Currently, the US OpenID Foundation is running a period ending on February 2th.
"Financial API Part 1 — Read only security profile" 1Voting is now open for the "Implementer's Draft".
All US members can register hereLink2You can vote from here.
The UK's Open Banking Standard and the US's Durable Data API use OAuth for API protection, but in reality, OAuth is just a "framework" as the title "The OAuth Authorization Framework" suggests, and in order to apply it in practice, "profiling" is required to determine the values of individual options. By creating such a "framework," OAuth can be used for a range of use cases, from relatively loose use cases to those that require more security. However, most of the OAuth implementations available on the market are profiles for "loose" use cases and are not suitable for use cases that require more security.
Therefore, the OpenID Foundation organized the Financial API (FAPI) Work Group last year to develop a profile for financial services.3The standard currently up for certification is "Part 1: Read Only Security Profile," which is a proposed standard that addresses the risk level of only reading financial data. A write-enabled profile is currently being drafted as Part XNUMX.
Voting closes on February 2th.
Please note that there is no connection between casting this vote and IPR Contribution, so please feel free to vote.
If you are not yet a member,registration page4You can register as a member now.
To register, first log in using your OpenID (Google, Yahoo!, etc.) and then proceed to pay your membership fee.