Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version 12

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After a certain period, some consumers may prefer to revoke the consents they consents/sharing arrangements they granted the Data Recipients to access account data. In WSO2 Open Banking, you can manage and revoke these consents/sharing arrangements as follows:

...

Note

The consent management dashboards comply with the Consumer Experience (CX) Standards and CX Guidelines in the Consumer Data Standards.

...


Revoking consents

...

/sharing arrangements by consumers

Tip
titleBefore you begin:

Configure the Consent Management application to try out the Consent Manager Portal.

Expand
titleClick here to see how to configure Consent Management application

WSO2 Open Banking solution includes consent revocation apps that support bank customers (PSUs) and banks (ASPSPs) to revoke consents/sharing arrangements. The consent revocation app provided to PSU is known as Self-care portal and the consent revocation app provided to ASPSP is known as Customer Care portal

In order to manage the consents granted to a Third-Party Provider using the Self-care portal,  do the following configurations. 

Multiexcerpt
MultiExcerptNameConfiguringConsentManagementApplication
  1. Go to the Identity and Access Management Console at https://<WSO2_OB_IAM_HOST>:9446/carbon.
  2. On the Main tab, click Home > Identity > Service Providers > Add.
  3. By default, the mode is set to Manual Configuration. Leave it as it is.
  4. Enter consentmgt as the Service Provider’s name. 
  5. Click Register.
  6. Click Inbound Authentication configuration > OAuth/OpenID Connect configuration > Configure.

  7. Set the values for the following parameters and keep the default value for the other parameters.

    ParameterValue
    OAuth Version2.0
    Allowed Grant Type

    code

    Callback URL

    The first and second URLs are respectively; redirect and logout URLs.

    Regex-based consumer URLs are supported when defining the callback URL. This enables you to configure multiple callback URLs for one application by entering a regex pattern as the value for the callback URL field.

    You must have the prefix regexp= before your regex pattern. To define a normal URL, you can specify the callback URL without this prefix.

  8. Click Add.

    The OAuth client key/client ID and OAuth client secret are generated. Those are used in the section.

  9. Open the < WSO2_OB_IAM_HOME>/repository/deployment/server/jaggeryapps/consentmgt/configs/conf.json  file and modify the following parameters:

    ParameterDescription

    apimHost

    		Hostname of the API Management server

    applicationId

    		OAuth Client Key generated in the above step
    authCredential

    Base64 encoded CLIENT_ID:CLIENT_SECRET value (in the given format). 

    For example, 

    Values to encodeBase64 encoded value

    Y2VuZFhvTTJ5U0RtMndQU1FXdGxSejMzTjdFYTpJMjZlN3kxODlUbnQ0czkybmh3NFV4NUhxaDBh

    redirectUrl

    		The URL you are redirected to when you log in to the application.

    logoutUrl

    		The URL you are redirected to when you log out from the application.
    DeployedSpecificationPossible values are UK, BERLIN, AU, and STET. By default, the value is set to UK.

    ClientIDAndSecret

    Given below is a sample file for the Australian specification:



...

  1. Go to the Consent Manager portal at https://<WSO2_OB_IAM_HOST>:9446/consentmgt.

  2. Enter the username and password provided by the bank. Click Continue.

  3. In the Consent Manager portal's home page, you can view a list of consents/sharing arrangements you have granted access to account information.
    Their status is displayed to the right of the selected CDR Arrangement ID. Available statuses are Rejected, Awaiting authorisation, Authorised, and Revoked.

  4. Select a CDR Arrangement ID to view its details. 

    A consumer can grant permissions to these sharing arrangements. 

    Expand
    titleClick here to see the available permissions.

    The table below defines the available permissions with the corresponding authorisation scope and the actual data the consent has access to.

    Permission nameAuthorisation scopeData
    Organisation profilecommon:customer.basic:read
    • Agent name and role
    • Organisation name
    • Organisation numbers (ABN or ACN)
    • Charity status
    • Establishment date
    • Industry
    • Organisation type
    • Country of registration
    Organisation contact detailscommon:customer.detail:read
    • Organisation address
    • Mail address
    • Phone number
    Organisation profile and contact detailscommon:customer.detail:read
    • Agent name and role
    • Organisation name
    • Organisation numbers (ABN or ACN)
    • Charity status
    • Establishment date
    • Industry
    • Organisation type
    • Country of registration
    • Organisation address
    • Mail address
    • Phone number
    Account name, type and balancebank:accounts.basic:read
    • Name of account
    • Type of account
    • Account balance
    Account numbers and featuresbank:accounts.detail:read
    • Account number
    • Interest rates
    • Fees
    • Discounts
    • Account terms
    • Account mail address
    Account balance and detailsbank:accounts.detail:read
    • Name of account
    • Type of account
    • Account balance
    • Account number
    • Interest rates
    • Fees
    • Discounts
    • Account terms
    • Account mail address
    Transaction detailsbank:transactions:read
    • Incoming and outgoing transactions
    • Amounts
    • Dates
    • Descriptions of transactions
    • Who you have sent money to and received money from; (For example, their name, BSB, account number)
    Direct debits and scheduled paymentsbank:regular_payments:read
    • Direct debits
    • Scheduled payments
    Saved payeesbank:payees:readNames and details of accounts you have saved (For example, their BSB and Account Number, BPay CRN and Biller code, or NPP PayID)

  5. If the consumer wants to stop the sharing arrangement with the Data Recipient, click Stop sharing.
      

  6. Optionally, you can enter a reason for the revocation.

    Tip

    Revocation reasons help you to find more information later. It is not mandatory to provide a reason for revocation.

  7. Click Revoke to confirm the revocation. 

  8. The status of the CDR Arrangement ID is now changed to Revoked.  

...

Revoking consents

...

/sharing arrangements by Customer Care Representatives

The WSO2 Open Banking Customer Care portal enables the Customer Care Representatives to revoke the sharing arrangement on behalf of the consumers.

...