[Openid-specs-fapi] Issue #625: Changes to introduction of http signing section (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Wed Sep 6 14:26:18 UTC 2023
New issue 625: Changes to introduction of http signing section
https://bitbucket.org/openid/fapi/issues/625/changes-to-introduction-of-http-signing
Joseph Heenan:
[https://openid.bitbucket.io/fapi/fapi-2\_0-message-signing.html#name-http-message-signing](https://openid.bitbucket.io/fapi/fapi-2_0-message-signing.html#name-http-message-signing)
currently says:
> To support non-repudiation for NR5 and NR6, HTTP requests and responses can be signed.
>
> A future version of this profile expects to support HTTP Message Signing using the _HTTP Message Signatures_specification being developed by the IETF HTTP Working Group.
I think the second paragraph should have been removed.
I suggest to change the first sentence to:
> To support non-repudiation for NR5 and NR6, HTTP requests, or responses, or both can be signed.
to make it clearer that it is possible to only have one of them signed.
More information about the Openid-specs-fapi
mailing list