This document defines the certification requirements for each of the AA ecosystem members.
Certification Requirement and Scope
To become a part of the Account Aggregator Ecosystem, FIPs, AAs and FIUs need to adhere to Technical Standards prescribed by ReBIT.
The Sahamati Certification Framework comprises a set of tests that all AA ecosystem participants may use, to enable verification of their adherence to the ReBIT-prescribed Technical standards. The scope of coverage of these tests is:
a. API schema conformance
b. FI (Financial information) schema conformance
c. Security specification conformance, specifically in the areas of API access authorisation, non-repudiation and data-in-transit security controls
In addition to the above, the framework also covers tests that verify the integration of AA ecosystem participants’ systems with a Central Registry.
The Central Registry is a common technical service, provided by Sahamati, to all ecosystem participants. The registry offers two key features, that enable seamless interoperability and scalability:
a. An API for accessing information such as endpoint addresses, URLs and public keys of ecosystem participants – this is useful for AAs, FIUs and FIPs to seamlessly discover public information necessary for interoperable communication.
b. An API for getting a short-lived dynamic, API access token, with a set of standardised claims – this is useful for AAs, FIUs and FIPs to authenticate participants connecting to their APIs.
In addition to providing such a conformance assessment framework, Sahamati also empanels organisations that wish to provide independent certification services, to members of the AA ecosystem. Sahamati Certification is offered by the following empanelled certifiers,
| Sl No | Company Name | Contact |
|---|---|---|
| 1 | Aujas Networks | Arvind Kumar arvind.kumar@aujas.com |
| 2 | Fime | Hardik Mirani hardik.mirani@fime.com |
| 3 | Suma Soft | Snehal Basale snehal.basale@sumasoft.net |
The purpose of providing a test framework and empanelling independent certifiers is to ensure the following:
- Enabling AA ecosystem participants to provide technical guarantees of compliance with ReBIT standards, to both their internal stakeholders as well as to other ecosystem participants
- Enabling independence and impartiality in the process of such a verification, through a set of common certifiers that all ecosystem participants use
- Engendering trust in the ecosystem, in the minds of citizens using the services of AA ecosystem participants
It is highly recommended that AA ecosystem participants make use of the certification framework, as part of their process to be production-ready.