[Openid-specs-fapi] Issue #372: FAPI1 section 8.1: "RS" and "resource server" are used (openid/fapi)

Kosuke Koiwai issues-reply at bitbucket.org
Wed Feb 10 14:15:27 UTC 2021


New issue 372: FAPI1 section 8.1: "RS" and "resource server" are used
https://bitbucket.org/openid/fapi/issues/372/fapi1-section-81-rs-and-resource-server

Kosuke Koiwai:

* \(Misuse of data\) An AS, **RS** or Client can potentially use the data not according to the purpose that was agreed.
* \(Unsolicited personal data from the Resource\) Some bad **resource server** implementations may return more data than was requested. If the data is personal data, then this would be a violation of privacy principles.
* \(Data leak from Resource\) Some **resource servers** store personal data. If a **resource server** is compromised, these data can leak or be modified.

‌




More information about the Openid-specs-fapi mailing list