[Openid-specs-fapi] Kicking off Part 2: Read Write API Security
nat at sakimura.org
Tue Dec 13 16:44:47 UTC 2016
Dear FAPI members:
Now that we have sent the Part 1 to the OIDF secretary, we should
immediately start working on Part 2.
What Part 2 needs to do is to specify the additional requirements on
Part 1 to do the "write" operation.
My gut feeling is to require
* OAuth Token Bind;
* LoA 3 for authentication;
* the use of request object;
* to put all the intended endpoints in the request; and
* potentially, one time access token.
These needs to be decomposed to Authorization server requirements and
Is there anything else that comes up to your mind?
Chairman, OpenID Foundation
More information about the Openid-specs-fapi