[Openid-specs-fapi] Issue #602: "Client" is misleading in the context of signed introspection responses (openid/fapi)
SECtim
issues-reply at bitbucket.org
Thu Jun 1 08:37:30 UTC 2023
New issue 602: "Client" is misleading in the context of signed introspection responses
https://bitbucket.org/openid/fapi/issues/602/client-is-misleading-in-the-context-of
Tim Würtele:
FAPI 2.0 MS currently talks about “clients” in the “Signing Introspection Responses” section.
I think this is somewhat misleading, because it really refers to resource servers. Since the JWT Response for OAuth Token Introspection draft also talks about handling RSs as clients, I am not sure whether this is maybe intended. If so, I think it would be worth adding a note explaining why the RS is being referred to as “Client” in that context.
More information about the Openid-specs-fapi
mailing list