[Openid-specs-fapi] CBOR versus HTTP Message Signature
Anders Rundgren
anders.rundgren.net at gmail.com
Mon Dec 19 13:53:55 UTC 2022
Dear List,
I hope you don't mind me elaborating a bit on an alternative to the current IETF/FAPI WG item.
A decode ago I converted from XML/XSD to JSON.
Now I have converted to CBOR for many reasons including support for a wider set of data items, and last but not least, deterministic serialization.
If you put all these things together you can obtain similar results as with HTTP Signatures, but in a package that may better match the rest of a typical system.
https://github.com/cyberphone/cbor-everywhere#signed-http-requests
Since the combination Wallet/Open Banking never did it to any (known) charter, I take the liberty deprecating JSON which is no big deal since this solution anyway is unrelated to existing Open Banking APIs. It builds on an enhanced EMV concept powered by FIDO.
Cheers,
Anders
More information about the Openid-specs-fapi
mailing list