Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Standards for the AA Ecosystem
Attribution: Challiyan at Malayalam Wikipedia
DigiSahamati Foundation is an Industry Alliance for the AA Ecosystem
Registered as a Section 8 Company (Not for Profit)
Ke...
PRESENCE-LESS LAYER
Aadhaar Authentication
Aadhaar e-KYC
Unique digital biometric identity with open
access of nearly a Bi...
The Account Aggregator
will facilitate consented sharing of financial information in real-time
Bank
Mutual Fund
House
Insu...
The data-sharing experience of tomorrow
Easy UX, accessible to most people, and with auditable consent
The Citizen Experience
Regulatory Standards
Consent Revocable, given to regulated entities or “to oneself”
Identity Pseudo...
ORGANS Principles
Open
Revocable
Granular
Auditable
Notice
Secure
<consentcollector> CC </consentcollector>
<dataconsumer>...
The FIP Experience
Regulatory Standards
Identity services (ID proofing, authentication,
attribute collection)
Federated th...
FIP as Relying Party; AA as ID Service Provider
The FIU Experience
Regulatory Standards
Data attributes Standardized across 20+ FI types
Data security Source encryption u...
The AA Experience
Regulatory Standards
Charter Only consent-management, data-blind,
decryption of data on device allowed
A...
All Participants
Market Standards
Interoperability guarantee Certification Framework
API security Authentication Token, au...
The First Wave
AA
FIP/FIU
Photo by Rhythmic Creations on Unsplash
THANK YOU
Vamsi Madhav
vamsi@sahamati.org.in
https://sahamati.org.in
+91-98806-80383
apidays LIVE India - Standardising financial account aggregation by Vamsi Madhav, DigiSahamati
Nächste SlideShare
Wird geladen in …5
×

apidays LIVE India - Standardising financial account aggregation by Vamsi Madhav, DigiSahamati

apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021

Standardising financial account aggregation
Vamsi Madhav, Head of Products and Standards at DigiSahamati

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

apidays LIVE India - Standardising financial account aggregation by Vamsi Madhav, DigiSahamati

  1. 1. Standards for the AA Ecosystem Attribution: Challiyan at Malayalam Wikipedia
  2. 2. DigiSahamati Foundation is an Industry Alliance for the AA Ecosystem Registered as a Section 8 Company (Not for Profit) Key goals: ● ADOPT: Drive Awareness & impactful adoption of AA ● ORCHESTRATE: Fair playground via Standards, Certification, Code of Conduct ● INNOVATE: Raise the bar via Collective Innovation
  3. 3. PRESENCE-LESS LAYER Aadhaar Authentication Aadhaar e-KYC Unique digital biometric identity with open access of nearly a Billion users CONSENT LAYER Data Empowerment and Protection Architecture (DEPA) - -AA, PCR Provides a modern privacy data sharing framework PAPERLESS LAYER E-sign, Digital Locker Rapidly growing base of paperless systems with billions of artifacts CASHLESS LAYER AEPS, APB, and UPI, e-Lien Game changing electronic payment systems and transition to cashless economy SUBSIDIES (DBT) COMMERCE (GST) BILLS (BBPS) OTHERS Health Stack I N D I A S T A C K TOLLS (ETC) JAM Jan Dhan, Aadhaar, Mobile India Stack at a Glance
  4. 4. The Account Aggregator will facilitate consented sharing of financial information in real-time Bank Mutual Fund House Insurance Provider Tax / GST Platform Flow-Based Credit Personal Finance Management Wealth Management Robo Advisors Financial Information Providers Financial Information Users Consent Manager (Account Aggregator) 5 Request for Data Consent to Share Encrypted Data Flow E2E Encrypted Data Flow based on User Consent Data Access Notifications Consent to share data Request for Data Through Open APIs Electronic Consent Artefact by MeitY Registry
  5. 5. The data-sharing experience of tomorrow Easy UX, accessible to most people, and with auditable consent
  6. 6. The Citizen Experience Regulatory Standards Consent Revocable, given to regulated entities or “to oneself” Identity Pseudonymous, minimally required verifiable attributes Privacy and security Data-blind AAs, FIU-blind FIPs Convenience UPI-like, multi-interface Market Standards Trust Certifications (security, privacy) Consent UX Nudges, notifications Reliability Perceived SLAs, grievance redressal
  7. 7. ORGANS Principles Open Revocable Granular Auditable Notice Secure <consentcollector> CC </consentcollector> <dataconsumer> DC </dataconsumer> <dataprovider> DP </dataprovider> <user type=”Aadhaar”> 123412341234 </user> <datatype type=”transactional”> <attribute-list> … </attribute-list> <duration> 6 months </duration> <datalife> 10 days </datalife> <frequency> YEARLY </frequency> <revocable> YES </revocable> <access>READ| STORE| QUERY </access> </datatype> <datatype type=”profile”> </datatype> <loggingInfo> … </loggingInfo> <purpose code=””> LOAN </purpose> <signature> #@%%#@$$##$@ </signature> Identifier Section Data Section Logging Section Signature Section Purpose of Data Access Electronic Data Consent gives meaningful privacy choices & answers “Why?” 8
  8. 8. The FIP Experience Regulatory Standards Identity services (ID proofing, authentication, attribute collection) Federated through AAs, own choice of identifiers (mobile, mobile+dob, e.g.) Data security Forward-secrecy, end-to-end encryption APIs (account discovery, linking, consent-flow, data-sharing, heartbeat) Standardized, best-practices-driven (architecture, security, evolution) Connectivity to AAs Obligatory by default Market Standards Scope of participation FI types, Account Types
  9. 9. FIP as Relying Party; AA as ID Service Provider
  10. 10. The FIU Experience Regulatory Standards Data attributes Standardized across 20+ FI types Data security Source encryption using a shared secret, data- blind AAs APIs (Consent notification, data notification) Standardized, best-practices-driven Data attributes Standardized across FI types Market Standards Customer Experience Market-driven branding, security guidelines for embedding AA journeys Data Governance Confidential Computing, Responsible AI
  11. 11. The AA Experience Regulatory Standards Charter Only consent-management, data-blind, decryption of data on device allowed APIs (consent flow, data flow, notifications) Standardized, best-practice driven AA customer experience Discovery, linking, consent management - only in AA Domain (not FIU or FIP) Market Standards Customer Onboarding experience No KYC, custom UX FIU relationships Pricing AA client interface features Consent UX, privacy features, data-sharing features
  12. 12. All Participants Market Standards Interoperability guarantee Certification Framework API security Authentication Token, authorisation controls Connectivity to AAs Discoverability through a central registry SLAs Response times (FIP-AA, AA-FIU), uptime Economic incentives Value-based pricing (FIU/customer), Compensation-for-work-done (FIP) Dispute Resolution ODR, API-driven (future)
  13. 13. The First Wave AA FIP/FIU Photo by Rhythmic Creations on Unsplash
  14. 14. THANK YOU Vamsi Madhav vamsi@sahamati.org.in https://sahamati.org.in +91-98806-80383

    Als Erste(r) kommentieren

apidays LIVE India 2021 - Connecting 1.3 billion digital innovators May 20, 2021 Standardising financial account aggregation Vamsi Madhav, Head of Products and Standards at DigiSahamati

Aufrufe

Aufrufe insgesamt

5.269

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

28

Befehle

Downloads

23

Geteilt

0

Kommentare

0

Likes

0

×