[Openid-specs-fapi] HTTP Signing

Anders Rundgren anders.rundgren.net at gmail.com
Wed Nov 6 14:14:10 UTC 2019


Apparently the ball is now in IETF's court where Justin Richer is going to hold att session next week.

Personally I remain faithful to my claim that serializable requests is a MUST (using IETF terminology).  This is supported by both of my proposals:
https://cyberphone.github.io/doc/research/fapi-signed-https-2019-10-16.pdf

Although currently not based on any of the proposals, signed serializable HTTP requests (and responses) is extensive used in this brand new scheme:
https://github.com/cyberphone/doc/blob/gh-pages/payments/dual-mode-open-banking-api.md#background

Anders

On 2019-11-06 14:32, Dave Tonge wrote:
> Hi all
> 
> Thanks again for attending the special FAPI call re HTTP signing 2 weeks ago.
> Apologies for only sending this email today.
> 
> I've added notes on the call here:
> https://bitbucket.org/openid/fapi/wiki/HTTP%20Signing%20-%2024.10.2019
> At the FAPI WG we plan to continue working on this document:
> https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md
> 
> We plan to add a comparison table to the document to help compare the standards discussed on the call.
> 
> Thanks again
> 
> -- 
> Dave Tonge
> FAPI WG Co-Chair
> 



More information about the Openid-specs-fapi mailing list