CIBAeditor
Client Initiated Backchannel Authentication — decoupled authorisation flows, for example using a phone to authorise a payment at a point of sale device.
Dave Tonge
Open Standards, Open Finance, Open Source
I'm the CTO of Moneyhub, co-chair of the Financial-Grade API Working Group at the OpenID Foundation, and a regular contributor to open standards, open finance, and open source communities.
Technical standards
I'm the editor or contributor to a number of widely used RFCs and OpenID standards relating to API security, OAuth, and financial-grade API access.
FAPIeditor
Financial Grade API 1.0 and 2.0 — API security profiles originally for Open Banking, now adopted more widely.
PAReditor
OAuth 2.0 Pushed Authorization Requests — a more secure way to set up an OAuth redirect flow.
RFC 8705contributor
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.
ISO/TS 23029:2020contributor
WAPI in financial services — guidelines for implementing financial APIs. I contributed the security section.
RARcontributor
OAuth 2.0 Rich Authorization Requests — complex authorisation data from client to authorisation server.
Technical writing
Standards guidance, systems notes, and long-form writing on open finance, performance, and architecture — with interactive demos where they help.
Beautiful abstractions: functional Tetris
Redux, Ramda, and a reducer that reads like the game rules
Make TypeScript Boring
Rust/Wasm as an application kernel for serious SPAs
Fast enough to change the architecture
LZ4, numeric arrays, and the forgotten art of cheap CPU
Open Banking, Open Data and Financial-grade APIs
OpenID Foundation whitepaper — lead editor
Open source
Libraries and demos spanning functional JavaScript, browser architecture, and Rust/Wasm — from early SPA tooling to recent engine-shell experiments.
engine-shell
TypeScript + Rust scaffolding for Wasm engines in Web Workers, CBOR wire encoding, and view-model patches.
Mac Agent Cockpit
Mac Tauri app for running multiple Cursor agents via ACP, with a Rust kernel and thin Preact UI.
rust-weather-spiral
Seasonal weather spiral — Rust/Wasm engine, offline Open-Meteo data, canvas rendering in a worker.
Redux Tetris
Tetris with Ramda, Redux, and React in a point-free functional style.
wcol
Columnar storage for the browser and native — Parquet-class compression targets with multi-worker analytical queries.
Rust Tetris
Tetris with a Rust/Wasm worker engine and CBOR view-model patches — rules from Redux Tetris.
Query Predicate
Predicate functions from MongoDB-style query documents.
React Spiral
Spiral chart component for React — D3 for layout, React for rendering.
PDI
Minimal promise-based dependency injection for system startup and complex async tasks.
Ramdacontributor
Several methods in this popular functional toolkit for JavaScript.
Open finance
Work across OpenID working groups, open banking initiatives, and industry forums shaping how financial APIs are built and adopted.
FAP WG Co-Chair, MODRNA WG Co-Editor
Technical Adviser
FAPI Liaison Officer & First Fintech Rep
TISA Open Savings & Investment Technical WG
Trade bodies & regulators
Representation in consultations with regulators and standards bodies on PSD2, open finance, and financial API security.
I sat on the FCA PSD2 Stakeholder Group
I represented OpenID and FDATA in consultations with the EBA
UK expert on ISO TC69 SC9
Talks
Conference talks and workshops on OAuth security, decoupled authorisation flows, and open finance — mostly from the era when these ideas were still being argued about in rooms.
CIBA — Pay with your phone
The Great British Client Bake Off
Decoupled Flows in OAuth 2.0
Client Initiated Backchannel Authentication
Open Finance — It's already happening