<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi all,</p>
    <p>I prepared a first (rough) draft of the FAPI 2 Advanced profile
      and would welcome your feedback: <a
href="https://bitbucket.org/openid/fapi/src/c28fc020e7ab9377d96501f2b4daa9a9da8f2128/FAPI_2_0_Advanced_Profile.md?at=danielfett%2Ffapi2%2Fadvanced">https://bitbucket.org/openid/fapi/src/c28fc020e7ab9377d96501f2b4daa9a9da8f2128/FAPI_2_0_Advanced_Profile.md?at=danielfett%2Ffapi2%2Fadvanced</a></p>
    <p>One open question is whether we can give recommendations
      regarding resource request and response signing. We currently have
      <a
href="https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md">https://bitbucket.org/openid/fapi/src/master/Financial_API_HTTP_Signing.md</a>
      which lists "typical requirements" but does not give concrete
      advice.</p>
    <p>eTSI is developding JAdES and there is some work ongoing in the
      IETF HTTP group as well.</p>
    <p>What are other options that we should take a look at?</p>
    <p>-Daniel<br>
    </p>
  </body>
</html>