Consent Management 2.0
Consent management authorizes a Third-Party Provider (TPP) to access specific resources of a corporate at a Financial Institution (FI). The process to establish consent between a corporate user (Resource Owner) and a bank (Resource Server) is based on the standard OAuth 2.0 authorization code flow with response_type=code as defined in IETF reference. Service Providers and Clients (TPPs) must support access via a bearer token and refresh tokens in order to successfully execute the authorization code grant flow.
Consent Management 2.0 with CaaS
Via consent as a service, SIX offers the Service User to hold the Service Provider token in a token store operated by SIX in accordance with the specifications of the participation agreement (CaaS). The participant’s use of CaaS causes the participant and its customer to be authenticated by SIX for each service call request. After successful authentication, SIX forwards the service call request with the provider token to the Service Provider on behalf of the participant.