Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a glossary and define terminology #4

Open
mibrand opened this issue Jul 17, 2024 · 1 comment
Open

Create a glossary and define terminology #4

mibrand opened this issue Jul 17, 2024 · 1 comment
Assignees
@mibrand

Comments

@mibrand
Copy link
Contributor

mibrand commented Jul 17, 2024
edited
Loading

Based on existing sources, the terminology must be defined and published in a glossary to promote common understanding.

  • OAuth Basic terms (SU, SP, RO, ...)
  • PAR, RAR, ...
  • Consent flow
  • ...
@mibrand mibrand self-assigned this Jul 17, 2024
@lwe
Copy link

lwe commented Dec 17, 2024

@mibrand, not sure if this is the right ticket, or not, but I took upon the task to review the current glossary. At this point in time I don't have edit permissions and the Wiki doesn't allow me to create PR, so I'm using ticket comments for now. If given permissions I can easily just create a new revision in the Wiki page directly.

Generally, it's okay as-is, no changes necessary if you don't want to.

Minor changes

  1. Customers / FI's customers: [...]

    To be aligned with other parts, I'd use FI's customers as term, as this is also used AFIAK by other pages.

  2. Authorization Server: The server (i.e. the identity provider by the FI) [...]

    Resource Server: The server hosting the protected resources (i.e. by the FI) [...]

    Resource Owner: The entity (typically the end-user FI's customer) that [...]

    Client: The application (i.e. the TPP) [...]

    Just some more context and putting the OAuth terms into FAPI terminology.

Additions

While most terms are explained that need explaining, I'd introduce the following two additional terms:

  1. Technologies and Standards > Grant Management: Allows the Resource Owner to manage access permissions to their data on a specific Resource Server, which they have created using one or more consent flow. The Resource Owner creates authorisations (implicitly in the consent flow) and can then delete, replace or update them as required in a standardised way.

    I've just used the definition from the main page, but I think it's sensible that way.

  2. Technologies and Standards > CIBA (Client Initiated Backchannel Authentication): Describes a decoupled OpenID Connect authentication flow where the client initiates an authentication request, and the user authenticates on a separate device. Making it ideal for scenarios like smart speakers, call centers, or point-of-sale terminals.

    It's referenced in the main document, albeit as optional for now, however as we are discussing it in the main document I believe it would make sense to describe too.

Varia

I'd add links to all the relevant specifications too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mibrand mibrand

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lwe @mibrand