[Openid-specs-fapi] Issue #98: Move note regarding URN from 7.3 to 7.1 (openid/fapi)
issues-reply at bitbucket.org
Tue May 16 13:41:48 UTC 2017
New issue 98: Move note regarding URN from 7.3 to 7.1
[Financial_API_WD_002.md](https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_002.md?at=master&fileviewer=file-view-default) contains this note:
Note that it can be either URL or URN. It shall be based on a cryptographic random value so that it is difficult to predict for the attacker.
1. I suggest to move this note to section 7.1 where request_uri is introduced.
2. If the request_uri is an URN is there a need to be based on a cryptographic random value?
3. I suggest to expand on request objects at the AZ and that in this case URNs might be the best way to go.
4. If request objects reside at the AZ must they be signed?
Not sure I fully understand the RO at AZ scenario...
More information about the Openid-specs-fapi