Open Standards, Open Finance, Open Source
Client Initiated Backchannel Authentication This specification supports decoupled authorisation flows, for example allowing a smart phone to be used to authorise a payment at a point of sale device.
Financial Grade API - 1.0 and 2.0. This is a suite of API security profiles originally set-up to support "Open Banking" use cases, but that have now been adopted more widely.
OAuth 2.0 Pushed Authorization Requests This specification was inspired by earlier work in the FAPI WG and supports a more secure way of setting up an OAuth redirect flow.
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens. This specification allows the use of mutual TLS in OAuth 2.0 deployments.
Web-service-based application programming interface (WAPI) in financial services. This ISO standard provides guidelines for those implementing Financial APIs. I contributed the security section.
OAuth 2.0 Rich Authorization Requests. Inspired by the use of payments with OAuth 2.0, this specification provides a way for complex authorisation data to be conveyed from the Client to the AS.
PDI - Minimal Promise based Dependency Injection framework This is a simple library that provides a powerful abstraction for dealing with dependency injection both for system start up and for complex async tasks.
Backbone Query. An older library written for the Backbone JS framework that kickstarted the SPA ecosystem.
Query Predicate. A functional library that creates predicate functions from MongoDB queries.