[Openid-specs-fapi] Serialization: Financial_API_HTTP_Signing.md

Anders Rundgren anders.rundgren.net at gmail.com
Fri Oct 25 05:14:06 UTC 2019

Thanx Dave for arranging the HTTP Signature call!  My SHREQ presentation wasn't that great; I'm more used to documents and F2Fs :)

Anyway, in https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md there is a line

     "Any signing scheme must support straightforward serialization for later verification"

which I don't understand since few of the proposed solutions actually have this quality.  They rather support receive-time/transient signature verification which is sufficient for FAPI given the *current* functionality.

For Saturn OTOH, serialization support is fundamental since it builds on a self-contained, clear-text, redeemable, payment-token concept using *counter-signatures* which for example is used for Gas station payments which few (if any) Open Banking APIs currently support.  This is effectively an alternative to the "lodging" schemes FAPI is currently playing with.


More information about the Openid-specs-fapi mailing list