[Openid-specs-fapi] Berling group consultation response table

Anders Rundgren anders.rundgren.net at gmail.com
Mon Nov 13 09:09:10 UTC 2017


On 2017-11-12 20:49, Nat Sakimura via Openid-specs-fapi wrote:
> Dear FAPIers:
> 
> I have started to paste the comments that I got by now into the
> following google doc.

Hi Nat,
May I take the liberty commenting a bit on this?

> https://docs.google.com/document/d/1fh09jiJGITuefXkB1Zq3oCrhHNvP5BWXDrpKPJK_iRE/edit?usp=sharing

    "4.2 [signHTTP] is not  a standard nor it is on the way to become standard.
     It has not and is not going under the rigor of the standardization process"

FWIW, the STET PSD2 API (https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html) also builds on [signHTTP].

AFAICT there is little else you can do if you want to be fully faithful to the REST philosophy since a request is qualified by Payload + Headers + Verb.

Due to the problems combining signatures and REST requests ("non-standard" as you say), as well as to REST's limited usability for interactive (bi-directional) Wallet communication, I "invented" a scheme called YASMIN:
https://cyberphone.github.io/doc/web/yasmin.html

Anders

> 
> I have not incorporated the OBIE response ideas yet. If you guys are
> interested, please let me know so that I can send their comments
> privately.
> 



More information about the Openid-specs-fapi mailing list