[Openid-specs-fapi] Issue #309: Decision on message signing for FAPI 2 Advanced (openid/fapi)
issues-reply at bitbucket.org
Wed Aug 26 14:41:23 UTC 2020
New issue 309: Decision on message signing for FAPI 2 Advanced
The attacker model for FAPI 2 necessitates message signing for messages from and to the RS. We need to make a reasonable recommendation here.
An option could be to just prescribe some signing mechanism, but leave the details open to the implementer. This would partially undermine the goal of creating an on-the-wire interoperable standard, however.
More information about the Openid-specs-fapi