[Openid-specs-fapi] Current draft from ISO TC68 SC9/WG2

Anders Rundgren anders.rundgren.net at gmail.com
Thu Jan 10 12:50:09 UTC 2019


On 2019-01-08 15:08, Dave Tonge via Openid-specs-fapi wrote:
> Hi WG,
> 
> There is work going on in ISO TC68 SC9 on a "Technical Specification for Web Service Based Application Programming Interfaces in Financial Services (WAPI)"
> 
> I've attached the latest draft and it would be good to get comments from this WG, specifically on Section 12 - Security & Authentication. You will see that the draft directly references and requires the use of FAPI and the conformance suite.

Hi Dave,
I skimmed the document and here are a couple of comments.

7.4.1  JSON
-----------

   "Another advantage that JSON has over XML is that its representation
    of objects and arrays allows for direct mapping onto the corresponding
    data structures in the host language, corresponding directly to the object
    of JavaScript, so code to parse and package it fits very naturally into
    JavaScript code, but XML needs to have an analytical process"

This is correct given a constraint; the data has to fit the I-JSON model:
https://tools.ietf.org/html/rfc7493
AFAIK there is currently not single IETF standard based on JSON data structures that (directly or indirectly) follows this model.  This may be worth mentioning.

12.5.1  Signing HTTP Requests & Responses
-----------------------------------------
FWIW, I have just finished the 5:th fully interoperable version [1] of https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02 which is designed to support signed JSON objects for REST, JS-APIs, WebSockets etc.

I did run into some problems with .NET due to a floating point parser bug but MSFT took my bug report serious and actually fixed it.

JWS/JWT?  Most certainly!  In-line?  This seems to be an open question given the UK and French Open Banking APIs.


thanx,
Anders
1]: Java8, Python3, Go1.11, Node 6, and .NET Core3

> 
> Thanks
> 
> -- 
> Dave Tonge
> CTO
> Moneyhub Enterprise <http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
> Moneyhub Financial Technology, 5th Floor, 10 Temple Back, Bristol, BS1 6FL
> t: +44 (0)117 280 5120
> 
> Moneyhub Enterprise is a trading style of Moneyhub Financial Technology Limited which is authorised and regulated by the Financial Conduct Authority ("FCA"). Moneyhub Financial Technology is entered on the Financial Services Register (FRN 809360) at fca.org.uk/register <http://fca.org.uk/register>. Moneyhub Financial Technology is registered in England & Wales, company registration number 06909772 .
> Moneyhub Financial Technology Limited 2018 ©
> 
> DISCLAIMER: This email (including any attachments) is subject to copyright, and the information in it is confidential. Use of this email or of any information in it other than by the addressee is unauthorised and unlawful. Whilst reasonable efforts are made to ensure that any attachments are virus-free, it is the recipient's sole responsibility to scan all attachments for viruses. All calls and emails to and from this company may be monitored and recorded for legitimate purposes relating to this company's business. Any opinions expressed in this email (or in any attachments) are those of the author and do not necessarily represent the opinions of Moneyhub Financial Technology Limited or of any other group company.
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> 



More information about the Openid-specs-fapi mailing list