Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

 MENU

Author

Chris Michael Ed Colley Anthony Jones

Version

1.0

Date

Classification

Public

1. Introduction

This Certification Framework is designed to ensure that LFIs and TPPs provide Open Finance solutions which are in strict conformance to the Open Finance Standards.

  • For LFIs, this is to ensure that the APIs they expose are consistent and thereby to remove the complexity and friction for TPPs in connecting to LFIs and consuming these APIs.

  • For TPPs, this is to ensure that they connect correctly to the APIs exposed by LFIs and thereby to reduce (and where possible remove) the possibility of TPPs raising complaints or disputes against LFIs regarding the consistency of their API implementations.

Wherever possible, the Open Finance Platform (OFP) will enforce conformance and reduce the ‘burden’ of certification activity, especially for LFIs.

The requirements below set out what each LFI and TPP must do in order to test and apply for certifications in order to prove their conformance.

2. LFI Certification

LFIs will:

be required to obtain the relevant certifications (as set out below) prior to Go Live for each version of the Standards;

be required to obtain a separate certification for each separate set of infrastructure (e.g. in cases where

be required to renew their certification every time they introduce any new version of the Standards and/or every time they make any ma

Be required to renew their certification from time to time at the discretion of the CBUAE

Be subject to ongoing monitoring and enforcement action by the CBUAE in case of changes which would rended

Certification will be a requirement of the ‘Go Live’ process for each LFI. Specifically, LFIs will be required to obtain the

2.1 LFI FAPI Certification

The OpenID Foundation (OIDF) have developed a tool (Security Compliance Engine) for testing and certifying the security scope of Authorization Servers (OpenID Providers - OPs) and Data Receiving Applications (Relying Parties - RPs). This tool is currently being enhanced by the OIDF to include a set of Financial Grade API (FAPI) 2.0 security tests in accordance with the security profile set out in the CBUAE Open Finance Standards.

As and when this is made available, the OFP itself will be certified as an OpenID Provider (OP).

Because the OFP strictly enforces the security profile on behalf of LFIs, there is no need for LFIs to apply for and obtain FAPI certifications directly themselves.

2.2 LFI Functional Certification

TBC

2.3 LFI Customer Experience Certification

TBC

2.4 LFI Operational Certification

TBC

3. TPP Certification

3.1 TPP FAPI Certification

TBC

3.2 TPP Functional Certification

TBC

3.3 TPP Customer Experience Certification

TBC

3.4 TPP Operational Certification

TBC

  • No labels

© CBUAE 2025