[Openid-specs-fapi] OpenID/FAPI alternative to draft-cavage-http-signatures
Philippe Leothaud
philippe.leothaud at 42crunch.com
Thu May 9 08:34:10 UTC 2019
Hi Anders,
I'm actually thinking of a way to sign also the request line and selected
HTTP Headers using JWS detached signature.
Basically it would just work by adding this information in the secured JOSE
header.
Wdyt?
Thanks,
Philippe
Le jeu. 9 mai 2019 à 07:40, Anders Rundgren via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> a écrit :
> Dear Chair & List,
>
> To me it looks close to ridiculous publicly downplaying
> https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ without
> providing an alternative.
>
> If nobody within the OpenID community is even interested in this matter,
> why the concern?
>
> Please provide a plan on how to resolve this issue, or simply accept that
> https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ is the
> de-facto standard for (at least) Open Banking. The industry in general (as
> proven by this case) does not seems to have any major issues with de-facto
> standards.
>
> If OpenID/FAPI intend to wait another year addressing this issue, the
> de-facto status will be cemented. Personally I see no problems if that
> would be the case. The authors also seem open to input.
>
> sincerely,
> Anders
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190509/deeb63bf/attachment.html>
More information about the Openid-specs-fapi
mailing list