[Openid-specs-fapi] Issue #372: FAPI1 section 8.1: "RS" and "resource server" are used (openid/fapi)

Kosuke Koiwai issues-reply at bitbucket.org
Wed Feb 10 14:15:27 UTC 2021

New issue 372: FAPI1 section 8.1: "RS" and "resource server" are used

Kosuke Koiwai:

* \(Misuse of data\) An AS, **RS** or Client can potentially use the data not according to the purpose that was agreed.
* \(Unsolicited personal data from the Resource\) Some bad **resource server** implementations may return more data than was requested. If the data is personal data, then this would be a violation of privacy principles.
* \(Data leak from Resource\) Some **resource servers** store personal data. If a **resource server** is compromised, these data can leak or be modified.


More information about the Openid-specs-fapi mailing list