MANTL runs on a modern, cloud-based, microservices architecture. Our APIs serve JSON and XML interfaces over HTTP(S). By supporting protocols such as SAML 2.0 and OIDC (OAuth 2.0), we help to facilitate data democratization and promote next-generation Open Banking ecosystems.
Which protocol should I use?
MANTL has implemented proven, common, and popular identity protocols to provide freedom and flexibility to choose the one that best meets your business needs.
- Choose SAML if you are running a legacy system that already supports SAML, or your organization prefers the XML-based standard.
- Choose OIDC if you have a modern technology stack that can support the OAuth 2.0 protocol. Like SAML, it can be used to share identity information cross-domain but has the optional benefit of a pull-based model.
SAML 2.0
SAML 2.0 is an XML-based protocol that provides both authentication and authorization between an Identity Provider (IdP) and a Service Provider (SP). MANTL can be configured to operate in either role.
Trust is established through the exchange of XML Entity Descriptors, which contain public signing and encryption certificates. Messages are encrypted and then signed using these certificates to allow each party to cryptographically verify that the message hasn't been tampered with and ensures its contents can only be read by the intended party.
SAML is proven, powerful, and flexible. One of the most compelling reasons for adopting SAML would be the use of Identity Federation (I.E seamless sign-on). The customer is never interrupted, unless the identity provider deems it necessary to challenge them for a password when executing sensitive operations.
For more information on protocol standards, click here.
For a PDF of the SAML Metadata Specifications, click here.
OICD (OAuth 2.0)
OpenID Connect is an authentication protocol based on the OAuth 2.0 specification and is the standard that the UK Open Banking Ecosystem has chosen to build on. It uses JSON Web Tokens (JWT) delivered via the OAuth 2.0 protocol. Once a token is acquired through an authentication flow, it can be used to access resources and information on behalf of the customer it was minted for. These tokens are exchanged over a back-channel (server-to-server), which mitigates many common security flaws in other means of authentication. JWT tokens are also signed using JSON Web Keys (JWKs) that provide the same level of signature verification as SAML.
This can be an ideal solution when your system wants to pull information from MANTL to automatically enroll a user in OMB.
For more information on OICD, click here.