1. Overview

The UAE Standards will support two approaches of carrying out the authentication procedure of the User, namely redirection and decoupled .

Furthermore the Authenticating Entity(AE) which will authenticate the User using a Multi-Factor Authentication (MFA) can either be the LFI or the LFI could use a trusted partner to authenticate the User on their behalf.

The authentication journeys are categorized based on the device and the application where the consumption of User-facing TPP service and authentication takes place

2. Redirection

The User consumes the User-facing TPP service and authenticates for the OF request with the AE on a separate applications on the same device. The authentication data is exchanged only between User and the AE through the AE and the User-facing TPP has no visibility of this. Redirection uses the principle of deep-linking when the User’s action within the User-facing TPP app/website invokes the AE app/website.

3. Decoupled

The User consumes the User-facing TPP service and authenticates with the AE on separate applications on separate devices. The authentication data is exchanged only between User and AE through the AE application and the User-facing TPP has no visibility of this. A Decoupled experience on the two devices can be achieved by using Redirection where the User uses a deep-link within the User-facing TPP app/website on one device to invoke their AE app/website on another device

Using the Redirection implementation the User-facing TPPs can implement a redirection flow on a single device or a Decouple redirection flow using two devices depending on the customer experience they want to support. A Decoupled Redirection does not require the AE to implement anything in addition to the Redirection flow they will be implementing.

Standards v1.1-final

This space is deprecated and no longer supported. Please use the latest available version here.

Authentication and Authorization

1. Overview

2. Redirection

3. Decoupled