Open Banking in Canada:
What You Need to Know

  • Increased customer satisfaction: Customers can access their financial information from a variety of third-party apps and services, which can make it easier for them to manage their finances.
  • Improved customer engagement: Customers are more likely to do business with financial institutions that offer open banking, as it gives them more control over their financial information.
  • Increased revenue: Financial institutions can generate new revenue streams by partnering with third-party companies to offer new products and services to their customers.

Gluu’s open banking distribution provides the streamlined core to your open banking needs.

Our open banking solution is trimmed down to increase performance and reduce the security surface area.

Gluu is the premier choice for your open banking needs, securing your digital transformation 24/7, with support when you need it.

gluu open banking diagram

FAPI and CIBA Certified

Pass your Audit:
FAPI Certified

Gluu is the only Open Banking solution that is certified to conform with the Financial Grade OpenID Provider (FAPI) profile. FAPI is a set of security requirements for OpenID Connect that are designed to protect financial data. Gluu has also submitted more OpenID certification tests than any other vendor.

CIBA Ready

CIBA is an OpenID standard that is used to enable certain out-of-band security use cases, like when a customer speaks with an agent at a call center. It’s critically important for the agent to verify the identity of the person calling, and CIBA provides a solution to use a mobile device to accomplish this.

Gluu is the only open-source implementation to certify against the FAPI CIBA OpenID Provider conformance profile. This means that Gluu is the most secure and reliable solution for CIBA-based authentication.

Flexible Consent Flow

Banks have different ways they may want to handle the consent flow for a transaction. For example, some banks may want to redirect to an internal consent management application and hide all personal information from the third party facing OpenID Provider. Other banks may want to utilize the Gluu Server to present a consent journey, integrating with various backend systems. Gluu supports both approaches, enabling a bank’s product team to specify their preference.

Implement OpenID Connect offline access

The scope value “offline_access” requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User’s User Info Endpoint even when the End-User is not present (not logged in).

This allows third-party companies to provide their customers with a more seamless experience, as they do not need to be logged in to access their financial information.

PSD2 Solution

An online banking application might use the offline_access scope value to allow the user to access their account balance and transactions even when they are not logged in to the application.

This can be useful for users who want to be able to check their account balance or make a payment even when they are not at home or near their computer.

Open Banking Certified Client API

Gluu’s client API (oxd) is a tool that helps you register your OpenID Connect clients and make sure that your service transactions meet the FAPI-CIBA requirements. oxd can dynamically register your client and return an identifier that you need to present in subsequent API calls. 

This makes it easy to get started with OpenID Connect and ensures that your service transactions are secure and compliant.


Pushed Authorization Requests-PAR

PAR is a feature of OAuth 2.0 that allows clients to push the payload of an authorization request directly to the authorization server.

PAR is handled by an additional endpoint of the Authorization Server (AS). Clients POST their authorization parameters to this endpoint, in return the clients get a reference (named as request URI value) that will be used in further authorization requests by the client.

PAR has several benefits over the traditional OAuth 2.0 authorization flow, including:

  • Improved security: PAR allows the client to authenticate with the authorization server before sending the authorization request. This prevents unauthorized clients from sending authorization requests.
  • Reduced latency: PAR eliminates the need for the client to redirect the user to the authorization server. This can improve the user experience by reducing the latency of the authorization flow.
  • Increased flexibility: PAR allows the client to customize the authorization flow. For example, the client can specify the lifetime of the authorization request.

PAR is a powerful feature that can improve the security, performance, and flexibility of OAuth 2.0 authorization flows.

JWT Secured Authorization Response Mode-JARM

JARM is a new JWT-based response mode to encode authorization responses.

JARM is a new way to encode authorization responses in JSON Web Token (JWT) format. This mechanism enhances the security of the standard authorization response since it adds support for signing and encryption, sender authentication, and audience restriction. It also provides protection from replay, credential leakage, and mix-up attacks. It can be combined with any response type.

Here are some of the benefits of using JARM:

  • Improved security: JARM adds support for signing and encryption, sender authentication, and audience restriction. This can help to protect against a variety of attacks, including replay attacks, credential leakage attacks, and mix-up attacks.
  • Reduced latency: JARM can reduce the latency of authorization responses by eliminating the need to redirect the user to the authorization server.
  • Increased flexibility: JARM allows clients to customize the authorization response. For example, the client can specify the lifetime of the authorization response.

JARM is a powerful feature that can improve the security, performance, and flexibility of OAuth 2.0 authorization responses.


Build a Digital Banking Platform with APIs

Canadian banks can transact confidently with their clients using Gluu’s FAPI-CIBA conformant solutions

Gluu’s FAPI-CIBA conformant solutions are open-source and scalable, making them a great choice for Canadian banks looking to improve the security and flexibility of their online banking platforms. Gluu’s solutions can be easily configured to meet the specific needs of each bank, and they can be deployed on-premises or in the cloud.

Here are some of the benefits of using Gluu’s FAPI-CIBA conformant solutions:

  • Security: Gluu’s solutions are FAPI-CIBA conformant, which means they meet the highest security standards for financial services organizations.
  • Flexibility: Gluu’s solutions are open-source and scalable, so they can be customized to meet the specific needs of each bank.
  • Cost-effectiveness: Gluu’s solutions are affordable and easy to deploy, making them a great value for Canadian banks.

If you’re a Canadian bank looking to improve the security and flexibility of your online banking platform, contact Gluu today to learn more about our FAPI-CIBA conformant solutions.


Be Ready for Canada's Open Banking Requirements

Gluu Open Banking Platform: The Secure, Scalable, and Flexible Solution for Canadian Banks

Gluu’s Open Banking Platform is the secure, scalable, and flexible solution that Canadian banks need to comply with new open banking regulations and meet the needs of their customers. Our platform is FAPI-CIBA conformant, so you can be sure that your data is secure. It’s also open-source and scalable, so you can customize it to meet your specific needs. And it’s easy to deploy, so you can get up and running quickly.

To learn more about how Gluu’s Open Banking Platform can help your bank, please fill out the form to talk to an expert.