[Openid-specs-fapi] First draft Australian standard
Ralph Bragg
ralph.bragg at raidiam.com
Mon Nov 26 09:05:35 UTC 2018
All,
It’s very closely aligned with RW.
There will be a v 0.0.2 out shortly addressing some of the items like, AT introspection to determine the scopes that were granted, that FAPI part one already addressed by making the requirement to return the scopes from the token endpoint mandatory on code exchange.
The biggest area still up in the air is how complex scoped information are exchanged between RP, OP and RS.
We, FAPI, should provide guidance and standardise the way the reference to a complex consent object is passed to avoid fragmentation.
RB
________________________________
From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Monday, November 26, 2018 08:37
To: Openid-specs-fapi
Cc: Joseph Heenan
Subject: [Openid-specs-fapi] First draft Australian standard
Hi all,
Here's the first draft of Australia's security profile:
https://consumerdatastandardsaustralia.github.io/infosec/#infosec-profile-0-0-1
TL;DR seems to be that it's essentially FAPI part2 + CIBA, along with making a few optional parts of OIDC/OAuth2 mandatory.
Joseph
_______________________________________________
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20181126/27050585/attachment.html>
More information about the Openid-specs-fapi
mailing list