[Openid-specs-fapi] Issue #135: Private client needs a strong identity for the user to verify real world entity (openid/fapi)

tomcjones issues-reply at bitbucket.org
Fri Mar 2 22:53:20 UTC 2018


New issue 135: Private client needs a strong identity for the user to verify real world entity
https://bitbucket.org/openid/fapi/issues/135/private-client-needs-a-strong-identity-for

tomcjones:

i tried to create a pull for this, but the bitbucket tools are different from the ones i use for code and it doesn't seem to have worked.

here is what i proposed to add to 5.2.4

1. shall provide a strong identity to the user, for example with EV certs, that will enable the user to determine the real-world identity of the entity hosting the client;

It is really hard for me to understand how a openid connect public client would be sufficiently secure to allow payment initiation.




More information about the Openid-specs-fapi mailing list