Versions Compared

Version Old Version 2 New Version Current
Changes made by

Chris Michael

Erick Domingues

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
info
Expand
titleMENU
Table of Contents
stylenone

This document is presently in draft form and has been developed to facilitate discussions among the Open Finance United Arab Emirates (OPF-UAE) Work Groups and relevant stakeholders. It is anticipated to undergo substantial updates and revisions to refine its content and recommendations fully. Therefore, it should not be considered as final or ready for implementation as an official specification at this stage.

Version: beta.2

1. Introduction

The Open Finance UAE ecosystem makes use of chains of certificates and the TLS protocol to guarantee the confidentiality, authentication and integrity of the communication channel used by the APIs of the participating organisations, as well as the customers of each of the participants.

...

The certificate issuing and revocation processes, the practices, availability , and values can be found on the Open Finance UAE Certificate Practice Statement < Include Link Once Issued >. http://repository.pki.openfinance.ae

2.1 Certificate Types

The Open Finance UAE Ecosystem supports four types of certificates, differentiated by their use cases: two are designed for digital signatures and the other two are for mutual TLS (mTLS) authentication.

...

Distinguished Name : C=AE, O=Open Finance UAE, OU=Open Finance UAE Production Trust Framework, CN= Open Finance UAE Production Root CA - G1

< Include Link to Intermediate CA JWKS once issued >.

< Include Link to intermediate CA OCSP responder and CRL list >The Issuing CA Certificate in PEM Format can be reached at : http://crl.pki.openfinance.ae/issuer-ca.pem

The Issuing CA OCSP can be reached at : http://ocsp.pki.openfinance.ae

The Issuing CA CRL can be reached at : http://crl.pki.openfinance.ae/issuer.crl

The following root certificate authority will be used on the Trust Framework :

Distinguished Name : C=AE, O=Open Finance UAE, OU=Open Finance UAE Production Trust Framework, CN= Open Finance UAE Production Issuing CA - G1

< Include Link to Root CA JWKS once issued >. The Root CA Certificate in PEM Format can be reached at : http://crl.pki.openfinance.ae/root-ca.pem

All intermediate and root issuers will use the following algorithms:

...

Distinguished Name : C=AE, O=Open Finance UAE, OU=Open Finance UAE Sandbox Trust Framework, CN= Open Finance UAE Sandbox Root CA - G1

< Include Link to Intermediate CA JWKS once issued >.

< Include Link to intermediate CA OCSP responder and CRL list >The Issuing CA Certificate in PEM Format can be reached at : http://crl.sandbox.pki.openfinance.ae/issuer-ca.pem

The Issuing CA OCSP can be reached at : http://ocsp.sandbox.pki.openfinance.ae

The Issuing CA CRL can be reached at : http://crl.sandbox.pki.openfinance.ae/issuer.crl

The following root certificate authority will be used on the Trust Framework :

Distinguished Name : C=AE, O=Open Finance UAE, OU=Open Finance UAE Sandbox Trust Framework, CN= Open Finance UAE Sandbox Issuing CA - G1

< Include Link to Root CA JWKS once issued >. The Root CA Certificate in PEM Format can be reached at : http://crl.sandbox.pki.openfinance.ae/root-ca.pem

All intermediate and root issuers will use the following algorithms:

...

Certificate Type

Key Usage

Extended Key Usage

OPF UAE SERVER SIGNING

"digital signature", "data encipherment", "key encipherment", "key agreement"

N/A

OPF UAE SERVER TRANSPORT

"digital signature", "key encipherment", "key agreement"

"server auth"

OPF UAE SERVER ENCRYPTION

"key encipherment", "data encipherment"

N/A

OPF UAE CLIENT SIGNING

"digital signature", "data encipherment", "key encipherment", "key agreement"

N/A

OPF UAE CLIENT TRANSPORT

"digital signature", "key encipherment", "key agreement"

"client auth"

OPF UAE SERVER CLIENT ENCRYPTION

"key encipherment", "data encipherment"

N/A

...