Conceptual development of the Swiss standard for cross-industry customer data exchange
The Open API Customer Relationship implements the Swiss standard for the cross-industry exchange of customer data to establish a self-determined digital customer relationship. The Open API Customer Relationship focuses on service development (onboarding) in a first step; in further expansion stages, maintenance and balancing are also to be taken into account.
Pending: Verification with partners and experts
- Consent Management: GDPR/FADP-compliant consent administration
- Customer Data Exchange: Standardized exchange of basic and extended customer data
- Identification Services: E-ID compatible identity verification
- Background Checks: KYC, AML, PEP and sanction checks
- Signature Services: QES and eSignature integration
- Federated System: Registry for participant management
Pending: Verification with partners and experts
- FAPI 2.0 Security Profile Compliance: Latest security standards for financial services
- OAuth 2.1 / OpenID Connect: Standardized authentication and authorization
- PAR (Pushed Authorization Requests): Secure transmission of authorization parameters
- DPoP (Demonstrating Proof-of-Possession): Token binding for extended security
- Dual Client Authentication: mTLS or private_key_jwt for client authentication
- Enhanced JWT Security: Only PS256, ES256, EdDSA algorithms (FAPI 2.0 compliant)
- Modular Architecture for cross-industry use
- Docker-based Deployment with all services
- Comprehensive Testing Suite
- Production-ready Monitoring & Logging
- Security-by-Design implementation
- Complete Documentation & Developer Guide
Navigation: 📋 Complete Overview
| Conclusion | Description | Status | Target Audience |
|---|---|---|---|
| 01 Market Analysis | Analysis of 8 global Open Banking standards | ✅ Complete | Strategy, Product Management |
| 02 Requirements | Business Requirements and Use Cases | ✅ Complete | Product Management, Business Analysis |
| 03 Reference Process | 10-step cross-industry process | ✅ Complete | Process Design, Integration |
| 04 API Endpoint Design | OpenAPI 3.0 compliant specification | ✅ Complete | Solution Architecture, Development |
| 05 Trust Network | Federated system architecture | ✅ Complete | Network Design, Governance |
| 06 Consent and Security Flow | FAPI 2.0 Security Framework | ✅ Complete | Security Architecture, Compliance |
| 07 Legal Framework | Legal Analysis and Compliance | ✅ Complete | Legal Teams, Risk Management |
| 08 Testing and Verification | Quality Assurance Framework | ✅ Complete | QA Teams, DevOps, Community |
| Component | Description | Status |
|---|---|---|
| 🔧 Implementation Alpha Version 1.0 | Technical implementation and code | 🚧 In development |
| Standards and Technologies | FAPI 2.0, OAuth2, OpenID Connect | ✅ Specified |
| Use Case Examples | Practical implementation examples | 📝 Planned |
Current Phase: Foundation (Months 1-12, until 06/26)
Complete project phases and milestones: 📊 ROADMAP.md
| Phase | Timeframe | Focus | Status |
|---|---|---|---|
| Phase 1 | Months 1-12 | Foundation & Standards | 🔄 In progress |
| Phase 2 | from Month 12 | Functional development | 📅 Planned |
| Phase 3 | TBD | Further development | 📋 To be defined |
| Use Case | Description | Business Value | Implementation Status |
|---|---|---|---|
| 🏦 Bank Account Onboarding | Efficient account opening with data reuse | 67% time reduction | 🔄 MVP in development |
| 🔍 Re-Identification | Fast customer verification with existing relationship | 85% time savings | 📋 Specified |
| 🎂 Age Verification | Privacy-preserving proof of age | Compliance + Privacy | 📋 Specified |
| 💼 EVV Use Case | Efficient asset management customer transfer | Seamless service | 📋 Specified |
Status: In development
Access: Contact for Sandbox Access
- Security: FAPI 2.0, OAuth 2.1, OpenID Connect
- API Design: OpenAPI 3.0, RESTful Architecture
- Data Format: JSON, ISO 20022 compliant
- Integration: Modular data building block architecture
- FINMA-compliant: Swiss financial market regulation
- Data Protection: FADP/GDPR compliance
- International Standards: PSD2, Open Banking compatible
Project Team: Open Banking Project - Business Engineering Institute, University of St. Gallen
Project Phase: Foundation Phase (Months 1-12)
Next Milestones: Partner Onboarding, FINMA Alignment
Interested in participating in the Open Banking Project?
- Review the business Conclusions
- Contact for pilot participation
- Access to the Sandbox Environment
All 13 planned TODO tasks successfully completed:
- ✅ ROADMAP.md - Professional revision and formatting
- ✅ 8 Business Conclusions - Complete language revision and improvement (Market Analysis, Requirements, Reference Process, API Design, Trust Network, Consent & Security, Legal Framework, Testing & Verification)
- ✅ Conclusion Overview - Structure and content check completed
- ✅ Sources and References - Quality check and cleanup of references
- ✅ Color Scheme Integration - Color coding implemented according to design guidelines
- ✅ README.md - Complete revision with improved navigation
Quality improvements implemented:
- Swiss language conventions consistently applied ("ss" instead of "ß", "Ecosystem" retained)
- Professional technical terminology consistently implemented
- English-German mixed language eliminated
- Consistent formatting and structure established
- Color coding integrated for better visual hierarchy
Version: 1.0
Last Updated: August 2025
Repository: Open Banking Project - Conceptual Development
| Area | Link | Description |
|---|---|---|
| 🎯 Project Overview | README.md | Central project overview |
| 🗺️ Implementation Roadmap | ROADMAP.md | Master timeline and phase planning |
| 📚 Business Conclusions | Conclusions Overview | Complete business documentation |
| ⚙️ Technical Implementation | Implementation Guide | Technical Implementation Details |
| 📋 Project Planning | Planning Intern | Internal project organization |