Remove x-fapi-financial-id
Issue #141
closed
I propose that we remove this field for the following reasons:
- It is only required when multiple financial institutions are using the same endpoint. This should not be a recommended practice and even if it is implemented, there are better ways of handling this
- most of the time it is just duplication that doesn't add any security benefits and often causes implementation problems. For example in the UK OpenBanking case financial id is different from the "issuer" value in most places - this just increases config requirements and chances for things to go wrong
- It is one of the only places that ties the spec to a financial use case, whereas we want the spec to be used more widely.
Comments (9)
-
-
agree
-
- changed status to open
-
-
assigned issue to
Joseph Heenan
-
assigned issue to
-
I've opened a pull request for this:
https://bitbucket.org/openid/fapi/pull-requests/60/remove-x-fapi-financial-id/diff
Avoiding changing the numbering has meant we now have a rather clumsy worded line; any suggestions for better wording would be welcome.
-
- changed status to closed
Remove x-fapi-financial-id
This header does not appear to have a useful function, and removing it makes the specification less specific to financial use cases.
closes
#141→ <<cset ae9f95809ad4>>
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
The previous discussion about this is here for reference: https://bitbucket.org/openid/fapi/issues/49/x-fapi-financialid
I'm inclined to agree with Dave. I don't see what security or technical benefits it provides.
I thought it was always different - the financial id is the org id on the directory (eg. "bghrOqZUMgBTV07eFcydf") where as the issuer is something like https://api.nationwide.co.uk/open-banking/v1.1