FAPI 2.0 Purpose and FAPI WG Scope
Issue #425
new
There was some discussion on the call today about the purpose of FAPI 2.0 and how it fits with the WG Charter.
The current charter - https://openid.net/wg/fapi/charter/ is a little outdated, but is fairly broad in its remit. I don’t personally think that the charter prevents us from producing specifications based on OIDC / OAuth 2 that aid interoperability and security.
The purpose for FAPI 2.0 as expressed in our FAQ is:
- complete interoperability at the interface between client and authorization server as well as interoperable security mechanisms at the interface between client and resource server.
- easier to use than FAPI 1.0
- alignment with OAuth Security BCP
- clear attacker model
It would be good to get any feedback on this.
Comments (4)
-
-
reporter - changed component to Others
-
reporter The OIDF is working on a new website, it would be great to get the charter updated as its very out of date
-
reporter we discussed on the call today - it should be possible to update the charter as its mainly a contraction. We should work on an updated charter in this issue
- Log in to comment
With the references to read-only/read-write, JSON schemas, etc., the charter text indeed feels a little outdated. Nonetheless, I think that FAPI 2.0 is covered under “security profiles for OpenID Connect and OAuth”.
Can we update the charter text?