Authlete, the BaaS provider for API authorization, today announced new capabilities in its services to enable enterprises to build authorization servers that support CIBA. CIBA is a new specification that is expected to be adopted by the financial industry in both the UK and Australia. The new version is ready for use as a secure authorization server and identity provider backend. Authlete is the first provider to make an implementation of CIBA available ready for deployment.
Authlete, BaaS for API authorization, allows developers to implement secure authorization servers and identity providers quickly by providing the logic and functions of OAuth 2.0 and OpenID Connect through its APIs. Authlete only focuses on the authorization functions; customers thus can use authentication and API management solution of their choices.
<img src="/img/news/authlete_flow.png" class=“mx-auto d-block” style=“width: 100%; max-width: 760px;” alt=“authlete flow diagram” />
Enterprises today require more flexible but robust IT systems to support the increasing business demands of better customer experience (CX) with higher security. With this trend, today’s announcement includes the major upgrade of the Authlete APIs that newly support CIBA Core, Client Initiated Backchannel Authentication Flow - Core 1.0.
CIBA Core is a new specification approved as an implementer’s draft on Feb 4th, 2019 by MODRNA Working Group within the OpenID Foundation. This specification adds new authentication and authorization flows, which are categorized as “decoupled flow”, compared to the traditional OAuth “redirect flow”. The decoupled flow offers service providers new ways of obtaining an end user’s consent that can significantly improve the CX. The following use cases are examples of using this new specification.
<img src="/img/news/ciba_pr_english.png" class=“mx-auto d-block” style=“width: 100%; max-width: 760px;” alt=“ciba use cases” />
From the 2010s retail companies have tried to integrate their online and offline store into a single retail store, which is called bricks-and-clicks strategy. This concept expands into non-retail industries with the aid of advancing mobile payment systems and IoT technologies. Authlete will help enterprises merge online with offline and provide better CX to their customers with open but secure protocols defined in CIBA.
fintechlabs.io, who are developing the FAPI-CIBA conformance suite on behalf on UK’s Open Banking, have been using FAPI and CIBA-ready Authlete to develop the new tests, and confirmed that Authlete is the first provider to pass an early version of the test. The conformance test will be adopted as part of the OpenID Foundation’s certification program for testing authorization servers that support OAuth 2.0 and OpenID Connect.
Authlete is keen to encourage early, interoperable and wide adoption of the CIBA standards, and to aid the community. Authlete has launched a cloud-hosted testing environment available to developers who want to add CIBA support to their OAuth / OpenID Connect client libraries and applications. Please contact firstname.lastname@example.org to get access.
The Authlete OAuth 2.0 and OpenID Connect solution enables organizations to build secure application services and APIs more easily and quickly. Relying on Authlete to provide critical security functions, developers can focus on building more powerful applications and delivering them to market more quickly.
Leveraging Authlete’s dedicated solution, developers can save weeks or months implementing and maintaining authorization functions. Organizations can ensure that they accurately implement authorization standards, and they stay up-to-date as the standards evolve
The Authlete solution has been implemented by companies from all over the world, including financial institutions, health care providers, government and other companies running applications deployed to millions of users and generating a high volume of API calls.
Authlete Inc., based in Tokyo and London is comprised with a team of experts, with a wealth of experience specialized in authorization related to security and identity management who are actively involved in providing specifications of open standards serving a variety of industries, such as UK Open Banking.