[Openid-specs-fapi] Berling group consultation response table
Anders Rundgren
anders.rundgren.net at gmail.com
Mon Nov 13 09:09:10 UTC 2017
On 2017-11-12 20:49, Nat Sakimura via Openid-specs-fapi wrote:
> Dear FAPIers:
>
> I have started to paste the comments that I got by now into the
> following google doc.
Hi Nat,
May I take the liberty commenting a bit on this?
> https://docs.google.com/document/d/1fh09jiJGITuefXkB1Zq3oCrhHNvP5BWXDrpKPJK_iRE/edit?usp=sharing
"4.2 [signHTTP] is not a standard nor it is on the way to become standard.
It has not and is not going under the rigor of the standardization process"
FWIW, the STET PSD2 API (https://www.stet.eu/en/news/news1/stet-psd2-api-is-now-available.html) also builds on [signHTTP].
AFAICT there is little else you can do if you want to be fully faithful to the REST philosophy since a request is qualified by Payload + Headers + Verb.
Due to the problems combining signatures and REST requests ("non-standard" as you say), as well as to REST's limited usability for interactive (bi-directional) Wallet communication, I "invented" a scheme called YASMIN:
https://cyberphone.github.io/doc/web/yasmin.html
Anders
>
> I have not incorporated the OBIE response ideas yet. If you guys are
> interested, please let me know so that I can send their comments
> privately.
>
More information about the Openid-specs-fapi
mailing list