[Openid-specs-fapi] External : Response to OBE/PRETA JWS HTTP Signing Profile

Anders Rundgren anders.rundgren.net at gmail.com
Fri Oct 16 06:35:01 UTC 2020

Bringing in RFC 7797 is IMO a mistake.  This RFC was created to permit in-line signing using unencoded data as the latter had been raised (mainly by me) as a "missing feature" in the JOSE stack.  For that the b64 flag is indeed necessary.  I would BTW be surprised if any serious developer would ever consider using that feature.  RFC 8785 or ETSI's ZIP arrangements are much better.

However, detached data is already covered by RFC 7515 appendix F.


On 2020-10-15 12:29, Dave Tonge via Openid-specs-fapi wrote:
> Thanks Freddi - I've updated the doc with your suggestion re base64
> On Wed, 14 Oct 2020 at 17:42, Freddi Gyara <Freddi.Gyara at openbanking.org.uk <mailto:Freddi.Gyara at openbanking.org.uk>> wrote:
>     Dave,____

More information about the Openid-specs-fapi mailing list