Logo des Repositoriums
 
Konferenzbeitrag

FAPI 2.0: A High-Security Profile for OAuth and OpenID Connect

Vorschaubild nicht verfügbar

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2021

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

A growing number of APIs, from the financial, health and other sectors, give access to highly sensitive data and resources. With the Financial-grade API (FAPI) Security Profile, the OpenID Foundation has created an interoperable and secure standard to protect such APIs. The first version of FAPI has recently become an official standard and has already been adopted by large ecosystems, such as OpenBanking UK. Meanwhile, the OpenID Foundation’s FAPI Working Group has started the work on a the second version of FAPI, putting a focus on robust interoperability, simplicity, a more structured approach to security, and improved non-repudiation. In this paper, we give an overview of the FAPI profiles, discuss the learnings from practice that influence the development of the latest version of FAPI, and show how formal security analysis helps to shape security decisions.

Beschreibung

Fett, Daniel (2021): FAPI 2.0: A High-Security Profile for OAuth and OpenID Connect. Open Identity Summit 2021. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-706-7. pp. 71-82. Regular Research Papers. Copenhagen, Denmark. 01.-02. June 2021

Zitierform

DOI

Tags