[Openid-specs-fapi] Issue #468: Normative references to drafts in FAPI 1.0 Advanced (openid/fapi)
Brian Campbell
issues-reply at bitbucket.org
Wed Jan 26 13:58:45 UTC 2022
New issue 468: Normative references to drafts in FAPI 1.0 Advanced
https://bitbucket.org/openid/fapi/issues/468/normative-references-to-drafts-in-fapi-10
Brian Campbell:
FAPI 1.0 Advanced Final has normative references to draft specifications that are not themselves final. Which is really kind of improper form for standards and creates risk/uncertainty/etc. for would-be implementers.
PAR and JAR link to their respective datatracker htmlized versions \([https://tools.ietf.org/html/draft-ietf-oauth-par](https://tools.ietf.org/html/draft-ietf-oauth-par) & [https://tools.ietf.org/html/draft-ietf-oauth-jwsreq](https://tools.ietf.org/html/draft-ietf-oauth-jwsreq)\) which do show some indication \(if you know what you’re looking at\) of their RFC status that came after FAPI 1.0 final was published. And I don’t think there were any significant or breaking changes in the meantime. They should maybe be updated in a future errata to point to the actual RFCs?
JARM links to the head revision of a markdown file in the Bitbucket git repo [https://bitbucket.org/openid/fapi/src/master/Financial\_API\_JWT\_Secured\_Authorization\_Response\_Mode.md](https://bitbucket.org/openid/fapi/src/master/Financial_API_JWT_Secured_Authorization_Response_Mode.md) which seems rather problematic to me. And I’m honestly not sure what can be done to improve it. But I think maybe an effort to get JARM finalized is needed?
More information about the Openid-specs-fapi
mailing list