[Openid-specs-fapi] Renaming FAPI

n-sakimura n-sakimura at nri.co.jp
Wed Apr 11 03:06:55 UTC 2018


Too busy right now to really think about it but just one point of info. 
All OpenID Foundation specification will be prefixed by "OpenID" for the license purpose (so that specs are protected from modification etc. and are available free of charge for the implementers), having "OpenID" in the spec name does not work. (And if you read the procedure document, it is actually prohibited.) 

So, in essence, we are talking about what goes in to the underlined portion of "OpenID _______". 

FYI, in the case of OpenID Connect Core, the spec name actually is "Connect Core". In the case of OpenID 2.0, it is actually, "Authentication 2.0". (I know it is a bit pedantic, but that is how to interpret these names from the OpenID Process point of view. ) 

Also, it has been pointed out in the past that these profiles can be used to protect not only "user resources". 

Another PoV provided during the course of discussion was that since we have a few instances of parameter names that uses "FAPI", it would be better to have the new name that can be retrofit to "FAPI". 

Nat

-----Original Message-----
From: Openid-specs-fapi [mailto:openid-specs-fapi-bounces at lists.openid.net] On Behalf Of Mike Schwartz via Openid-specs-fapi
Sent: Wednesday, April 11, 2018 4:34 AM
To: Financial API Working Group List <openid-specs-fapi at lists.openid.net>
Cc: Mike Schwartz <mike at gluu.org>
Subject: Re: [Openid-specs-fapi] Renaming FAPI

FAPI WG,

Putting "user" in the name might cause confusion with "User Managed Access" (UMA).

Why wouldn't you want to leverage the existing "OpenID" Branding?

If not "OpenID Plus" then "OpenID ____"?

What strikes me about FAPI is that it's the most secure profile of OpenID Connect, and can be used by the OP to increase assurance, and the RP to increase protection. So "OpenID Plus" says it's basically OpenID... with some extra stuff to make it extra secure.

- Mike



On 2018-04-10 14:16, Brian Campbell via Openid-specs-fapi wrote:
> I also think a more broadly applicable term like "user" is preferable 
> to "consumer".
> 
> Spitballing a few:
> 
> User Resource Protection
> User Resource Protection Profiles
> Enhanced User Resource Protection Profiles
> 
> On Tue, Apr 10, 2018 at 10:08 AM, Tom Jones via Openid-specs-fapi 
> <openid-specs-fapi at lists.openid.net> wrote:
> 
>> i prefer the term "user" as it is broader.
>> 
>> How about
>> User Protection Profiles
>> 
>> Peace ..tom
>> 
>> On Tue, Apr 10, 2018 at 8:30 AM, Sarah Squire via Openid-specs-fapi 
>> <openid-specs-fapi at lists.openid.net> wrote:
>> 
>>> Hey Folks,
>>> 
>>> At the last OpenID Foundation Board meeting, the board agreed that 
>>> since FAPI is not limited to the financial sector and does not 
>>> proscribe API designs, it should be renamed.
>>> 
>>> The fundamental thing that differentiates the OpenID Foundation's 
>>> OpenAPI working groups is that they focus on consumer-facing 
>>> ecosystems as opposed to enterprise, so we could focus it in that 
>>> direction.
>>> 
>>> Instead of saying API, we could say something like resource or 
>>> protected resource.
>>> 
>>> How about
>>> 
>>> Consumer Resource Protection (CRP)
>>> 
>>> Delegated Resource Access for Consumer-facing Operators (DRACO)
>>> 
>>> Delegated Protection of Consumer Resources (DPCR)
>>> 
>>> Thoughts?
>>> 
>>> Sarah
>>> 
>>> PS I work for Ping Identity. Sending this from an old email address 
>>> because of IPR/mailing list issues.
>>> 
>>> _______________________________________________
>>> Openid-specs-fapi mailing list
>>> Openid-specs-fapi at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi [1]
>> 
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi [1]
> 
> _CONFIDENTIALITY NOTICE: This email may contain confidential and 
> privileged material for the sole use of the intended recipient(s). Any 
> review, use, distribution or disclosure by others is strictly 
> prohibited.  If you have received this communication in error, please 
> notify the sender immediately by e-mail and delete the message and any 
> file attachments from your computer. Thank you._
> 
> Links:
> ------
> [1] http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
_______________________________________________
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-fapi


More information about the Openid-specs-fapi mailing list