[Openid-specs-fapi] Name change and FAPI Evolution

Dave Tonge dave.tonge at momentumft.co.uk
Wed Feb 19 15:34:15 UTC 2020

Dear WG

We had a good discussion on the call today around the next steps for FAPI
and came to the following conclusion:

1. We should use versioning to indicate that the FAPI evolution is a new
major version
2. We need to keep support for the current FAPI-R and FAPI-RW for some time
as they have been implemented by many people and have a good suite of
conformance tests.
3. There were no objections to the names of "Basic" and "Advanced"

With this in mind we propose:

1. The current "Financial-grade API - Part 1: Read-Only API Security
Profile" (FAPI Read) spec should be changed to "Financial-grade API 1.0 -
Part 1: Read-Only API Security Profile (FAPI 1.0 Read)
2. The current "Financial-grade API - Part 2: Read and Write API Security
Profile" (FAPI Read/Write) spec should be changed to "Financial-grade API
1.0 - Part 2: Read and Write API Security Profile (FAPI 1.0 Read/Write)
3. We introduce two new documents:
 - Financial-grade API 2.0 - Basic Security Profile" (FAPI 2.0 Basic)
 - Financial-grade API 2.0 - Advanced Security Profile" (FAPI 2.0 Advanced)

This will allow us to maintain the existing specs (and their associated
conformance suites). It will also allow the evolution of FAPI that we've
been discussing to move ahead - including with new names to signal
use-cases beyond financial read and financial read/write. The new documents
(2.0 Basic and 2.0 Advanced) can be re-ordered and won't need to maintain
backwards compatibility to the numbering of sections and list items.

It would be good to get feedback from the WG about this proposal as we are
keen to move forward.



Dave Tonge
FAPI Co-Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200219/54b5b999/attachment.html>

More information about the Openid-specs-fapi mailing list