Authorization Basics

5 mins read

Brazil Open Insurance Basics

Refresh knowledge about Brazil Open Insurance Initiative.

OPIN: Overview

Brazil’s Open Insurance (OPIN) initiative gives Brazilian consumers greater access to and control over their data. The main companies that are operating in the Open Insurance ecosystem would be insurance companies, capitalization companies, and open supplementary pension entities. It encourages competition between service providers leading to better prices for the customers, more innovative insurance products and services, and improves consumers’ ability to compare and switch between products and services. OPIN operationalizes and standarizes the sharing of consumer data and services that are authorized/accredited by the SUSEP governing body in a safe, secure, and privacy compliant manner with consumer experience and explicit consent in the forefront.

One of the goals of Open Insurance is to be interoperable with Open Banking, forming the broader ecosystem, called Open Finance. Open Insurance requires two large group of segregated information to be shared - public data and personal data. Public data normal refers to exposing the information related to different product and services by different companies in the sector. Personal data comprises of mainly the consumer data that includes the customer registration, their policies, certificates, contracts, tickets, and transaction related to these. Any and all data sharing can only be done with the express authorization of the consumer, who decides what data is shared, with whom, and for how long.

Cloudentity provides a secure foundational platform to enable your Open data API platform to be OPIN-compliant. Cloudentity platform handles consumer consents and also provides you with a highly scalable and configurable financial grade authorization server to ensure the data is shared with only authorized parties based on consumer consent. Keeping up with the security profile requirements for data consent and authorization can be challenging and Cloudentity is here to help with that problem in the Open Insurance space.

Consumer Data

Institutions within the insurance sectors that own the consumer data are also referred to as Data Providers. The organization receiving consumer information is referred to as TPP/Data Recievers. The Open Insurance aims to provide greater choice and control for Brazilians over how their data is used and disclosed. Open Insurance requires all Brazilians Data Providers to:

  • Share consumer data that has been consented by a consumer with accredited third parties
  • Attain consent of the consumer before sharing their data with accredited third parties
  • Apply Strong Customer Authentication (SCA)

Secure & Trusted Data Sharing in OpenAPI Economy

To build an ecosystem out of data shared from these industries, we need a standardized ecosystem of data sharing agreements. Using standardized APIs and then enabling access to those with consumer consent using established industry-standard secure protocols including OAuth 2.0 and OIDC, institutions and authorized third-parties can now focus to develop innovative products and solutions for consumers and businesses with the data. It’s a new era for security, privacy, and consent in all industries that hold customer-generated data sets.

Participant Trust in Open Finance Ecosystem

Brasil Open Finance ecosystem leverages a federation trust provider or directory of participants as the golden source of information on accredited participants and software that is authorized to partake in the Open Finance Brasil ecosystem. The services by the directory include:

  • Software registration and management.
  • Software credential registration and management using ICP Certificates.
  • Software Statement Assertion (SSA) generation

Cloudentity integrates with directory services directly to ensure the data recipients are infact registered in directory, present a valid SSA during registration at data transmitter end, and ensures the credentials are intact while requesting the consumer data.

Cloudentity as Open Insurance Enabler

Cloudentity provides the capabilities required by Data Transmitters to meet the Open Finance Brazil Security profile requirements and securely authenticate end users, collect required consents, onboard accredited third parties to request data, manage the consumer consent, and verify the consumer authorization before data is shared with accredited Data Receivers. Cloudentity also facilitates Data transmitters to allow its consumers to manage their data sharing consent agreements securely. In a nutshell, the Cloudentity platform facilitates and accelerates the Data transmitter organization’s journey to expose their data APIs securely with consumer consent as required by Open Insurance specifications.

The Open Finance Brazil Security profile builds upon the foundations of the Financial-grade API Read Write Profile FAPI-RW-Draft, Financial-grade API Advanced Profile FAPI-1.0-Advanced and other standards relating to Open ID Connect 1.0 OIDC. Keeping up with the evolving advanced specifications in OIDF space can be a challenge for any organization and Cloudentity takes on this challenge. It allows organizations to completely focus on the business data APIs for insurance products that need to be exposed as per Open Insurance specifications.

Adopting Cloudentity accelerates the entire effort to achieve Open Insurance compliance drastically and allows faster time to market. Cloudentity solution offers a highly performant, multi-tenant advanced FAPI compliant and certified authorization server built on open standards and compatible with advanced OAuth 2.0 & OIDC specifications. Cloudentity also provides a rich set of APIs that facilitates consent collection & management for the Data Transmitter to implement the Open Insurance recommended safe and secure customer journey experiences using various digital channels.

With Cloudentity, your organization:

  • Can achieve OPIN compliance faster
  • Has faster time to market for data sharing capabilities
  • Offloads the complex security profile requirements completely
  • Lowers the overall Open Insurance implementation cost

Updated: Jan 20, 2023