[Openid-specs-fapi] Alive and kicking: draft-cavage-http-signatures

Joseph Heenan joseph at authlete.com
Wed Mar 13 17:31:33 UTC 2019

> On 13 Mar 2019, at 17:13, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
> BTW, where does the FAPI signature solution stand standards-wise?
> https://openid.net/specs/openid-financial-api-part-2.html#request
> It is not obvious that the FAPI signature solution actually is RESTful; maybe I'm missing something here?

FAPI doesn’t have a request signature solution in the way being talked about in this thread; that section of the spec refers to an alternate way to pass the OpenID Connect request object to the authorisation server prior to redirecting the user to the authorisation endpoint.

I believe in this thread we’re all talking about sending signed requests / responses to/from the resource server, which FAPI does not currently say anything about.



More information about the Openid-specs-fapi mailing list