How to Pick Best Stocks in Share Market

When thinking about investments, 3 things come to my mind, in Sri Lankan context. Buy real state in a suburb or a town that is fast growingPut in a Fixed Deposit in a bankInvest in the stock market As the current FD rates are in declining phase, it did not really come as a good option to me at the moment of writing this. Hence I thought to investigate a bit on investing in the share market as it doesn't really need a larger amount of money as to by a property as in option 1.
Below is an insightful speech by the richest person in Sri Lanka, who is known as a business magnate, 'Mr. Dhammika Perera', explaining how he started with share market (while the overall speech highlights many important facts, he specifically talks about share market from 6minutes and 26 seconds. Speech is in Sinhalese).

One thing he said, captured me that do not enter a business if you do not know about it. He also emphasized that it's the knowledge we should seek, not money, which surprised me t…

Beyond PSD2 for a Better Open Banking Expereince

PSD2 is acting as a catalyst in the digital transformation happening in the Banking industry. While meeting the compliance requirements of PSD2, financial institutes are excited to make use of the new business models and opportunities opened by this laid foundation. More the customers and partners we can reach, more the business activities and more the revenue. Making the banking functions more accessible and reactive will be a key enabler to provide a seamless experience to these parties, including internal banking staff whom directly affects the business efficiency.
IAM plays a critical role in improving business accessibility without compromising the system boundaries. PSD2 mandates strong customer authentication(SCA), setting the bar high for user authenticity, while keeping few exemptions, not to bother payment services user(PSU) with SCA for every little transactions. While adhering to this policy will make an institute PSD2 complaint, if they can react fast to the fraud rates…

Identity Mediation for PSD2

Partners, mergers, legal entities, government entities, customers all need to work together in this era, while honoring the boundaries they should work within. This is with link to my previous post on challenges of future IAM requirements arising with increased interchangeability requirements between diversified parties.
Challenges of Future IAM (concerned with Mergers , Acquisitions, Startups) - of Identity and Access Management (IAM)- This need is much more emphasized with the new regulations such as PSD2 in EU region that is putting foundation for Open Banking. While these standards define guidance for implementation interfaces,  End user authentication and authorizationThird party authentication and authorizationIdentity mgt of internal staff,  has hidden needs of identity mediation. Federated authentication i…

Building a Fool Proof Security Strategy for PSD2 Compliance

Following are the slides I used in a webinar by WSO2 to look at the IAM and overall security aspects of a fully PSD2 Complaint Solution. While it lists down the basic requirements to be PSD2 complaint, it also explains the requirements that are not visible out in the surface, but very valuable in building a comprehensive and robust solution that will have a long term vision while being PSD2 complaint as per the urgent need.

Building a Fool Proof Security Strategy for PSD2 Compliance from WSO2 Inc.

The webinar recording is available at

Regulatory Technical Standard (RTS) for PSD2 SCA in Plain Text

Abbreviations Used with PSD2Payment Services Directive 2 -PSD2Regulatory Technical Standard(RTS)- A recommendation requested by PSD2 as a technical guideline to be compliant with PSD2 Strong Customer Authentication -SCAPayment Service User -PSUAccount Servicing Payment Service Provider (ASPSP) - the existing banksPayment Initiation Service Provider (PISP) - a third party entity or a bank itself that can initiate the payment process Account Information Service Provider (AISP) - a third party or a bank itself which can retrieve PSU's account information may be to show an aggregate view of all accounts. Payment Service Providers issuing card- based payment instruments (PSP) - payment service providers that existed in pre PSD2 era who are doing payments through card networks like VISA or Mastercard. Sometime this is also used to refer all PSPs including PISP and AISP.Common and Secure Communication (CSC) Third Party Payment Service Providers (TPP)Access to accounts - XS2A When addres…

The Role of IAM in Open Banking

This presentation discusses on PSD2 standards in detail with the PISP and AISP flows, the technologies involved around the standard and finally how it can be adopted for Sri Lankan financial market.

Challenges of Future IAM (concerned with Mergers , Acquisitions, Startups)

When the companies bring in external users to work within the enterprise activities, via mergers, acquisitions, outsourcing and allowing end users come via social login, a problem is raised due to the variety of protocols each of these external parties may use for identity management. Most of the time these external parties would not agree to share their user base with sensitive information of the users, which is a major asset of them. In this case identity federation or cross domain authentication comes into provide a solution to this problem. There are identity federation protocols that have evolved with the time mainly OpenID, SAML, WS-Federation and OpenID connect to address the requirement of federated authentication. Even though these protocols have been able to cater for it, while the acquisitions and merges grows up in numbers the solutions still suffers from two major limitations, namely[1], Federation Silos

When there is federation requirement, organizations would choose on…