Guidance required for decoupled

Issue #143 closed

Dave Tonge created an issue 2018-05-10

There is a strong requirement in the EU to support decoupled flows.

We have a draft CIBA profile, but we’ve also discussed the fact that in browser based scenarios an “invisible iframe” could be used for a decoupled flow. It would be good to document this and decide if we are happy to continue with the CIBA draft.

Comments (8)

Tom Jones
I have begun a conversation with T-Mobile in the US on a way to strongly ID the phone. The guy doing this is not happy with CIBA and has expressed plans to offer an alternate to MODRNA. I will be discussing this more in the US context over the next weeks. This is related to my pull request to add strong IDs to EVERY digital entity in any FAPI interchange.
- 2018-05-10T16:15:22+00:00
Tom Morton
I guess it's worth defining de-coupled; I think what is meant in this context is "not redirected" as opposed to the authorisation step can be fully de-coupled (e.g. from web to phone to web etc.)
- 2018-05-11T12:28:20+00:00
Dave Tonge reporter
Yep decoupled means that the user agent isn't redirected so that on the primary device (consumption device) the user stays within the client application.
- 2018-05-11T14:16:06+00:00
Nat Sakimura
- changed status to open
Any updates? What is the target date? Can we just defer to CIBA Profile doc?
- 2018-08-15T03:37:02+00:00
Nat Sakimura
- changed status to closed
It will be a different draft. Some info on FAPI page will help.
- 2018-08-15T14:27:34+00:00
Nat Sakimura
- changed component to Part 2: Advanced
- 2022-12-14T15:36:09+00:00
Nat Sakimura
- changed component to FAPI 1 – Part 2: Advanced
- 2022-12-14T15:36:43+00:00
Nat Sakimura
- changed component to FAPI 1: Advanced
- 2022-12-14T15:38:53+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: closed

Component: FAPI 1: Advanced

Milestone: –

Votes: 0

Watchers: 1