[Openid-specs-fapi] HTTP Signing

Anders Rundgren anders.rundgren.net at gmail.com
Wed Nov 6 14:14:10 UTC 2019

Apparently the ball is now in IETF's court where Justin Richer is going to hold att session next week.

Personally I remain faithful to my claim that serializable requests is a MUST (using IETF terminology).  This is supported by both of my proposals:

Although currently not based on any of the proposals, signed serializable HTTP requests (and responses) is extensive used in this brand new scheme:


On 2019-11-06 14:32, Dave Tonge wrote:
> Hi all
> Thanks again for attending the special FAPI call re HTTP signing 2 weeks ago.
> Apologies for only sending this email today.
> I've added notes on the call here:
> https://bitbucket.org/openid/fapi/wiki/HTTP%20Signing%20-%2024.10.2019
> At the FAPI WG we plan to continue working on this document:
> https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md
> We plan to add a comparison table to the document to help compare the standards discussed on the call.
> Thanks again
> -- 
> Dave Tonge
> FAPI WG Co-Chair

More information about the Openid-specs-fapi mailing list