[Openid-specs-fapi] Next step(s) for FAPI?

Anders Rundgren anders.rundgren.net at gmail.com
Sun Sep 29 06:20:33 UTC 2019


Dear FAPIers,

Apparently the (in)famous https://datatracker.ietf.org/doc/draft-cavage-http-signatures/ scheme has more or less become a de-facto standard.

Convincing the Berlin Group to change their NextGenPSD2 API will probably not happen since no standardized alternative is available and OBIE's current signature solution isn't REST compliant.

Anyway, there are other things FAPI could do to gather more interest.  It may be worthwhile collecting such and then decide where to go.

Here are a few known (and published) candidates:
1. An HTTP signature scheme that supports JSON serialization and embedding.
2. A scheme for enriching authorization requests.
3. A scheme for using FAPI locally in banks.

I'm currently plotting with #3 because it should be 100% backward compatible, while still being potentially quite useful. "Low hanging fruit" :)  Note though that OAuth2 is not really my area of expertize so it would be great if this was a FAPI project!

WDYT?

Anders

https://github.com/cyberphone/swedbank-psd2-saturn




More information about the Openid-specs-fapi mailing list