[Openid-specs-fapi] First draft Australian standard
ralph.bragg at raidiam.com
Mon Nov 26 09:05:35 UTC 2018
It’s very closely aligned with RW.
There will be a v 0.0.2 out shortly addressing some of the items like, AT introspection to determine the scopes that were granted, that FAPI part one already addressed by making the requirement to return the scopes from the token endpoint mandatory on code exchange.
The biggest area still up in the air is how complex scoped information are exchanged between RP, OP and RS.
We, FAPI, should provide guidance and standardise the way the reference to a complex consent object is passed to avoid fragmentation.
From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Joseph Heenan via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Monday, November 26, 2018 08:37
Cc: Joseph Heenan
Subject: [Openid-specs-fapi] First draft Australian standard
Here's the first draft of Australia's security profile:
TL;DR seems to be that it's essentially FAPI part2 + CIBA, along with making a few optional parts of OIDC/OAuth2 mandatory.
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi