JSON Web Signature Profile for Open Banking

This document defines a profile of JSON Web Signature, as defined in RFC 7515 in support of secure communications under the Payment Services Directive 2015/2366 (PSD2).

Background

OBE brought together a group of experts from the PSD2 API communities with experts on signature formats from ETSI. The group carried out a survey of the current approaches to secure communications for PSD2 based on EU Qualified Certificates as required under the EU “regulatory technical standards for strong customer authentication and common and secure open standards of communication”. As a result of the survey it was found that there were two basic approaches taken. About half API communities used JSON Web Signatures to protect the payload, whilst the other half use HTTP Signatures based on a draft specification originally authored by Cavage. HTTP signatures were chosen primarily because of its ability to protect HTTP header information. As a result, it was agreed to produce a common specification of how to protect PSD2 payloads which brings together the JSON Web Signatures with the ability of HTTP Signatures to protect HTTP header information. It was also the aim to align the specification with the ETSI “JAdES” specification for advanced electronic signatures and seals in line with the EU eIDAS regulation. The present document is this common specification.

 

 

Scope

This document defines a profile of JSON Web Signature (JWS hereinafter), as defined in RFC 7515 in support of secure communications under the Payment Services Directive 2015/2366 (PSD2). In particular, it is aimed at supporting the secure communications between payment service providers using qualified certificates for electronic seals, (Article 3(30) of Regulation (EU) No 910/2014), as required under Commission Delegated Regulation (EU) 2018/389 [15] Article 34. ETSI has developed a standard for JWS which includes the special features already in other ETSI standards for AdES digital signatures and is aligned with Regulation (EU) No 910/2014, called JAdES (ETSI TS 119 182-1). The current profile is aligned with the basic (B-B) level of JAdES and makes use of JWS header parameters formally defined in JAdES. A description is provided of these JAdES header parameters in this specification along with additional requirements for their use.

Downloading the full report is restricted to OBE Europe members only. Please login to download.

Share:

Have a question?
Get in touch

* Indicates a mandatory field

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.

You may also be interested in:

Day 2 of Open Banking Expo London kicked off with a Fireside Chat between Luis Miguel Zapata, Vice President, Digital

The 5th version of Latam Fintech Market, one of the most important industry events in the country, took place in

Lauren will be discussing how to balance innovation and business standards with esteemed speakers from Swift and the Bank of

Become a Member

Please fill in the form below to register your interest in joining our OBE Membership programme with us and a member of our team will contact you shortly.

Please note: fields marked with * are mandatory

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.