[Openid-specs-fapi] FAPI CIBA Profile
bcampbell at pingidentity.com
Tue Jan 8 14:48:50 UTC 2019
Looks like there are quite a few things listed in the 'Normative
references' section that aren't actually used elsewhere in the document. Is
that intentional? Or boilerplate copy/paste carryover?
On Fri, Jan 4, 2019 at 1:53 AM Dave Tonge <dave.tonge at momentumft.co.uk>
> Dear WG
> We are keen to finish the FAPI profile of CIBA (Client Initiated
> Backchannel Authentication) as soon as possible.
> The core CIBA draft is here:
> The current FAPI profile draft is here:
> We currently have these issues open:
> Should the FAPI profile mandate the use of signed authentication requests
> (note this would be for non-repudiation rather than for authentication or
> integrity protection).
> Query about the alignment between FAPI RW and FAPI CIBA re acr/amr
> Should FAPI CIBA poll mode have this requirement:
> > "shall not reject or return 'slow_down' to clients that are polling at
> an interval of 100ms or longer (except in exceptional circumstances where
> unexpected and unprecedented server load is present), this requirement
> shall not apply if CIBA ping mode is supported"
> Should we require the use of login_hint_tokens rather than just
> Please can I ask WG members to read the drafts, comment on the above
> issues (and raise any additional issues) by *next Friday (11 Jan)*. I
> would like to finalise discussions on the FAPI CIBA profile on the next
> Atlantic call (16 Jan) if possible so that ideally we can start a review
> process before the end of the month.
> Dave Tonge
> FAPI WG Co-Chair
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi