbuilt authentication, authorization, request schema validations, rate limiting, and analytics
● Key benefits
⦿ Scalable
⦿ Cloud Native
⦿ Decentralized
⦿ Developer focused
⦿ Immutable
Support for microservices architecture

12. 12
High-Level Architecture

13. 13
● Describing the YAML file
● Starting up
● API invocations
Microgateway Demo

14. Alignment to Open Banking Standards
14

15. The Consumer Data Standards Version 1.3.1
15

16. 16
● To revoke an existing sharing arrangement.
● If the CDR Arrangement API is called for revocation, it must delete associated
refresh and/or access tokens.
● Mandatory from November 2020.
API Function URI
Revoke Consent DELETE https://data.holder.com.au/arrangements/v1/{cdr-arrangement-id}
https://docs.wso2.com/display/OB200/Deploying+CDR+Arrangement+Management+API+v1.0.0
Support for the CDR Arrangement Management API

17. 17
● Allows OAuth 2.0 clients a back-channel to post the parameters of an
authorisation request to the authorization server and obtain an opaque URI.
● Main Benefits of the PAR endpoint
⦿ Frees the authorization request from any browser URL length limits.
⦿ Ensures confidentiality of request parameters of authorization requests.
⦿ Confidential OAuth clients will be authenticated up-front and the request parameters
will be checked for errors before the end-user redirect to the authorization endpoint
for login and consent.
https://docs.wso2.com/display/OB200/Pushed+Authorisation+Endpoint
Support for Pushed Authorization [PAR] Endpoint

18. 18
1. Identifier First Authenticator step enhanced to prevent attacks including enumeration
attacks and brute-forcing the OTP.
Enhanced CX Guideline-Support for API Flows

19. 19
2. UX updated for the consent granting
step.
https://consumerdatastandards.gov.au/consumer-d
ata-standards/consumer-experience/

20. 20
● Identifier first authentication enhancements
● PAR endpoint
CDS Specification Demo

21. 21
Aligned with Non-Functional Requirements

22. ● Minimum round trip time for Data Recipients
22
Tier Round Trip Type Scope
Unauthenticated 1500ms products()
productDetails(productId)
High Priority 1000ms InfoSec endpoints
DCR endpoint
Common APIs
Low Priority 1500ms Banking APIs
Unattended 4000ms Unattended calls to High and
Low priority
Large Payload 6000ms Banking APIs
Performance Requirements

23. 23
Customer
present traffic
Unattended traffic Secure traffic
(customer
presented and
unattended)
Public traffic
(traffic to
unauthenticated
endpoints)
Number of
sessions per day
Unlimited 20 - -
TPS 10 per customer
50 per Data
Recipient
5 per session
50 per Data
Recipient
300 across all
consumers
300 across all
consumers
(additive to secure
traffic)
Number of calls - 100 total calls per
session
- -
Scenario
Threshold
Traffic Thresholds

24. 24
● Collects and stores API invocation data in a reporting database.
● Exposes a REST endpoint for banks to collect API invocation data to generate reports.
Support for Regulatory Reporting Requirements

25. 25
● Support for concurrent consents
⦿ Allow multiple consents for the same Data Recipient-consumer combination.
⦿ Enforced after November 2020.
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+Australia
Self learning course - https://lms.wso2.com/courses/wso2-open-banking-for-australias-cdr
Additional Features

26. 26
● Continuous specification version updates for 1.5.1 & future versions
● Enhancements to data reporting for phase 2 APIs
● Revamping consent management app UIs
What’s Next?

27. OBIE’s Open Banking Standard Version 3.1.5
27

28. 28
https://docs.wso2.com/display/OB200/Try+Out+WSO2+Open+Banking+UK
Updates to the Accounts, Payments and CoF APIs

29. 29
● Improving the consumer experience ...
Support for the Latest CX Guidelines

30. 30
● Allows a TPP to request an aggregated set of access revocations and other account access
events related to multiple access consents from multiple Payment Service Users (PSUs)
during a specific period
Aggregated Polling

31. 31
● Support for Management Information reporting version 3.1.2
https://docs.wso2.com/display/OB200/PSD2+Data+Reporting
● Support for JSON Web Signature validation (being enforced since June 2020)
https://docs.wso2.com/display/OB200/API+Security+for+UK#APISecurityforUK-JSONWebSignature(JWS)
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+UK
Self learning course - https://lms.wso2.com/courses/wso2-open-banking-for-the-uk/
Additional Features

32. 32
● Continuous updates to meet new versions of the standard
● Support for post-eIDAS certificate regime
What’s Next?

33. The Berlin Group
NextgenPSD2 XS2A Framework Implementation Version 1.3.6
33

34. 34
https://docs.wso2.com/display/OB200/Try+Out+WSO2+Open+Banking+Berlin
Updates to the Accounts and Payments APIs

35. 35
Support for Confirmation of Funds Consent

36. 36
● Continuous updates to meet new versions of the standard
● Support for extended value addition services such as Multiple Consent Management
& the Lean Push Service
● Align with changes that come with the Berlin Group Open Finance standard
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+Berlin
What’s Next?

37. Enabling Premium Open Banking Capabilities
37

38. 38
● Supported out-of-the-box
● Multiple business models provided
⦾ Consumers pay for API usage (e.g., tiered, pay-as-you-go)
⦾ Consumers get paid for API usage (e.g., affiliated marketing)
⦾ Indirect revenue model (e.g., internal API usage, e-commerce platform-integration)
● Ability to integrate with third party billing systems (e.g., Stripe, Paypal)
https://apim.docs.wso2.com/en/latest/learn/api-monetization/monetizing-an-api/
Commercial Capabilities—API Monetization

39. 39
Subscription Policy UI Monetize API UI

40. 40
● Supported out-of-the-box.
● Repackage existing APIs in different combinations to offer tailor-made experiences.
https://apim.docs.wso2.com/en/latest/learn/design-api/create-api-product/api-product-overview/
Commercial Capabilities— API Productization

41. 41
● Out-of-the-box support for create/ publish GraphQL APIs
● Authentication via operation-level security
● Authorization via operation-level access control
● Rate limiting
● Operation-level analytics
● Detect and block malicious queries
● Developer portal access
https://apim.docs.wso2.com/en/latest/learn/design-api/create-api/create-a-graphql-api/
First Class Support for GraphQL APIs

42. 42
Publisher UI support for create/publish GraphQL APIs

43. 43
● Creating an API Product
● Revamped UIs of API Publisher and Developer Portal
Premium Open Banking Demo

44. Enhanced UX & Simplified Workflows
44

45. 45
● Single Page Architecture
● Modernized JS dependency system
(NPM)
● Improved packaging and build system
(Webpack)
● Build versatile yet easily customizable
portals
Revamped ReactJS based UI

46. 46
● Centralized configuration model
⦿ Introduced easy configuration model
in TOML format.
⦿ A single configuration file per WSO2
Open Banking server without multiple
configuration files.
Easy Configuration

47. Future Roadmap

48. Our Future Roadmap
● Digital transformation accelerators
● Federated API marketplace
● Developer-focused enhancements (low-code/ no-code)
● CIBA compliance
48

49. A Strategic Approach
49

50. 50
Understanding All Your Questions
TECHNOLOGY
“What do we need to deploy
& how do we do it best?”
INTERNAL ALIGNMENT
“Are teams set up to make the most of
digitization & collaboration?”
ECOSYSTEM
“How do we choose & work with the best
fintech firms & other partners?”
INNOVATION
“Which consumer problems should we solve
& how do we scale new solutions?”
STANDARDS
“Why should we consider standards and
how should we approach compliance?”BUSINESS GOALS
Which business
goals can we best
achieve through
open banking?

51. 51
Answering All Your Questions
Commercially Successful
Open Banking
API Management IAM
Integration
& Legacy Override
Analytics
Technology
Open Banking Capabilities
Discovery
Design
Workshop
Technology & Process Implementation
Engage the
Ecosystem
Technology & Strategic Consultancy

52. The WSO2 Advantage for Open Banking
52
Consultancy services built on delivering
open banking & mission critical solutions
to global financial services leaders
Cost-effective without
compromising on rich experience
$
API templates & security profiles
complying with global standards
AUS | UK | EU | BR | MX | FAPI
Microservices, containers & beyond
to future-proof your customer offerings
Built on industry-leading API platform to
enable impactful collaboration with fintech
firms & generate new commercial opportunities
Leader in The Forrester Wave™: API Management Solutions, Q3 2020 Report
Recognized in integration & IAM by Forrester, Gartner & KuppingerCole
A Comprehensive technology
& services solution guiding you to
open banking-driven digital maturity

53. Question Time!

54. wso2.com
Thanks!