[Openid-specs-fapi] External : FW: OBE JWS Profile - Version 0.10b for Approval

Fri Sep 18 19:53:29 UTC 2020

Apologies for not being up to date on everything but what were the issues
with RFC 7797 b64 header? And how do things work without it? Does that mean
the http body has to base64url encoded? Or am I misunderstanding something?

On Thu, Sep 17, 2020 at 3:06 AM Freddi Gyara via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

>
>
> I want to raise a concern about “REQUIREMENT-2: The JWS header shall
> include b64 header parameter, as defined in RFC 7797 [3], set to false."
>
>
>
> This is a breaking change from the signatures at Open Banking (which
> explicitly do not use this as we found that library support and interop
> issues that ensued as a result.
>
>
>
> It would be good to understand the rationale for requiring this flag. If
> this was included to be aligned with OBIE, the situation on the ground has
> now actually changed.
>
>
>
> Requirements in 5.3.2 are also a breaking change for OBIE (we rely on
> using `kid` alone to identify the signing key).
>
>
>
>
>
>
>
> *From:* Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> *On
> Behalf Of *Ralph Bragg via Openid-specs-fapi
> *Sent:* 16 September 2020 17:43
> *To:* openid-specs-fapi at lists.openid.net
> *Cc:* Ralph Bragg (raidiam) <ralph.bragg at raidiam.com>
> *Subject:* External : [Openid-specs-fapi] FW: OBE JWS Profile - Version
> 0.10b for Approval
>
>
>
> FYI – speak now or forever hold your peace.
>
>
>
> Kind Regads,
>
> Ralph
>
>
>
> *From: *Joao Daniel Parracho <j.parracho at openbankingeurope.eu>
> *Date: *Wednesday, 16 September 2020 at 17:27
> *Cc: *Nick Pope <nick.pope at openbankingeurope.eu>, "John Broxis (
> j.broxis at preta.eu)" <j.broxis at preta.eu>
> *Subject: *OBE JWS Profile - Version 0.10b for Approval
>
>
>
> Dear Colleagues,
>
>
>
> OBE is pleased to distribute the OBE JWS Profile version 0.10b for your
> approval.  This has minor changes from the version 0.0.9 distributed
> earlier this year as listed in the document “Comments on OBE JWS profile v
> 0.9” and with specific revisions shown in document
> “PRETA-OBE-ID-000-010b-OBE JWS- proposed final draft for approval-with
> revs”.
>
>
>
> It is proposed to finalise this approval at a meeting API and ETSI
> signature format experts on 22nd October at 15:00 CEST.  Can you let us
> known if you approve or have any remaining concerns with this document *at
> least 1 week before this meeting date*?  Also, if you wish to attend the
> meeting on 22nd October and are unable to make this date please let us know
>  as soon as possible.
>
>
>
> Kind regards,
>
> João
>
> *João Parracho*
>
> *Communications & Engagement Consultant | Open Banking Europe*
>
> j.parracho at openbankingeurope.eu
>
>
>
> [image: A close up of a logo Description automatically generated]
>
> 40 rue de Courcelles | F-75008 Paris, France
>
> https://www.openbankingeurope.eu/
>
>
>
> Open Banking Europe is owned by PRETA S.A.S. a wholly-owned subsidiary of
> ABE/EBA CLEARING S.A.S.
>
> PRETA S.A.S. is registered with RCS PARIS under no. 798 483 053 | VAT no.
> FR 27 798 483 053
>
> This message and any attachments (the "message") are confidential and
> intended solely for the addressees. Any unauthorized use or dissemination
> is prohibited. E-mails are susceptible to alteration. PRETA shall not be
> liable for the message if altered, changed or falsified.
>
> Ce message est confidentiel; son contenu ne représente en aucun cas un
> engagement de la part de PRETA sous réserve de tout accord conclu par
> écrit entre vous et PRETA. Toute publication, utilisation ou diffusion,
> même partielle, doit être autorisée préalablement.
>
> Si vous n'êtes pas destinataire de ce message, merci d'en avertir
> immédiatement l'expéditeur.
>
>
>
> P Please consider the environment before printing this email
>
>
>
>
> Please consider the environment before printing this email.
>
> This email is from Open Banking Limited, Company Number 10440081. Our
> registered and postal address is 2 Thomas More Square, London, E1W 1YN. Any
> views or opinions are solely those of the author and do not necessarily
> represent those of Open Banking Limited.
>
> This email and any attachments are confidential and are intended for the
> above named only. They may also be legally privileged or covered by other
> legal rights and rules. Unauthorised dissemination or copying of this email
> and any attachments, and any use or disclosure of them, is strictly
> prohibited and may be illegal. If you have received them in error, please
> delete them and all copies from your system and notify the sender
> immediately by return email. You can also view our privacy policy (
> https://www.openbanking.org.uk/privacy-policy).
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200918/b16c8a8d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10570 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200918/b16c8a8d/attachment-0001.png>