diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-06-12 10:15:38 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-06-12 10:15:38 +0200 |
commit | e756fe2d853c0fabe4e0c108c114059914b73d7d (patch) | |
tree | 3424b6df1410acf2edd90bc79d4240fb06be4e35 | |
parent | 13f339060c4b475227214cb000df02db7592aa1a (diff) | |
parent | 54a3dfad4a4f5d0462b61a5b6b4b7818741bf85b (diff) | |
download | docs-e756fe2d853c0fabe4e0c108c114059914b73d7d.tar.gz docs-e756fe2d853c0fabe4e0c108c114059914b73d7d.tar.bz2 docs-e756fe2d853c0fabe4e0c108c114059914b73d7d.zip |
Merge branch 'master' of git+ssh://git.taler.net/docs
-rw-r--r-- | developers-manual.rst | 2 | ||||
-rw-r--r-- | libeufin/banking-protocols.rst | 115 | ||||
-rw-r--r-- | libeufin/index.rst | 1 | ||||
-rw-r--r-- | libeufin/iso20022.rst | 2 |
4 files changed, 119 insertions, 1 deletions
diff --git a/developers-manual.rst b/developers-manual.rst index 70d92f28..19825122 100644 --- a/developers-manual.rst +++ b/developers-manual.rst @@ -1045,7 +1045,7 @@ Anonymous E-Cash the customer. Also some people are scared of anonymity (which as a term is also way too absolute, as anonymity is hardly ever perfect). - **Use instead**: "Privacy-preserving", "Privacy-friedly" + **Use instead**: "Privacy-preserving", "Privacy-friendly" Payment Replay The process of proving to the merchant that the customer is entitled diff --git a/libeufin/banking-protocols.rst b/libeufin/banking-protocols.rst new file mode 100644 index 00000000..f2dee9e4 --- /dev/null +++ b/libeufin/banking-protocols.rst @@ -0,0 +1,115 @@ +Banking Protocols +################# + +This page collects information we have about banking protocols available around +the world. + + +Open Financial Exchange (OFX) Direct Connect +============================================ + +`OFX <https://www.ofx.net/>`__ is widely used in the US. It defines a completely +custom protocol (based on HTTP) and data formats (**not** based on ISO20022) for banking. + + +Electronic Banking Internet Communication Standard (EBICS) +========================================================== + +EBICS is used primarily in Germany, France and Switzerland. Some banks (such as BNPParibas +with their `Global Ebics <https://cashmanagement.bnpparibas.com/our-solutions/solution/global-ebics> offering`__) +also allow EBICS access to accounts in other countries. + +EBICS is just a transfer layer for communicating with banks. Banks define what +messages they support. In practice, EBICS is very often used to transfer +ISO20022 messages. + +German banks that are part of the German Banking Industry Committee all must offer EBICS access. +Thus this protocol is a good choice for the German market. + + +FinTS / HBCI +============ + +German home-banking standard. FinTS is the successor of the Home Banking +Computer Interface (HBCI), but older versions of FinTS are often still called +HBCI. + +The current version, FinTS 4.0, is not widely supported by banks yet. Starting with FinTS, +XML is used as a data format. Previous versions used a custom text/binary format. + +Only some banks allow authentication based on key pairs. +Due to different interpretation of PSD2, other banks now only allow authentication +methods that require interaction from the customer (SCA / Strong Customer Authentication). + +Payloads these days can be ISO20022 messages. + +Examples: + * `GLS <https://www.gls.de/geschaefts-firmenkunden/zahlungsverkehr/onlinebankingverfahren-und-programme/daten-zum-onlinebanking/>`__ + + +PSD2 +==== + +PSD2 is not a technical standard, but high-level legal requirements on (amongst other things) APIs +that banks have to offer. + +There are many implementations of PSD2 APIs. The `Berlin Group <https://www.berlin-group.org/>`__ +provides a framework that somewhat standardizes technical details, but the use of this standard +is by no means necessary. + +Unfortunately, it focuses on *other* parties accessing *your* bank account. It +does not give customers access to their own bank account. Customers can manage +third party access they give to their bank account in their online banking +system. That mechanism is conceptually similar to OAuth2. In fact, some +implementations of PSD2 even use OAuth2 directly. + +PSD2 APIs usually use JSON as a data format. Often the schema and terminology is "inspired" by ISO20022 +messages, but no actual ISO20022 XML message formats are used. + +PSD2 requires two main services to be available via an API: + +* AIS (Account Information Service). +* PIS (Payment Initiation Service). + +Together, they're often called XS2A ("access to account"). + +An entity that wants to use AIS has to be registered with the financial +oversight authority in its country (BAFIN in Germany). PIS has even stronger +legal prerequisites. + +On a technical level, using PSD2 APIs usually requires having an `EIDAS +<https://en.wikipedia.org/wiki/EIDAS>`__ certificate. + +Examples (bank offerings): + * `Sparkasse <https://xs2a.sparkassen-hub.com/home>`__ (Berlin Group based) + * `Deutsche Bank <https://developer.db.com/products/psd2>`__ + +Examples (standards): + * `STET PSD2 API <https://www.stet.eu/en/psd2/>`__ + * `Berlin Group NextGenPSD2 <https://www.berlin-group.org/nextgenpsd2-downloads>`__ + + + +Bank-Proprietary APIs +===================== + +Some banks offer completely custom APIs to access services of the bank. These often include services +not available via more standardized APIs, such as account creation. + +Often banks frame PSD2 as just another API available in their portfolio of API offerings. + +Examples: + +* `Deutsche Bank <https://developer.db.com/products>`__ +* `ING Group <https://developer.ing.com/api-marketplace/marketplace>`__ +* `Revolut <https://revolut-engineering.github.io/api-docs/business-api/>`__ +* `PayPal <https://developer.paypal.com/classic-home/>`__ + + +Open Bank Project +================= + +The `Open Bank Project <https://www.openbankproject.com/>`__ provides a free software implementation of +banking middleware that supports various APIs, including PSD2-compatible APIs (based on Berlin Group). + +API Docs: https://github.com/OpenBankProject/OBP-API/wiki/Open-Bank-Project-Architecture diff --git a/libeufin/index.rst b/libeufin/index.rst index a6d9162e..a54d2949 100644 --- a/libeufin/index.rst +++ b/libeufin/index.rst @@ -13,3 +13,4 @@ LibEuFin is a project providing free software tooling for European FinTech. ebics sepa iso20022 + banking-protocols diff --git a/libeufin/iso20022.rst b/libeufin/iso20022.rst index a7d90586..bc9f5901 100644 --- a/libeufin/iso20022.rst +++ b/libeufin/iso20022.rst @@ -5,6 +5,8 @@ ISO 20022 is the standard that defines many XML messages for FinTech. It is very general, and often countries/orgs define subsets (TVS, technical validation subset) of the schema. +Documentation for message fields can be viewed at https://www.iso20022.org/standardsrepository + Cash Management (camt) ====================== |