FAPI 2.0 Purpose and FAPI WG Scope
There was some discussion on the call today about the purpose of FAPI 2.0 and how it fits with the WG Charter.
The current charter - https://openid.net/wg/fapi/charter/ is a little outdated, but is fairly broad in its remit. I don’t personally think that the charter prevents us from producing specifications based on OIDC / OAuth 2 that aid interoperability and security.
The purpose for FAPI 2.0 as expressed in our FAQ is:
- complete interoperability at the interface between client and authorization server as well as interoperable security mechanisms at the interface between client and resource server.
- easier to use than FAPI 1.0
- alignment with OAuth Security BCP
- clear attacker model
It would be good to get any feedback on this.
Comments (9)
-
-
reporter - changed component to Others
-
reporter The OIDF is working on a new website, it would be great to get the charter updated as its very out of date
-
reporter we discussed on the call today - it should be possible to update the charter as its mainly a contraction. We should work on an updated charter in this issue
-
reporter -
assigned issue to
To update the text in this issue - and also the intro text on the website
-
assigned issue to
-
- changed status to open
Charter revision and web site change to be done.
-
-
reporter Suggested updated charter:
The FAPI working group provides
JSON data schemas,security and privacy recommendations and protocols to enable applications to provide and use secure APIs.utilize the data stored in a financial account, to enable applications to interact with a financial account, and enable users to control the security and privacy settings. -
Nat to check with Tom about the process.
- Log in to comment
With the references to read-only/read-write, JSON schemas, etc., the charter text indeed feels a little outdated. Nonetheless, I think that FAPI 2.0 is covered under “security profiles for OpenID Connect and OAuth”.
Can we update the charter text?