[Openid-specs-fapi] First draft Australian standard

Ralph Bragg ralph.bragg at raidiam.com
Mon Nov 26 09:05:35 UTC 2018


It’s very closely aligned with RW.

There will be a v 0.0.2 out shortly addressing some of the items like, AT introspection to determine the scopes that were granted, that FAPI part one already addressed by making the requirement to return the scopes from the token endpoint mandatory on code exchange.

The biggest area still up in the air is how complex scoped information are exchanged between RP, OP and RS.

We, FAPI, should provide guidance and standardise the way the reference to a complex consent object is passed to avoid fragmentation.


From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Monday, November 26, 2018 08:37
To: Openid-specs-fapi
Cc: Joseph Heenan
Subject: [Openid-specs-fapi] First draft Australian standard

Hi all,

Here's the first draft of Australia's security profile:


TL;DR seems to be that it's essentially FAPI part2 + CIBA, along with making a few optional parts of OIDC/OAuth2 mandatory.


Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20181126/27050585/attachment.html>

More information about the Openid-specs-fapi mailing list