[Openid-specs-fapi] FW: OBE JWS Profile - Version 0.10b for Approval
Anders Rundgren
anders.rundgren.net at gmail.com
Fri Sep 18 08:58:27 UTC 2020
Dave Tonge wrote:
>
> I think we need to consider moving away from recommending headers for business critical metadata. Really things like ip address, geo-location and other fraud factors should be put in the body of the request.
+100
> Then we can recommend that the simplest and least error prone way of signing can be to turn the request body into a JWT.
It also opens the door to serializeable requests.
Anders
More information about the Openid-specs-fapi
mailing list