About this Release

WSO2 Open Banking provides the technology requirements that banks need to digitally transform and become regulatory-compliant (Payment Service Directive 2 (PSD2), Consumer Data Right (CDR). It combines the technical capabilities of WSO2 API Manager, WSO2 Identity Server, WSO2 Stream Processor, and WSO2 Enterprise Integrator with PSD2 and CDR-specific feature customisations to quickly satisfy open banking requirements. 

For more information on WSO2 Open Banking, see the overview, architecture pages in our documentation and the product page.

What is new in this release

The WSO2 Open Banking version 2.0.0 is the successor of version 1.5.0. It contains the following new features and enhancements:

1. Updates to WSO2 Open Banking Australia
   1. The solution is now compliant with CDS API v1.3.1. It supports the following features:
      
      1. Identifier-first authentication
      2. The Push Authorisation feature 
      3. The throttling feature
      4. Authentication Context Class Reference (ACR) claim support in the authorisation flow
      5. Consumer Data Standards API v1.3.0.0
      6. CDR Arrangement API v1.0.0
   2. The solution is compliant with OpenID Conformance Suite v4.1.1.
2. Updates to WSO2 Open Banking UK
   1. The solution is now compliant with the Open Banking Standard of UK v3.1.5. It supports following UK-specific APIs:
      • Account and Transaction API v3.1.5.
      • Payment Initiation API v3.1.5.
      • Confirmation of Funds API v3.1.5.

      • Event Notifications API v3.1.2.

   2. The solution is compliant with the following conformance test suites:

      Test Suite	Version
      OpenID conformance suite	v4.1.10
      Functional conformance suite	v1.6.7
      Dynamic Client Registration conformance suite	v1.0

3. Updates to the Berlin solution

   1. The solution is now compliant with NextGenPSD2 XS2A Framework v1.3.6. It supports the following features:

      • Support for NextGenPSD2XS2AFramework v1.3.6 API through the following API endpoints. To find out the detailed-list of API endpoints, see API Endpoints for Berlin.

        • Accounts.

        • Card-accounts.

        • Payments.

        • Confirmation of Funds.
      • Extended services for Confirmation of Funds Consent.
      • TPP-Brand-Logging-Information header added to the Account Information and Payment Initiation APIs.
4. Supports Microgateway

WSO2 API Microgateway simplifies the process of creating, deploying and securing APIs within distributed microservice architectures. WSO2 API Microgateway is only available for WSO2 Open Banking Australia.

What has changed in this release

• The solution is based on the WSO2 API Manager 3.1.0 and WSO2 Identity Server 5.10.0 products.
• New configuration model: Allows configuring WSO2 Open Banking with a simplified, centralized configuration model (toml-based configuration). It supports injecting configurations with numerous methods such as environment variables to improve compatibility with various configuration automation tools and cloud-native environments.

• Revamped UIs: WSO2 Open Banking API Publisher Portal and the Developer Portal have been completely redesigned using ReactJS to enhance the user experience.

• React application support for WSO2 Open Banking API Publisher Portal and the Developer Portal to cater to any customer requirement.

Security vulnerability analysis 

Following security vulnerability analysis has been conducted and reports have been generated for the solution:

1. Veracode Scan Reports and Analysis:
   • WSO2 Open Banking Identity and Access Management Scan Report 
   • WSO2 Open Banking API Management Scan Report
   • WSO2 Open Banking Business Intelligence Scan Report 
2.  Qualys Scan Reports and Analysis: 
   • WSO2 Open Banking API Publisher 
   • WSO2 Open Banking Identity and Access Management Management Console
   • WSO2 Open Banking API Management Administration Portal
3. The Open Web Application Security Project (OWASP) Dependency Tracking Analysis

To find more information on the secure software development process that WSO2 Open Banking adheres to, see /wiki/spaces/OB200/pages/48631011.

Removed features and functionalities

Following are the features and functionalities that WSO2 Open Banking 2.0.0 no longer supports:

• PSD2 Data Reporting Tool
• Manual Client Registration 
• Dynamic Client Registration v1.0.0 in WSO2 Open Banking UK
• Support for UK APIs v1.0.0, v1.1.0, and v2.0.0
• Support for Berlin APIs v1.0.0 and v1.1.0
• Support for STET APIs v1.4.0
• Support for CDS APIs v0.95 and v1.0.0
• The following versions of Consent Management APIs:
  • /consent/uk110 and /consent/uk200
  • /consent/berlin110/
  • /consent/stet140

Solution upgrade

To find infrastructure and deployment level information for the solution upgrade, see /wiki/spaces/OB200/pages/48631009.