openid / fapi / issues / #608 - Make clear that requests and responses to resource servers don't have to be bound — Bitbucket

Issue #608 resolved

Dave Tonge created an issue 2023-06-21

i.e. it is possible to have a signed request, but not a signed response

and its also possible to have a signed response without a signed request

Comments (5)

Nat Sakimura
- changed status to open
- 2023-06-28T14:39:31+00:00
Tim Würtele
What is the status on this? The current draft still mandates the RS to cryptographically link the response to the request (Sec. 5.6.2.1 No. 2). Is the plan to basically change the shall in that clause to a may?
- 2023-08-29T08:05:54+00:00
Dave Tonge reporter
make it clear to only sign request signature and request signature input if applicable (i.e. if present)
also add to the note to explain further
- 2023-09-06T14:26:29+00:00
Dave Tonge reporter
https://bitbucket.org/openid/fapi/pull-requests/433
- 2023-09-27T13:55:18+00:00
Dave Tonge reporter
- changed status to resolved
PR merged
- 2023-10-10T09:03:54+00:00
Log in to comment

Assignee: Dave Tonge

Type: bug

Priority: major

Status: resolved

Component: FAPI2: Message Signing

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!