Konsentus Powering Trust in Open Ecosystems

JSON Web Signature Profile for Open Banking

This document defines a profile of JSON Web Signature, as defined in RFC 7515 in support of secure communications under PSD2.

Share This Post

Background

OBE brought together a group of experts from the PSD2 API communities with experts on signature formats from ETSI. The group carried out a survey of the current approaches to secure communications for PSD2 based on EU Qualified Certificates as required under the EU “regulatory technical standards for strong customer authentication and common and secure open standards of communication”. As a result of the survey it was found that there were two basic approaches taken. About half API communities used JSON Web Signatures to protect the payload, whilst the other half use HTTP Signatures based on a draft specification originally authored by Cavage. HTTP signatures were chosen primarily because of its ability to protect HTTP header information. As a result, it was agreed to produce a common specification of how to protect PSD2 payloads which brings together the JSON Web Signatures with the ability of HTTP Signatures to protect HTTP header information. It was also the aim to align the specification with the ETSI “JAdES” specification for advanced electronic signatures and seals in line with the EU eIDAS regulation. The present document is this common specification.

Scope

This document defines a profile of JSON Web Signature (JWS hereinafter), as defined in RFC 7515 in support of secure communications under the Payment Services Directive 2015/2366 (PSD2). In particular, it is aimed at supporting the secure communications between payment service providers using qualified certificates for electronic seals, (Article 3(30) of Regulation (EU) No 910/2014), as required under Commission Delegated Regulation (EU) 2018/389 [15] Article 34. ETSI has developed a standard for JWS which includes the special features already in other ETSI standards for AdES digital signatures and is aligned with Regulation (EU) No 910/2014, called JAdES (ETSI TS 119 182-1). The current profile is aligned with the basic (B-B) level of JAdES and makes use of JWS header parameters formally defined in JAdES. A description is provided of these JAdES header parameters in this specification along with additional requirements for their use.

Download the full report

This content was originally published on [date or year] for participants of the Open Banking Exchange Membership Programme. It consisted of the Open Banking Exchange’ sole opinion as of its date of publication and was intended for general information of its members. It is now available for visitors to the Konsentus website.

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Singapore Fintech Festival 2024

Konsentus’ Brendan Jones joined a global gathering of policymakers, fintechs, financial services organisations, and technology providers at Singapore Fintech Festival

Read More
November 6, 2024

Money 20/20 USA 2024

At Money20/20 USA 2024, one of the major topics discussed was the Consumer Financial Protection Bureau’s (CFPB) final rule on Personal Financial

Read More
October 27, 2024

Talk with Our Team Today

Join us on the Journey

Protect your customers transacting in open ecosystems.

Get in Touch
Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.

Name(Required)

Opt-in

On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.

This field is for validation purposes and should be left unchanged.

Login to your account