openid / fapi / issues / #206 - CIBA - Add reference to the relevant clauses in FAPI RW — Bitbucket

Issue #206 closed

Dave Tonge created an issue 2019-01-04

There are a few specific clauses in FAPI RW that I think its worth referencing from CIBA, for example:

sender constrained tokens
client auth methods

We should have some text that simply references the appropriate section, perhaps (thanks Joseph) something like:

This spec inherits the requirements in FAPI-RW to use tokens that are sender constrained...

Comments (4)

Ralph Bragg
I agree that this is a good idea however the language would need to be clear around what would be required for push based token issuance. It's a language thing i suppose, if a token was 'pushed' to the RP then it would need to be receiver constrained on the initial transmission.

Perhaps: This spec inherits the requirements in FAPI-RW for OPs to issue and accept tokens that will constrained to the relying party
- 2019-01-04T10:05:17+00:00
Dave Tonge reporter
At the moment we are planning to disallow pushing tokens to the RP - so that should keep things simpler
- 2019-01-04T11:25:18+00:00
Dave Tonge reporter
I think the updated text in the spec that explicitly refers to 5.2.2 in FAPI1 and FAPI2 is sufficient and I propose we close this issue
- 2019-01-16T13:39:13+00:00
Nat Sakimura
- changed status to closed
- 2019-01-16T14:28:17+00:00
Log in to comment

Assignee: Dave Tonge

Type: bug

Priority: major

Status: closed

Component: CIBA

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!