[Openid-specs-fapi] First draft Australian standard

Torsten Lodderstedt torsten at lodderstedt.net
Wed Dec 5 12:19:06 UTC 2018


Hi Ralph,

> Am 26.11.2018 um 10:05 schrieb Ralph Bragg via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
> 
> All,
> 
> It’s very closely aligned with RW.
> 
> There will be a v 0.0.2 out shortly addressing some of the items like, AT introspection to determine the scopes that were granted, that FAPI part one already addressed by making the requirement to return the scopes from the token endpoint mandatory on code exchange.

Are you assuming token introspection is used by the client to determine granted scopes? Otherwise, this mechanism does not server the same goal, determining whether an attacker changed the requested scope. 

best regards,
Torsten. 

> 
> The biggest area still up in the air is how complex scoped information are exchanged between RP, OP and RS. 
> 
> We, FAPI, should provide guidance and standardise the way the reference to a complex consent object is passed to avoid fragmentation.
> 
> RB
> 
> From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
> Sent: Monday, November 26, 2018 08:37
> To: Openid-specs-fapi
> Cc: Joseph Heenan
> Subject: [Openid-specs-fapi] First draft Australian standard
>  
> Hi all,
> 
> Here's the first draft of Australia's security profile:
> 
> https://consumerdatastandardsaustralia.github.io/infosec/#infosec-profile-0-0-1
> 
> TL;DR seems to be that it's essentially FAPI part2 + CIBA, along with making a few optional parts of OIDC/OAuth2 mandatory.
> 
> Joseph
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3892 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20181205/4350a482/attachment.p7s>


More information about the Openid-specs-fapi mailing list