[Openid-specs-fapi] Issue #116: CIBA - authentication methods and proof of possession (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Mon Jul 17 09:57:56 UTC 2017

New issue 116: CIBA - authentication methods and proof of possession

Dave Tonge:

The FAPI CIBA profile should require `Signed Request Object` for authentication to the backchannel authentication endpoint (it is recommended in the main CIBA spec).

The draft should be adjusted to reflect this.

Where `MTLS` is used to provide proof of possession semantics for tokens, a note should be added requiring that the signed request object is sent over a mutual TLS connection. This is not for the propose of authenticating the client, but for the purpose of giving the AS the attributes it needs to issue sender-constrained tokens.

Responsible: dgtonge

More information about the Openid-specs-fapi mailing list