[Openid-specs-fapi] Proposal to remove x-fapi-financial-id
Dave Tonge
dave.tonge at momentumft.co.uk
Fri May 25 14:32:18 UTC 2018
Hello all
I'm reposting this from the issue tracker as it would be good to get any
opinions on this as soon as possible:
I propose that we remove `x-fapi-financial-id` for the following reasons:
- It is only required when multiple financial institutions are using the
same endpoint. This should not be a recommended practice and even if it is
implemented, there are better ways of handling this
- most of the time it is just duplication that doesn't add any security
benefits and often causes implementation problems. For example in the UK
OpenBanking case financial id is different from the "issuer" value in most
places - this just increases config requirements and chances for things to
go wrong
- It is one of the only places that ties the spec to a financial use
case, whereas we want the spec to be used more widely.
https://bitbucket.org/openid/fapi/issues/141/remove-x-fapi-financial-id
Any comments would be very welcome.
Thanks
--
Dave Tonge
CTO
[image: Moneyhub Enterprise]
<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
Moneyhub Financial Technology, 2nd Floor, Whitefriars Business Centre,
Lewins Mead, Bristol, BS1 2NT
t: +44 (0)117 280 5120
Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Moneyhub Financial Technology is entered on the
Financial Services Register (FRN 561538) at fca.org.uk/register.
Moneyhub Financial
Technology is registered in England & Wales, company registration number
06909772 © . Moneyhub Financial Technology Limited 2018. DISCLAIMER: This
email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20180525/4e91aabe/attachment.html>
More information about the Openid-specs-fapi
mailing list