[Openid-specs-fapi] Issue #309: Decision on message signing for FAPI 2 Advanced (openid/fapi)
webhamster
issues-reply at bitbucket.org
Wed Aug 26 14:41:23 UTC 2020
New issue 309: Decision on message signing for FAPI 2 Advanced
https://bitbucket.org/openid/fapi/issues/309/decision-on-message-signing-for-fapi-2
Daniel Fett:
The attacker model for FAPI 2 necessitates message signing for messages from and to the RS. We need to make a reasonable recommendation here.
An option could be to just prescribe some signing mechanism, but leave the details open to the implementer. This would partially undermine the goal of creating an on-the-wire interoperable standard, however.
More information about the Openid-specs-fapi
mailing list