NewsNews

NewsRSS

Quickly Comply with PSD2

Version 3.3 of the Curity Identity Server is due out later this month and includes new features to make it easy to comply with PSD2 regulations. Specifically, we have added:

  • Support for mutual TLS client authentication and certificate-constrained tokens
  • Wildcard scopes

The former allows a TPP to dynamically register and authenticate to Curity and obtain tokens that are bound to that third-party. These tokens are Proof of Possession (PoP) tokens not bearer tokens. This provides extra security that is required for banking-grade security. The other – wildcard or prefix scopes – allows the TPP to register with a scope like "PIS:" but to include a suffix in the request with any value. This could be something like "PIS:123". This suffix will be presented to the end user for consent purposes and burned into the token.

Combining these features with others will result in a highly secure and PSD2 compliant OAuth implementation. We'll send out more information when the new release is available. In the meantime, keep an eye on the developer portal for the latest docs, releases and tutorials.

Back to news

Next steps

Start Today

Ready to modernize IAM? Build security and improve ease of use to stay ahead of the competition.

Free trial icon representing Start a free trial

Start a Free Trial

Calendar icon representing Schedule a demo

Schedule a demo

User with a computer icon representing Speak to an Identity Specialist

Speak to an Identity Specialist

Book icon representing Explore learning resources

Explore learning resources