Posts

Showing posts from August, 2017

Authorization for a Multi-Cloud System

Image
This is a project design I am currently working on to consume SPIFFE(Secure Production Identity Framework For Everyone) bootstrapped trust and identification to provide authorization in a dynamically scaling, heterogeneous system, inspired by Mr. Prabath Siriwardena from WSO2 and under the supervision of Prof. Gihan Dias from University of Moratuwa. An enterprise system running across multiple clouds, as in the hybrid cloud, is an obvious example that will be benefitted from this. The objective is to open doors for the SPIFFE standard based systems to co-exist with rest of the systems with minimal effort, without compromising on security aspects while having an authorization solution based on SPIFFE.
What is SPIFFE? In brief, it is a trust bootstrapping and identification framework, submitted as a standard and accepted by CNCF(Cloud Native Computing Foundation)[1]. As of now, this standard has two main implementations as SPIRE and Istio[2], a platform that supports service mesh archit…

Regulatory Technical Standard (RTS) for PSD2 SCA in Plain Text

Image
Abbreviations Used with PSD2Payment Services Directive 2 -PSD2Regulatory Technical Standard(RTS)- A recommendation requested by PSD2 as a technical guideline to be compliant with PSD2 Strong Customer Authentication -SCAPayment Service User -PSUAccount Servicing Payment Service Provider (ASPSP) - the existing banksPayment Initiation Service Provider (PISP) - a third party entity or a bank itself that can initiate the payment process Account Information Service Provider (AISP) - a third party or a bank itself which can retrieve PSU's account information may be to show an aggregate view of all accounts. Payment Service Providers issuing card- based payment instruments (PSP) - payment service providers that existed in pre PSD2 era who are doing payments through card networks like VISA or Mastercard. Sometime this is also used to refer all PSPs including PISP and AISP.Common and Secure Communication (CSC) Third Party Payment Service Providers (TPP)Access to accounts - XS2A When addres…

The Role of IAM in Open Banking

This presentation discusses on PSD2 standards in detail with the PISP and AISP flows, the technologies involved around the standard and finally how it can be adopted for Sri Lankan financial market.