[Openid-specs-fapi] Material to the "Signed HTTP Request" Tel-con

Anders Rundgren anders.rundgren.net at gmail.com
Wed Oct 16 15:39:40 UTC 2019


Hi Guys,

I have played a bit more with the JWS-only variant of the SHREQ scheme since the original didn't unleash the full power of JWS:
https://cyberphone.github.io/doc/research/fapi-signed-https-2019-10-16.pdf

If serializable requests is not a factor to consider, I do not see any reason for the market to abandon their pretty well working solutions, be it OBIE, AWS, or Cavage.

Ralph, this would be great moment for getting more insight in the ETSI proposal.

thanx,
Anders



More information about the Openid-specs-fapi mailing list