Public Review Period for “Financial API – Part 1: Read Only API Security Profile” Started


OpenID Foundation’s Financial API (FAPI) Working Group has advised the foundation to start the public review period for consideration as an Implementer’s Draft for the specification:

It is a specification that documents the security profiles of OAuth 2.0 and OpenID Connect to be used in the protection of financial APIs. It states the requirements and recommendations (which combined are called “provisions”) that Authorization Servers, Clients, and Protected Resources must follow.

The relevant dates are as follows.

  • Public review period: 2016-12-19 to 2017-02-02 (45 days)
  • Implementer’s Draft vote announcement: 2017-01-20
  • Implementer’s Draft voting period: 2017-02-03 to 2017-02-10 (7 days)*

* Note: Pre-voting before the start of the formal voting will be allowed.

Comments are to be submitted to the FAPI WG issue tracker. You have to sign IPR Contribution Agreement to file issues. See http://openid.net/intellectual-property/ for more details.


Update:As a result of the public review, the specification has been updated twice to address editorial issues identified. As a result, the Implementer’s Draft adoption vote will apply to this revised version: