Security

Minimum TLS Requirements

OneID requires TLS 1.2 as a minimum. Our SSL Policy follows the “Restricted profile” within Google Cloud Platform.

JWT Signing

OneID signs JWTs (e.g. id_token), using the PS256 algorithm. Our JSON Web Key (JWK) can be obtained from jwks_uri field in the well-known OpenID configuration. The URLs for these can be found in the Journey API ReferenceAPI.

Bank Security

Banks (and more generally “Payment Service Providers”) have to meet certain standards and rules set by regulators. For OneID the most relevant rules are the following:

SCA requires the banks provide a robust method to confirm the identity of their customers. This ties in with PSD2 and Open Banking as the banks must also provide customers with secure methods for sharing information with digital services such as OneID.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Testing

@Copyright OneID Limited 2024

On This Page
SecurityMinimum TLS RequirementsJWT SigningBank Security