[Openid-specs-fapi] Issue #425: FAPI 2.0 Purpose and FAPI WG Scope (openid/fapi)

dgtonge issues-reply at bitbucket.org
Wed Jun 23 15:57:13 UTC 2021

New issue 425: FAPI 2.0 Purpose and FAPI WG Scope

Dave Tonge:

There was some discussion on the call today about the purpose of FAPI 2.0 and how it fits with the WG Charter.

The current charter - [https://openid.net/wg/fapi/charter/](https://openid.net/wg/fapi/charter/) is a little outdated, but is fairly broad in its remit. I don’t personally think that the charter prevents us from producing specifications based on OIDC / OAuth 2 that aid interoperability and security.

The purpose for FAPI 2.0 as expressed in our [FAQ](https://openid.net/wg/fapi/faq/) is:

* complete interoperability at the interface between client and authorization server as well as interoperable security mechanisms at the interface between client and resource server.
* easier to use than FAPI 1.0
* alignment with OAuth Security BCP
* clear attacker model

It would be good to get any feedback on this.

More information about the Openid-specs-fapi mailing list