CIBA - Add reference to the relevant clauses in FAPI RW

Issue #206 closed
Dave Tonge created an issue

There are a few specific clauses in FAPI RW that I think its worth referencing from CIBA, for example:

  • sender constrained tokens
  • client auth methods

We should have some text that simply references the appropriate section, perhaps (thanks Joseph) something like:

This spec inherits the requirements in FAPI-RW to use tokens that are sender constrained...

Comments (4)

  1. Ralph Bragg

    I agree that this is a good idea however the language would need to be clear around what would be required for push based token issuance. It's a language thing i suppose, if a token was 'pushed' to the RP then it would need to be receiver constrained on the initial transmission.

    Perhaps: This spec inherits the requirements in FAPI-RW for OPs to issue and accept tokens that will constrained to the relying party

  2. Dave Tonge reporter

    At the moment we are planning to disallow pushing tokens to the RP - so that should keep things simpler

  3. Dave Tonge reporter

    I think the updated text in the spec that explicitly refers to 5.2.2 in FAPI1 and FAPI2 is sufficient and I propose we close this issue

  4. Log in to comment