Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-11019

Support Financial-grade API (FAPI) - Advance Profile

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • Documentation, Gateway
    • None
    • 5
    • False
    • None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Placeholder for FAPI - Advance profile.

      Resource sever requirements:

      The protected resources supporting this document

      1. shall support the provisions specified in clause 6.2.1 Financial-grade API Security Profile 1.0 - Part 1: Baseline; and
      2. shall adhere to the requirements in MTLS.

      We are well covered with MTLS part. However, it is still necessary to investigate further what is needed to comply with this document. Especially

      • This profile does not support public clients.
      •  JWT Secured Authorization Response Mode for OAuth 2.0 (JARM
      • OAuth 2.0 Pushed Authorization Requests (PAR)

      Authorization server requirements:

      shall authenticate the confidential client using one of the following methods (this overrides FAPI Security Profile 1.0 - Part 1: Baseline clause 5.2.2-4):

      1. tls_client_auth or self_signed_tls_client_auth as specified in section 2 of MTLS, or
      2. private_key_jwt as specified in section 9 of OIDC

       

              Unassigned Unassigned
              rhn-support-atra An Tran
              Darren Fennessy Darren Fennessy
              An Tran An Tran
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: