Merge branch 'master' of git+ssh://git.taler.net/docs

4 files changed, 119 insertions, 1 deletions

diff --git a/developers-manual.rst b/developers-manual.rst
index 70d92f28..19825122 100644
--- a/developers-manual.rst
+++ b/developers-manual.rst
@@ -1045,7 +1045,7 @@ Anonymous E-Cash
   the customer. Also some people are scared of anonymity (which as
   a term is also way too absolute, as anonymity is hardly ever perfect).
 
-  **Use instead**:  "Privacy-preserving", "Privacy-friedly"
+  **Use instead**:  "Privacy-preserving", "Privacy-friendly"
 
 Payment Replay
   The process of proving to the merchant that the customer is entitled
diff --git a/libeufin/banking-protocols.rst b/libeufin/banking-protocols.rst
new file mode 100644
index 00000000..f2dee9e4
--- /dev/null
+++ b/libeufin/banking-protocols.rst
@@ -0,0 +1,115 @@
+Banking Protocols
+#################
+
+This page collects information we have about banking protocols available around
+the world.
+
+
+Open Financial Exchange (OFX) Direct Connect
+============================================
+
+`OFX <https://www.ofx.net/>`__ is widely used in the US.  It defines a completely
+custom protocol (based on HTTP) and data formats (**not** based on ISO20022) for banking.
+
+
+Electronic Banking Internet Communication Standard (EBICS)
+==========================================================
+
+EBICS is used primarily in Germany, France and Switzerland.  Some banks (such as BNPParibas
+with their `Global Ebics <https://cashmanagement.bnpparibas.com/our-solutions/solution/global-ebics> offering`__)
+also allow EBICS access to accounts in other countries.
+
+EBICS is just a transfer layer for communicating with banks.  Banks define what
+messages they support.  In practice, EBICS is very often used to transfer
+ISO20022 messages.
+
+German banks that are part of the German Banking Industry Committee all must offer EBICS access.
+Thus this protocol is a good choice for the German market.
+
+
+FinTS / HBCI
+============
+
+German home-banking standard.  FinTS is the successor of the Home Banking
+Computer Interface (HBCI), but older versions of FinTS are often still called
+HBCI.
+
+The current version, FinTS 4.0, is not widely supported by banks yet.  Starting with FinTS,
+XML is used as a data format.  Previous versions used a custom text/binary format.
+
+Only some banks allow authentication based on key pairs.
+Due to different interpretation of PSD2, other banks now only allow authentication
+methods that require interaction from the customer (SCA / Strong Customer Authentication).
+
+Payloads these days can be ISO20022 messages.
+
+Examples:
+ * `GLS <https://www.gls.de/geschaefts-firmenkunden/zahlungsverkehr/onlinebankingverfahren-und-programme/daten-zum-onlinebanking/>`__
+
+
+PSD2
+====
+
+PSD2 is not a technical standard, but high-level legal requirements on (amongst other things) APIs
+that banks have to offer.
+
+There are many implementations of PSD2 APIs.  The `Berlin Group <https://www.berlin-group.org/>`__
+provides a framework that somewhat standardizes technical details, but the use of this standard
+is by no means necessary.
+
+Unfortunately, it focuses on *other* parties accessing *your* bank account.  It
+does not give customers access to their own bank account.  Customers can manage
+third party access they give to their bank account in their online banking
+system.  That mechanism is conceptually similar to OAuth2.  In fact, some
+implementations of PSD2 even use OAuth2 directly.
+
+PSD2 APIs usually use JSON as a data format.  Often the schema and terminology is "inspired" by ISO20022
+messages, but no actual ISO20022 XML message formats are used.
+
+PSD2 requires two main services to be available via an API:
+
+* AIS (Account Information Service).
+* PIS (Payment Initiation Service).
+
+Together, they're often called XS2A ("access to account").
+
+An entity that wants to use AIS has to be registered with the financial
+oversight authority in its country (BAFIN in Germany).  PIS has even stronger
+legal prerequisites.
+
+On a technical level, using PSD2 APIs usually requires having an `EIDAS
+<https://en.wikipedia.org/wiki/EIDAS>`__ certificate.
+
+Examples (bank offerings):
+ * `Sparkasse <https://xs2a.sparkassen-hub.com/home>`__ (Berlin Group based)
+ * `Deutsche Bank <https://developer.db.com/products/psd2>`__
+
+Examples (standards):
+ * `STET PSD2 API <https://www.stet.eu/en/psd2/>`__
+ * `Berlin Group NextGenPSD2 <https://www.berlin-group.org/nextgenpsd2-downloads>`__
+
+
+
+Bank-Proprietary APIs
+=====================
+
+Some banks offer completely custom APIs to access services of the bank.  These often include services
+not available via more standardized APIs, such as account creation.
+
+Often banks frame PSD2 as just another API available in their portfolio of API offerings.
+
+Examples:
+
+* `Deutsche Bank <https://developer.db.com/products>`__
+* `ING Group <https://developer.ing.com/api-marketplace/marketplace>`__
+* `Revolut <https://revolut-engineering.github.io/api-docs/business-api/>`__
+* `PayPal <https://developer.paypal.com/classic-home/>`__
+
+
+Open Bank Project
+=================
+
+The `Open Bank Project <https://www.openbankproject.com/>`__ provides a free software implementation of
+banking middleware that supports various APIs, including PSD2-compatible APIs (based on Berlin Group).
+
+API Docs: https://github.com/OpenBankProject/OBP-API/wiki/Open-Bank-Project-Architecture
diff --git a/libeufin/index.rst b/libeufin/index.rst
index a6d9162e..a54d2949 100644
--- a/libeufin/index.rst
+++ b/libeufin/index.rst
@@ -13,3 +13,4 @@ LibEuFin is a project providing free software tooling for European FinTech.
   ebics
   sepa
   iso20022
+  banking-protocols
diff --git a/libeufin/iso20022.rst b/libeufin/iso20022.rst
index a7d90586..bc9f5901 100644
--- a/libeufin/iso20022.rst
+++ b/libeufin/iso20022.rst
@@ -5,6 +5,8 @@ ISO 20022 is the standard that defines many XML messages for FinTech.  It is
 very general, and often countries/orgs define subsets (TVS, technical
 validation subset) of the schema.
 
+Documentation for message fields can be viewed at https://www.iso20022.org/standardsrepository
+
 
 Cash Management (camt)
 ======================