[Openid-specs-fapi] Issue #141: Remove x-fapi-financial-id (openid/fapi)
Freddi Gyara
Freddi.Gyara at openbanking.org.uk
Fri May 11 09:10:31 UTC 2018
+1.
I see no functional use of that header and it has caused angst with ASPSPs and TPPs.
In fact in the OB space, where an ASPSP could have multiple brands, ALL the resource servers will operate under a single financial id - even if the auth servers are different!
(Opinions mine, may not reflect OB viewpoint)
________________________________________
From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Dave Tonge via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: 10 May 2018 14:55
To: openid-specs-fapi at lists.openid.net
Cc: Dave Tonge
Subject: [Openid-specs-fapi] Issue #141: Remove x-fapi-financial-id (openid/fapi)
New issue 141: Remove x-fapi-financial-id
https://bitbucket.org/openid/fapi/issues/141/remove-x-fapi-financial-id
Dave Tonge:
I propose that we remove this field for the following reasons:
* It is only required when multiple financial institutions are using the same endpoint. This should not be a recommended practice and even if it is implemented, there are better ways of handling this
* most of the time it is just duplication that doesn't add any security benefits and often causes implementation problems. For example in the UK OpenBanking case financial id is different from the "issuer" value in most places - this just increases config requirements and chances for things to go wrong
* It is one of the only places that ties the spec to a financial use case, whereas we want the spec to be used more widely.
_______________________________________________
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-fapi
Please consider the environment before printing this email.
This email is from Open Banking Limited, Company Number 10440081. Our registered and postal address is 2 Thomas More Square, London, E1W 1YN. Any views or opinions are solely those of the author and do not necessarily represent those of Open Banking Limited.
This email and any attachments are confidential and are intended for the above named only. They may also be legally privileged or covered by other legal rights and rules. Unauthorised dissemination or copying of this email and any attachments, and any use or disclosure of them, is strictly prohibited and may be illegal. If you have received them in error, please delete them and all copies from your system and notify the sender immediately by return email.
More information about the Openid-specs-fapi
mailing list