- changed status to open
CustomerId == sub == x-fapi-customer-id: Should standardize as sub
Issue #66
resolved
In the spec, there are three ways to express semantically equal thing.
CustomerId == sub == x-fapi-customer-id
As an OIDC related spec, it should standardize on sub.
Also, the http header value for this fixed value may not be trustworthy as it is not a secret and can be reproduced by anyone. So it should not be relied upon. Perhaps, it should be removed from the Security parts and moved to Part 4 to make sure that people does not misunderstand that this is a security feature.
Comments (8)
-
reporter
-
reporter
Removing this line:
- can optionally supply the
subvalue associated with the customer with thex-fapi-customer-idrequest header, e.g.,x-fapi-customer-id: a237cb74-61c9-4319-9fc5-ff5812778d6b;
Other bullets in the same bullet list needs to be re-evaluated again towards the final though. They are useful, but again, they are not be reliable security feature.
- can optionally supply the
-
reporter
- changed status to resolved
Fixed
#66→ <<cset 169a90f4af1e>>
-
reporter
- changed component to Part 1: Baseline
-
reporter
- changed component to FAPI 1 - Part 1: Baseline
-
reporter
- changed component to FAPI 1 – Part 1: Baseline
-
reporter
- changed component to FAPI 1 – Baseline
-
reporter
- changed component to FAPI 1: Baseline
- Log in to comment
WG discussed in the call and agreed to drop it from Part 1 and move to Part 4.