Security

Minimum TLS Requirements

OneID requires TLS 1.2 as a minimum. Our SSL Policy follows the “Restricted profile” within Google Cloud Platform.

JWT Signing

OneID signs JWTs e.g. id_token, we use the PS256 algorithm. Our JWK can be obtained from the jwks_uri in our OIDC Configuration URLs .

Bank Security

Banks (and more generally “Payment Service Providers”) have to meet certain standards and rules set by regulators. For OneID the most relevant rules are the following:

SCA requires the banks provide a robust method to confirm the identity of their customers. This ties in with PSD2 and Open Banking as the banks must also provide customers with secure methods for sharing information with digital services such as OneID.