[Openid-specs-fapi] Issue #141: Remove x-fapi-financial-id (openid/fapi)
Dave Tonge
issues-reply at bitbucket.org
Thu May 10 13:55:05 UTC 2018
New issue 141: Remove x-fapi-financial-id
https://bitbucket.org/openid/fapi/issues/141/remove-x-fapi-financial-id
Dave Tonge:
I propose that we remove this field for the following reasons:
* It is only required when multiple financial institutions are using the same endpoint. This should not be a recommended practice and even if it is implemented, there are better ways of handling this
* most of the time it is just duplication that doesn't add any security benefits and often causes implementation problems. For example in the UK OpenBanking case financial id is different from the "issuer" value in most places - this just increases config requirements and chances for things to go wrong
* It is one of the only places that ties the spec to a financial use case, whereas we want the spec to be used more widely.
More information about the Openid-specs-fapi
mailing list