CIBA - Add reference to the relevant clauses in FAPI RW
Issue #206
closed
There are a few specific clauses in FAPI RW that I think its worth referencing from CIBA, for example:
- sender constrained tokens
- client auth methods
We should have some text that simply references the appropriate section, perhaps (thanks Joseph) something like:
This spec inherits the requirements in FAPI-RW to use tokens that are sender constrained...
Comments (4)
-
-
reporter At the moment we are planning to disallow pushing tokens to the RP - so that should keep things simpler
-
reporter I think the updated text in the spec that explicitly refers to 5.2.2 in FAPI1 and FAPI2 is sufficient and I propose we close this issue
-
- changed status to closed
- Log in to comment
I agree that this is a good idea however the language would need to be clear around what would be required for push based token issuance. It's a language thing i suppose, if a token was 'pushed' to the RP then it would need to be receiver constrained on the initial transmission.
Perhaps: This spec inherits the requirements in FAPI-RW for OPs to issue and accept tokens that will constrained to the relying party