[Openid-specs-fapi] FW: OBE JWS Profile - Version 0.10b for Approval
anders.rundgren.net at gmail.com
Fri Sep 18 08:58:27 UTC 2020
Dave Tonge wrote:
> I think we need to consider moving away from recommending headers for business critical metadata. Really things like ip address, geo-location and other fraud factors should be put in the body of the request.
> Then we can recommend that the simplest and least error prone way of signing can be to turn the request body into a JWT.
It also opens the door to serializeable requests.
More information about the Openid-specs-fapi