Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-11019

Support Financial-grade API (FAPI) - Advance Profile

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • Documentation, Gateway
    • None
    • 5
    • False
    • None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Placeholder for FAPI - Advance profile.

      Resource sever requirements:

      The protected resources supporting this document

      1. shall support the provisions specified in clause 6.2.1 Financial-grade API Security Profile 1.0 - Part 1: Baseline; and
      2. shall adhere to the requirements in MTLS.

      We are well covered with MTLS part. However, it is still necessary to investigate further what is needed to comply with this document. Especially

      • This profile does not support public clients.
      •  JWT Secured Authorization Response Mode for OAuth 2.0 (JARM
      • OAuth 2.0 Pushed Authorization Requests (PAR)

      Authorization server requirements:

      shall authenticate the confidential client using one of the following methods (this overrides FAPI Security Profile 1.0 - Part 1: Baseline clause 5.2.2-4):

      1. tls_client_auth or self_signed_tls_client_auth as specified in section 2 of MTLS, or
      2. private_key_jwt as specified in section 9 of OIDC

       

            Unassigned Unassigned
            rhn-support-atra An Tran
            Darren Fennessy Darren Fennessy
            An Tran An Tran
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: