[Openid-specs-fapi] FAPI 2 and Naming
Dave Tonge
dave.tonge at momentumft.co.uk
Wed May 18 15:31:08 UTC 2022
Dear FAPI WG
We had a productive discussion on the Atlantic call today with relation to
these issues:
https://bitbucket.org/openid/fapi/issues/479/change-to-the-naming-of-fapi
https://bitbucket.org/openid/fapi/issues/499/re-structure-fapi2-baseline
The consensus on the call was as follows:
1. We don't change the name of FAPI to "Fortified" or "Functional" API
2. We transition to drop "Financial-Grade" in most places, and simply refer
to the WG and Specs as FAPI (i.e. use the acronym as a word in its own
right)
3. We adjust the text on the FAPI website (and in spec intros) to make it
clear that there are many use-cases for FAPI specs across a variety of
verticals (e.g. health, telco and finance)
The reasoning for the above is that a name change would cause more problems
than it solves, ie. it would potentially bring more confusion. We are stuck
with the acronym, so let's focus on just using that.
We also discussed changing the names of the following FAPI 2.0 specs
FAPI 2.0 Baseline Profile -> FAPI 2.0 Security Profile
FAPI 2.0 Advanced -> FAPI 2.0 Message Signing
The reason for this is that the advanced profile doesn't bring additional
security to an API, it rather brings the ability for messages to be signed
for non-repudiation. The current "baseline" profile protects against the
defined FAPI 2.0 attacker model and therefore shouldn't be downplayed by
being namd "baseline", it can simply be the "FAPI 2.0 Security Profile".
We are keen to get the next implementers drafts out for the above 2 specs
soon.
If there are any objections to the above then please can you email the list
or leave a comment in the above referenced issues.
Thanks
Dave
--
Dave Tonge
FAPI WG Co-Chair
--
Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Moneyhub Financial Technology is entered on the
Financial Services Register (FRN 809360) at https://register.fca.org.uk/
<https://register.fca.org.uk/>. Moneyhub Financial Technology is registered
in England & Wales, company registration number 06909772. Moneyhub
Financial Technology Limited 2022 © Moneyhub Enterprise,
DISCLAIMER: This
email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Moneyhub Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20220518/da38006e/attachment.html>
More information about the Openid-specs-fapi
mailing list