FAPI 2.0 Purpose and FAPI WG Scope
Issue #425
open
There was some discussion on the call today about the purpose of FAPI 2.0 and how it fits with the WG Charter.
The current charter - https://openid.net/wg/fapi/charter/ is a little outdated, but is fairly broad in its remit. I don’t personally think that the charter prevents us from producing specifications based on OIDC / OAuth 2 that aid interoperability and security.
The purpose for FAPI 2.0 as expressed in our FAQ is:
- complete interoperability at the interface between client and authorization server as well as interoperable security mechanisms at the interface between client and resource server.
- easier to use than FAPI 1.0
- alignment with OAuth Security BCP
- clear attacker model
It would be good to get any feedback on this.
Comments (9)
-
-
reporter
- changed component to Others
-
reporter
The OIDF is working on a new website, it would be great to get the charter updated as its very out of date
-
reporter
we discussed on the call today - it should be possible to update the charter as its mainly a contraction. We should work on an updated charter in this issue
-
reporter
-
assigned issue to
Dave Tonge
To update the text in this issue - and also the intro text on the website
-
assigned issue to
-
- changed status to open
Charter revision and web site change to be done.
-
-
reporter
Suggested updated charter:
The FAPI working group provides
JSON data schemas,security and privacy recommendations and protocols to enable applications to provide and use secure APIs.utilize the data stored in a financial account, to enable applications to interact with a financial account, and enable users to control the security and privacy settings. -
Nat to check with Tom about the process.
- Log in to comment
With the references to read-only/read-write, JSON schemas, etc., the charter text indeed feels a little outdated. Nonetheless, I think that FAPI 2.0 is covered under “security profiles for OpenID Connect and OAuth”.
Can we update the charter text?