[Openid-specs-fapi] Alive and kicking: draft-cavage-http-signatures
joseph at authlete.com
Wed Mar 13 17:31:33 UTC 2019
> On 13 Mar 2019, at 17:13, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
> BTW, where does the FAPI signature solution stand standards-wise?
> It is not obvious that the FAPI signature solution actually is RESTful; maybe I'm missing something here?
FAPI doesn’t have a request signature solution in the way being talked about in this thread; that section of the spec refers to an alternate way to pass the OpenID Connect request object to the authorisation server prior to redirecting the user to the authorisation endpoint.
I believe in this thread we’re all talking about sending signed requests / responses to/from the resource server, which FAPI does not currently say anything about.
More information about the Openid-specs-fapi