[Openid-specs-fapi] Name change and FAPI Evolution

n-sakimura n-sakimura at nri.co.jp
Thu Feb 20 13:19:07 UTC 2020

Thanks. That sounds good, though the name that was talked about in the room in the F2F London was “Baseline” instead of “Basic”.



PLEASE READ:This e-mail is confidential and intended for
the named recipient only. If you are not an intended recipient,
please notify the sender and delete this e-mail.

2020/02/19 15:59、Daniel Fett via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>のメール:


FWIW, I'm currently preparing a first draft for 2.0. I currently expect 2.0 to consist of separate documents for the attacker model, the two profiles, grant management and potentially CIBA.


Am 19.02.20 um 16:34 schrieb Dave Tonge via Openid-specs-fapi:
Dear WG

We had a good discussion on the call today around the next steps for FAPI and came to the following conclusion:

1. We should use versioning to indicate that the FAPI evolution is a new major version
2. We need to keep support for the current FAPI-R and FAPI-RW for some time as they have been implemented by many people and have a good suite of conformance tests.
3. There were no objections to the names of "Basic" and "Advanced"

With this in mind we propose:

1. The current "Financial-grade API - Part 1: Read-Only API Security Profile" (FAPI Read) spec should be changed to "Financial-grade API 1.0 - Part 1: Read-Only API Security Profile (FAPI 1.0 Read)
2. The current "Financial-grade API - Part 2: Read and Write API Security Profile" (FAPI Read/Write) spec should be changed to "Financial-grade API 1.0 - Part 2: Read and Write API Security Profile (FAPI 1.0 Read/Write)
3. We introduce two new documents:
 - Financial-grade API 2.0 - Basic Security Profile" (FAPI 2.0 Basic)
 - Financial-grade API 2.0 - Advanced Security Profile" (FAPI 2.0 Advanced)

This will allow us to maintain the existing specs (and their associated conformance suites). It will also allow the evolution of FAPI that we've been discussing to move ahead - including with new names to signal use-cases beyond financial read and financial read/write. The new documents (2.0 Basic and 2.0 Advanced) can be re-ordered and won't need to maintain backwards compatibility to the numbering of sections and list items.

It would be good to get feedback from the WG about this proposal as we are keen to move forward.



Dave Tonge
FAPI Co-Chair

Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net<mailto:Openid-specs-fapi at lists.openid.net>

Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200220/2be9358f/attachment.html>

More information about the Openid-specs-fapi mailing list