[Openid-specs-fapi] Issue #135: Private client needs a strong identity for the user to verify real world entity (openid/fapi)
issues-reply at bitbucket.org
Fri Mar 2 22:53:20 UTC 2018
New issue 135: Private client needs a strong identity for the user to verify real world entity
i tried to create a pull for this, but the bitbucket tools are different from the ones i use for code and it doesn't seem to have worked.
here is what i proposed to add to 5.2.4
1. shall provide a strong identity to the user, for example with EV certs, that will enable the user to determine the real-world identity of the entity hosting the client;
It is really hard for me to understand how a openid connect public client would be sufficiently secure to allow payment initiation.
More information about the Openid-specs-fapi