DMZ/Internal split
- Bruno Muratore (Unlicensed)
DMZ
The packages required are
0-Fragments
1-DMZ
In the CWP you need to specify the "zone" to DMZ and the "PSD2Server" to whatever the internal hostname is with protocol (eg. https://int-server:9443 )
Internal
The packages required are
0-Fragments
2-Internal services
3-XS2A
4-Mock
In the CWP you need to specify the "zone" to internal
Here is a diagram:
For a High Level architecture view, here is what it would look like, the above component is the PSD2 Solution Pack component herebelow. and the Two “Consents Auth, PI DB” and “Mock Bank DB” are together as the PSD2 Database.
component | Meaning | Area |
|---|---|---|
PSU | Payment Service User, customer | External (Bank user) |
TPP | Trusted Payment Party. | External (Client) |
ASPSP | Account Servicing Payment Service Provider. This is the Bank | Bank |
Backends | Protected area where all the data of the customers of the Bank resides | Bank |
Bank PSU Directory | The identity provider that the bank uses for authenticating their bank customers | Bank |
Layer7 Gateway | The API proxy solution owned by CA/Broadcom | Bank |
Bank Authentication System | An abstract layer that deals with the authentication of the Bank user, this might have components used by the Gateway, that is why the overlapping. This includes 2FA, SCA, OTP, etc… | Bank |
Online Banking | The Online Banking Portal of the bank itself, used by the customers of the bank to view their information from which they can also revoke authorisations and consents. | Bank |
PSD2 Solution Pack | Addon to the Gateway that allows for the seamless integration and standard enforcement. | Bank |
PSD2 Database | Database that contains the collection of consents, authorisation and payment initiation IDs | Bank |
EBA Registry (only for EU) | The Database that is required to check the authorisation level of the TPP for that region of Europe. | Bank |
apiida.com