[Openid-specs-fapi] Kicking off Part 2: Read Write API Security
Nat Sakimura
nat at sakimura.org
Tue Dec 13 16:44:47 UTC 2016
Dear FAPI members:
Now that we have sent the Part 1 to the OIDF secretary, we should
immediately start working on Part 2.
What Part 2 needs to do is to specify the additional requirements on
Part 1 to do the "write" operation.
My gut feeling is to require
* OAuth Token Bind;
* LoA 3 for authentication;
* the use of request object;
* to put all the intended endpoints in the request; and
* potentially, one time access token.
These needs to be decomposed to Authorization server requirements and
client requirements.
Is there anything else that comes up to your mind?
Best,
--
Nat Sakimura
Chairman, OpenID Foundation
More information about the Openid-specs-fapi
mailing list