[Idpy-discuss] Where do we want to go ?

Hi! I had a question from Torsten Lodderstedt, who some of you know, on whether our OIDC/OAuth2 implementation supported all the features that the FAPI 2 baseline stipulates. Turns out we do support most of them (PKCE, PAR and the new iss authorisation response parameter). What we don’t have support for is RAR (https://tools.ietf.org/html/draft-ietf-oauth-rar-03 <https://tools.ietf.org/html/draft-ietf-oauth-rar-03>). The new session/grant subsystem has hooks for it but we’re lacking the part that actually can use it. I don’t think that GEANT has any use for RAR but I may be wrong. If so I’d like someone to tell me. The larger question is of course: should we care what FAPI/FAPI 2 demands ? Or ultimately, our customer what do they want ? Anyone knows who are customers are ? Anyone with an idea as to who we would like to be our customers ? Except for the HigherEd and Research ? — Roland Can anything be sadder than work left unfinished? Yes, work never begun. -Christina Rossetti, poet (5 Dec 1830-1894)