[Openid-specs-fapi] OpenID/FAPI alternative to draft-cavage-http-signatures
philippe.leothaud at 42crunch.com
Thu May 9 08:34:10 UTC 2019
I'm actually thinking of a way to sign also the request line and selected
HTTP Headers using JWS detached signature.
Basically it would just work by adding this information in the secured JOSE
Le jeu. 9 mai 2019 à 07:40, Anders Rundgren via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> a écrit :
> Dear Chair & List,
> To me it looks close to ridiculous publicly downplaying
> https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ without
> providing an alternative.
> If nobody within the OpenID community is even interested in this matter,
> why the concern?
> Please provide a plan on how to resolve this issue, or simply accept that
> https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ is the
> de-facto standard for (at least) Open Banking. The industry in general (as
> proven by this case) does not seems to have any major issues with de-facto
> If OpenID/FAPI intend to wait another year addressing this issue, the
> de-facto status will be cemented. Personally I see no problems if that
> would be the case. The authors also seem open to input.
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi