- changed status to open
Change to the naming of FAPI
Issue #479
resolved
There has previously been a discussion here and here around the naming of FAPI. Originally standing for Financial APIs, it was renamed to Financial-grade APIs, to reflect the fact that its security profiles are suitable for APIs in other verticals beyond finance services. Whilst this indicates the security of the profile for financial services, it has created confusion in other industries that are considering the adoption of FAPI as the baseline security profile (e.g. utility sectors such as energy and telecommunications). Beyond this there are emerging global health care and government use cases where continuing usage of “financial-grade” may continue to cause contention.
With the FAPI 2.0 profile specification developing there seems an opportunity for broader alignment to a whole-of-economy name change that indicates its utility and suitability to all secure open data use cases.
Given the prevalence of use of the FAPI acronym, any change away from the “financial-grade” terminology would need to retain the acronym. This ticket seeks input on the merits of a name change at this stage in the profile’s evolution and future uptake to industries beyond financial services.
This ticket is seeking candidates and offers “Fortified APIs” as a potential option.
“Fortified” by definition seems suitably broad and applicable:
(1) made stronger or more secure
(2) improved or enhanced
(3) to make something stronger, especially in order to protect it
Comments (8)
-
-
It may have been from one of the calls or was communicated personally to me, but I got the following push backs:
- Fianancial-grade gives the read the sense of how secure, while Fortified does not.
- Change the name further will cause more confusion
-
I had a side conversation at EIC with two separate very large vendors both of who told me (unprompted) that the ‘Financial-grade’ term still seems to be getting them internal pushback that means conversations about implementing FAPI are being pushed into a ‘banking’ silo within the vendor, rather than considered as a more wider thing that would benefit more widely.
-
As sent via email:
The consensus on the call last week was as follows:
-
We don't change the name of FAPI to "Fortified" or "Functional" API
-
We transition to drop "Financial-Grade" in most places, and simply refer to the WG and Specs as FAPI (i.e. use the acronym as a word in its own right)
-
We adjust the text on the FAPI website (and in spec intros) to make it clear that there are many use-cases for FAPI specs across a variety of verticals (e.g. health, telco and finance)
The reasoning for the above is that a name change would cause more problems than it solves, ie. it would potentially bring more confusion. We are stuck with the acronym, so let's focus on just using that.
-
-
https://openid.net/wg/fapi/ and https://fapi.openid.net contain many references to ‘Financial-grade’ still. most of which should I think be replaced with just ‘FAPI’.
-
The FAPI WG pages have been updated to reflect the name change Financial-grade API >>> FAPI. I noted in several locations “FAPI was previously known as the Financial-grade API but there was consensus within the working group to update the name to just FAPI to reflect that the specification is appropriate for many high-value use-cases requiring a more secure model beyond just financial services.” Please let me know if there are any additional edits. As noted on a recent FAPI WG call, the FAPI microsite (fapi.openid.net) was planned to be sunsetted by end of year as we are repurposing that content for the new OIDF website. fapi.openid.net will point to https://openid.net/wg/fapi/ (although the redirect is currently broken - working to resolve).
-
Someone has to record the history for those who come after.
-
- changed status to resolved
History diagram to be added to the new website
- Log in to comment
To be discussed on Apr 13 call.