[Openid-specs-fapi] Title change of Part 1 and Part 2.

nat at sakimura.org nat at sakimura.org
Fri Feb 14 15:35:23 UTC 2020


I like Basic and Advanced.

Nat Sakimura
2020年1月29日 23:44 +0900、Dima Postnikov via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> のメール:
> What about one of these?
>
> - Basic / Foundational / Light / Starter
> - Advanced / Full / Enhanced / Complete
>
> If it’s too hard... may be Level 1 and Level 2 to allow for more draconian versions to be included later :)
>
> > On Fri, 25 Oct 2019 at 04:05, Daniel Fett via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> > > Am 24.10.19 um 18:50 schrieb Ralph Bragg via Openid-specs-fapi:
> > > > And it leaves room for “extreme” “draconian” and other profiles to be slotted around the “substantial” and “high”. Perhaps a key document will be required to offer clarity.
> > > >
> > > > “low”
> > > > “substantial”
> > > > “high”
> > > > “extreme”
> > > > “draconian”
> > > ...as well as "ridiculous" and "ludicrous". https://www.youtube.com/watch?v=ygE01sOhzz0
> > > Jokes aside, aligning with eIDAS terminology might also cause confusion, as people might think that "FAPI High" automatically gives some kind of compliance with eIDAS trust level "High" or is a prerequisite for that (which it might be, but that is a different story).
> > > -Daniel
> > >
> > > >
> > > > Or should it be draconian and then extreme… ☺
> > > >
> > > > From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Steinar Noem via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
> > > > Reply to: Financial API Working Group List <openid-specs-fapi at lists.openid.net>
> > > > Date: Thursday, 24 October 2019 at 17:45
> > > > To: Financial API Working Group List <openid-specs-fapi at lists.openid.net>
> > > > Cc: Steinar Noem <steinar at udelt.no>, Rob Otto <robotto at pingidentity.com>
> > > > Subject: Re: [Openid-specs-fapi] Title change of Part 1 and Part 2.
> > > >
> > > > I like it a lot.
> > > >
> > > > For me “High” and «Substantial» maps to the LoA from eIDAS. And an unprofiled use of OAuth perhaps would map to “Low”.
> > > >
> > > > tor. 24. okt. 2019 kl. 18:19 skrev Rob Otto via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>:
> > > > > Hi folks. I agree that we should definitely re-look these names!
> > > > >
> > > > > I must admit, to me it was not immediately clear how "substantial" and "high" related to one another since there is no natural ordering of these terms in English. Turns out that "high" should be interpreted as more secure than "substantial" but that wasn't clear to me on first reading. Is this just me, or do others find the same thing?
> > > > >
> > > > > Best regards
> > > > > Rob
> > > > >
> > > > >
> > > > > On Thu, 24 Oct 2019 at 16:34, Nat Sakimura via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> > > > > > Hi
> > > > > >
> > > > > > Back in the IIW, I discussed with Torsten about the potential title
> > > > > > change of Part 1 and Part 2. Currently, they are Read Only and
> > > > > > Read&Write respectively but there are cases where the read only data is
> > > > > > very sensitive while write operation is not of high value.
> > > > > >
> > > > > > Thus, we agreed that the current name may not be representing the real
> > > > > > intention: Medium and High security profile respectively.
> > > > > >
> > > > > > During the discussion, we came up with the name:
> > > > > >
> > > > > > - Substantial (for Part 1)
> > > > > > - High (for Part 2)
> > > > > >
> > > > > > It follows eIDAS marking.
> > > > > >
> > > > > > More details are recorded in the ticket #271.
> > > > > >
> > > > > > https://bitbucket.org/openid/fapi/issues/271/rename-and-adjust-fapi-profiles
> > > > > >
> > > > > > The participants in the Oct. 9 call all agreed to it.
> > > > > > This mail is to solicit wider opinions on it.
> > > > > >
> > > > > > Please let us know of your opinions.
> > > > > >
> > > > > > Best,
> > > > > >
> > > > > > Nat Sakimura
> > > > > > Chair, FAPI WG.
> > > > > > _______________________________________________
> > > > > > Openid-specs-fapi mailing list
> > > > > > Openid-specs-fapi at lists.openid.net
> > > > > > http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> > > > >
> > > > >
> > > > > --
> > > > > Rob Otto
> > > > > EMEA Field CTO/Solutions Architect
> > > > > robertotto at pingidentity.com
> > > > >
> > > > > c: +44 (0) 777 135 6092
> > > > > Connect with us:
> > > > >
> > > > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._______________________________________________
> > > > > Openid-specs-fapi mailing list
> > > > > Openid-specs-fapi at lists.openid.net
> > > > > http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> > > > --
> > > > Vennlig hilsen
> > > >
> > > > Steinar Noem
> > > > Partner Udelt AS
> > > > Systemutvikler
> > > >
> > > > | steinar at udelt.no | hei at udelt.no  | +47 955 21 620 | www.udelt.no |
> > > >
> > > > _______________________________________________
> > > > Openid-specs-fapi mailing list
> > > > Openid-specs-fapi at lists.openid.net
> > > > http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> > >
> > > _______________________________________________
> > > Openid-specs-fapi mailing list
> > > Openid-specs-fapi at lists.openid.net
> > > http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200215/3740da3d/attachment-0001.html>


More information about the Openid-specs-fapi mailing list