Dave Tonge

Open Standards, Open Finance, Open Source

I'm the CTO of Moneyhub, co-chair of the Financial-Grade API Working Group at the OpenID Foundation, and a regular contributor to open standards, open finance, and open source communities.

Dave Tonge

Technical standards

CIBAeditor

Client Initiated Backchannel Authentication — decoupled authorisation flows, for example using a phone to authorise a payment at a point of sale device.

Specification

FAPIeditor

Financial Grade API 1.0 and 2.0 — API security profiles originally for Open Banking, now adopted more widely.

Working group

PAReditor

OAuth 2.0 Pushed Authorization Requests — a more secure way to set up an OAuth redirect flow.

RFC 9126

RFC 8705contributor

OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

RFC 8705

ISO/TS 23029:2020contributor

WAPI in financial services — guidelines for implementing financial APIs. I contributed the security section.

ISO standard

RARcontributor

OAuth 2.0 Rich Authorization Requests — complex authorisation data from client to authorisation server.

RFC 9396

Open source

engine-shellauthor

TypeScript + Rust scaffolding for Wasm engines in Web Workers, CBOR wire encoding, and view-model patches.

Source

wcolauthor

Columnar storage for the browser and native — Parquet-class compression targets with multi-worker analytical queries.

SourceDemo

Mac Agent Cockpitauthor

Mac Tauri app for running multiple Cursor agents via ACP, with a Rust kernel and thin Preact UI.

Source

Rust Tetrisauthor

Tetris with a Rust/Wasm worker engine and CBOR view-model patches — rules from Redux Tetris.

SourceDemo

rust-weather-spiralauthor

Seasonal weather spiral — Rust/Wasm engine, offline Open-Meteo data, canvas rendering in a worker.

SourceDemo

Query Predicateauthor

Predicate functions from MongoDB-style query documents.

Source

Redux Tetrisauthor

Tetris with Ramda, Redux, and React in a point-free functional style.

SourcePlay

React Spiralauthor

Spiral chart component for React — D3 for layout, React for rendering.

SourceDemo

PDIauthor

Minimal promise-based dependency injection for system startup and complex async tasks.

Source

Ramdacontributor

Several methods in this popular functional toolkit for JavaScript.

Ramda

Technical writing

Systems notes on performance, browser data, compression, and architecture — with interactive demos where they help.

Open finance

  • FAP WG Co-Chair, MODRNA WG Co-Editor
  • Technical Adviser
  • FAPI Liaison Officer & First Fintech Rep
  • TISA Open Savings & Investment Technical WG

Trade bodies & regulators

  • I sat on the FCA PSD2 Stakeholder Group
  • I represented OpenID and FDATA in consultations with the EBA
  • UK expert on ISO TC69 SC9

Talks

  • Identiverse

    Washington, USA

    CIBA — Pay with your phone

    Video

  • Financial APIs Workshop

    Tokyo, Japan

    The Great British Client Bake Off

    SlidesConference

  • 3rd OAuth Security Workshop

    Trento, Italy

    Decoupled Flows in OAuth 2.0

    PaperSlidesConference

  • 4th OAuth Security Workshop

    Stuttgart, Germany

    Client Initiated Backchannel Authentication

    SlidesConference

  • API Days

    Remote

    Open Finance — It's already happening

    Slides