[Openid-specs-fapi] Issue #481: ecosystems diverging from FAPI2-Baseline spec (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Tue Mar 8 16:20:59 UTC 2022
New issue 481: ecosystems diverging from FAPI2-Baseline spec
https://bitbucket.org/openid/fapi/issues/481/ecosystems-diverging-from-fapi2-baseline
Joseph Heenan:
I think it’s worth having a discussion about how ecosystems are diverging from FAPI2-Baseline, and if there’s anything we can do to prevent it becoming messy for interoperability.
So far I believe we have:
1. at least one ecosystem \(CDR\) requiring the use of JARM when using FAPI2-Baseline
2. at least one ecosystem \(currently not public\) requiring the use of signed request objects with FAPI2-Baseline
This also creates extra tensions about certification, effectively having quite a few variations of FAPI2 that people can certify to \(unless we take a hardline that these ecosystems essentially aren’t FAPI2-Baseline compatible and refuse to certify them\).
I think it’s not clear if these ecosystems would instead adopt FAPI2-Advanced if it was further along.
More information about the Openid-specs-fapi
mailing list