[Openid-specs-fapi] CBOR versus HTTP Message Signature
Nicholas Irving
nirving at darkedges.com
Mon Dec 19 20:45:34 UTC 2022
Would you also propose a schema registry, much like that used by Kafka that
uses Avro for object serialisation?
Is the Objectid also the same as version? Or is the URI used that?
Only asking as in ConnectID they are proposing a messaging format that
would benefit from something like this to help with auditing.
Regards
Nicholas Irving
On Tue, 20 Dec 2022, 12:54 am Anders Rundgren via Openid-specs-fapi, <
openid-specs-fapi at lists.openid.net> wrote:
> Dear List,
>
> I hope you don't mind me elaborating a bit on an alternative to the
> current IETF/FAPI WG item.
> A decode ago I converted from XML/XSD to JSON.
> Now I have converted to CBOR for many reasons including support for a
> wider set of data items, and last but not least, deterministic
> serialization.
>
> If you put all these things together you can obtain similar results as
> with HTTP Signatures, but in a package that may better match the rest of a
> typical system.
>
> https://github.com/cyberphone/cbor-everywhere#signed-http-requests
>
> Since the combination Wallet/Open Banking never did it to any (known)
> charter, I take the liberty deprecating JSON which is no big deal since
> this solution anyway is unrelated to existing Open Banking APIs. It builds
> on an enhanced EMV concept powered by FIDO.
>
> Cheers,
> Anders
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20221220/c8351583/attachment.html>
More information about the Openid-specs-fapi
mailing list