Numbering: FAPI Part 2 Section 5.2

Issue #354 resolved
Takahiko Kawasaki created an issue

The change of section numbering made between ID2 and Final has made it difficult to compare the differences.

ID2 (https://openid.net/specs/openid-financial-api-part-2-ID2.html)

  • Section 5.2.3. Public client
  • Section 5.2.4. Confidential client
  • Section 5.2.5. JWT Secured Authorization Response Mode

Proposed Final (https://openid.net/specs/openid-financial-api-part-2-wd-07.html)

  • Section 5.2.3. ID Token as detached signature
  • Section 5.2.4. JARM
  • Section 5.2.5. Confidential client
  • Section 5.2.6. ID Token as detached signature
  • Section 5.2.7. JARM
  • Section 5.2.8. (withdrawn)
  • Section 5.2.9. (withdrawn)

One way to mitigate this problem would be to number the sections like below.

  • Section 5.2.3. (withdrawn; merged into 5.2.4)
  • Section 5.2.4. Confidential client
  • Section 5.2.5. (withdrawn) or use the content of ID2’s Section 5.2.5 // The proposed final does not have the content which corresponds to ID2’s Section 5.2.5, but is it necessary to drop the content?
  • Section 5.2.6. ID Token as detached signature
  • Section 5.2.7. JARM
  • Section 5.2.8. ID Token as detached signature // if it’s necessary to create an independent section separately for requirements regarding “ID Token as detached signature” for “client” (not authorization server). Can’t they be merged into one section?
  • Section 5.2.9. JARM // if it’s necessary to create an independent section separately for requirements regarding “JARM” for “client” (not authorization server). Can’t they be merged into one section?

However, considering the schedule for voting (https://openid.net/2020/11/30/notice-of-vote-for-proposed-final-fapi-1-0-part-1-and-part-2-specifications/), it may be too late to point out the problem now. If the schedule has higher priority, I have no mind to stick to this issue. I just wanted to report the problem which implementers like me would face in future.

Comments (4)

  1. Takahiko Kawasaki reporter

    I guess that "Section 5.2.3. ID Token as detached signature" in the proposed final draft should be "Section 5.2.2.1" because "Section 5.2.2. Authorization Server" contains "(moved to 5.2.2.1)" but "Section 5.2.2.1" does not exist.

    "Section 5.2.5. Confidential client" in the proposed final draft contains "(moved to 5.2.3.1)" but "Section 5.2.3.1" does not exist.

    It seems that the section numbers given to "Section 5.2.3. ID Token as detached signature" and "Section 5.2.6. ID Token as detached signature" are wrong. Should they be "Section 5.2.*.1"? The mismatch of the section number for "Confidential client" (5.2.4 in ID2 vs 5.2.5 in Final) comes from here.

  2. Log in to comment