Move note regarding URN from 7.3 to 7.1
Issue #98
resolved
Financial_API_WD_002.md contains this note:
Note that it can be either URL or URN. It shall be based on a cryptographic random value so that it is difficult to predict for the attacker.
- I suggest to move this note to section 7.1 where request_uri is introduced.
- If the request_uri is an URN is there a need to be based on a cryptographic random value?
- I suggest to expand on request objects at the AZ and that in this case URNs might be the best way to go.
- If request objects reside at the AZ must they be signed?
Not sure I fully understand the RO at AZ scenario...
Comments (5)
-
-
- changed status to resolved
Part 2: Fixed
#98→ <<cset d9f2acd5e109>>
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
Good idea.
For 4. above, yes. That is for the record that it really was the client who sent it, and as a form of authentication as well.