[Openid-specs-fapi] Issue #693: MTLS section readability (openid/fapi)
dgtonge
issues-reply at bitbucket.org
Wed May 8 14:58:11 UTC 2024
New issue 693: MTLS section readability
https://bitbucket.org/openid/fapi/issues/693/mtls-section-readability
Dave Tonge:
5\.2.2.2. MTLS ecosystems
MTLS ecosystems may implement MTLS to govern access to the ecosystem independently from MTLS being used for client authentication or token binding.
\[Rifaat\] I am not sure what this means. mTLS, as compared to TLS, is essentially for client authentication. So, what is meant by “govern access” beyond that?
\[Rifaat\] Is token binding an option?
MTLS ecosystems should provide the trust list of the certificate authorities to ease integration, security and interoperability concenrs.
\[Rifaat\] Typo: concenrs -> concerns
\[Rifaat\] Is not that the default case? What is unique about FAPI 2.0?
More information about the Openid-specs-fapi
mailing list