Skip to Content
Whole SectionText only Print Print Manager Link

GR-6.4.2

Conventional retail bank licenseesG should consider the following standards or protocols:

(a) Representational State Transfer (REST) and Simple Object Access Protocol (SOAP) are two common communication protocols in use for Open APIs. Under these respective communication protocols, data formats of JavaScript Object Notation (JSON) and eXtensible Markup Language (XML) are usually used. Due to their practicality and wide acceptance by the industry, REST is recommended as the communication protocol and JSON as the data format.
(b) Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.
(c) X.509 public key infrastructure (PKI) standard is required to be maintained by PISPs, AISPs, Conventional retail bank licenseesG , and PSPs to ensure that product and service information is extracted from genuine sites.
(d) Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites may use TLS to secure all communications between their servers and web browsers and to provide integrity checking and encryption protection to the data being transmitted.
(e) OAuth 2.0 provides specific authorization flows for web applications, desktop applications, mobile phones, and smart devices and shall be considered for use alongside TLS.
(f) JSON Web Token (JWT) provides a lightweight and autonomous mechanism for secure transfer of information between parties as a JSON object. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
Added: December 2018
 Versions
(1 Version)
 
Dec 1 2018 onwards
Back to top