/
Release Notes

This space is deprecated and no longer supported. Please use the latest available version here.

Release Notes

Owned by Alexandros Dimitrakoudis
Last updated: 27 Apr 2024 by Chris Michael
2 min read

This is a draft of the UAE Open Finance Standards. It is intended for review only, not for implementation.

 

What's new?

New functionality has been added in relation to the following:

  • Business rules and API specifications for International Payments. Please be aware that the current API specification does not allow for a TPP to access an FX rate prior to the user authentication. Although this functionality is included in the business rules for now, its implementation is under consideration and subject to further industry engagement.

  • Business rules and data model for retail motor insurance use cases.

  • Centralized (Federated) Authentication and Authorization.

What’s changed ?

Since the previous draft, the following elements have been updated:

  • Business rule changes to support Variable Beneficiaries for Multi-Payments.

  • Consent States - How consent moves between these states in its lifecycle.

  • We have redacted Decoupled CIBA as an Authentication/Authorization Model.

API Specification Change Log

Service initiation

  • Moving to new versioning standard v1.0-draft2

  • Clarified in Swagger that the ConsentId is generated by the TPP

  • Added the definition of the OBServiceInitiationAuthorizationDetail object - to document the PAR request object in the authorization_details field

  • Added MobileNumber into the Account Identification - as it’s required for IPP payments

  • Renamed PaymentStatus and ConsentStatus to Status - to align with the Account Information standard

  • Updated the Consent State model

  • Added a new OBLongLivedPaymentConsent object to replace the different multi-payment consent types - this simplifies the number of ways of constructing a long-lived payment consent; also included are updates to include Currency into the long lived consent control parameters

  • Added Permissions array into the payment consent object - so that a TPP can perform a balance check against an account

  • Moved the Initiation details - the account identifiers for a payment - into the PersonalIdentifiableInformation JWE

  • Moved the Risk object into the PersonalIdentifiableInformation JWE

  • Removed the AuthorizerName from the MultipleAuthorizers object - so that we can be compliant with not storing PII data

  • CurrencyRequest object which will allow Users to agree with a TPP a non-local currency FX payment consent

  • New Charges and ExchangeRate objects in the consent response from the LFI - so that the LFI can communicate back the relevant charges that have been agreed with the User, and the ExchangeRate information that will be applied

Bank Data

  • Moving to new versioning standard v1.0-draft2

  • Clarified in Swagger that the ConsentId is generated by the TPP

  • Added the definition of the OBAccountAccessAuthorizationDetail object - to document the PAR request object in the authorization_details field

  • A new IsIslamic flag into the Product endpoint

  • GeoLocation field in the Transactions endpoint

  • A new Consents endpoint /accounts/{AccountId}/consents - so that a TPP can agree viewing all account access consents with all other TPPs

  • Enforced TotalPages for Meta

  • Aligned RevokedBy

  • Added the BaseConsentId - so that we can track updates to consents via a BaseConsentId (in the same way we do for payment consents)

  • Added Account Access Consents retrieval endpoint - using the BaseConsentId

What's to come?

Future drafts will include some/all of the following functionality:

  • Refunds functionality

  • Fast-track Single Immediate Payments

  • Request to Pay

  • Enhanced Product data

  • Balance Checks

  • Delegated Authentication

  • Bulk/Batch Payments

 

 

 

 

© CBUAE 2024
Open License and Contribution Agreement | Attribution Notice