[Openid-specs-fapi] FAPI 2 Advanced Profile / Recommendations for signing resource requests/responses

Torsten Lodderstedt torsten at lodderstedt.net
Sat Jun 6 08:24:34 UTC 2020


> Am 05.06.2020 um 10:20 schrieb Daniel Fett via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
> Hi all,
> I prepared a first (rough) draft of the FAPI 2 Advanced profile and would welcome your feedback: https://bitbucket.org/openid/fapi/src/c28fc020e7ab9377d96501f2b4daa9a9da8f2128/FAPI_2_0_Advanced_Profile.md?at=danielfett%2Ffapi2%2Fadvanced
> One open question is whether we can give recommendations regarding resource request and response signing. We currently have https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md which lists "typical requirements" but does not give concrete advice.
> eTSI is developding JAdES
is the current spec publicly available?
> and there is some work ongoing in the IETF HTTP group as well.
I think this work is in early stage, I don’t think we should be waiting for it getting stable.
> What are other options that we should take a look at?
(1) JWS in its traditional form or as (2) detached signature with unencoded payload - as far as I remember, UK OB wanted to use (2) but reverted to (1). I would appreciate if someone involved in UK OB would comment.

best regards,
> -Daniel
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200606/f7f22f65/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2275 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200606/f7f22f65/attachment.p7s>

More information about the Openid-specs-fapi mailing list