Expand description
FAPI 2.0 (Financial-grade API) Security Profile Implementation
This module implements the Financial-grade API (FAPI) 2.0 Security Profile, which provides enhanced security requirements for high-risk scenarios like financial services.
§Security Features
- Enhanced Request Security: JWS request object signing
- Response Security: JWS response signing
- Advanced Client Authentication: Enhanced mTLS and private key JWT
- Threat Protection: JARM, DPoP, PAR mandatory
- Compliance Validation: Automated FAPI 2.0 requirement checking
- Sender-Constrained Tokens: Resource server validation of token binding
- Rich Authorization Requests: RFC 9396 fine-grained authorization
- Enhanced Logging: Detailed audit trails
§FAPI 2.0 Requirements
- Mutual TLS (mTLS) for client authentication
- JWS request object signing (RFC 9101)
- DPoP for sender constraining (RFC 9449)
- Pushed Authorization Requests (PAR) (RFC 9126)
- JWT Secured Authorization Response Mode (JARM)
- Enhanced threat modeling and protection
Structs§
- Authorization
Detail - Rich Authorization Request detail (RFC 9396)
- Fapi
Authorization Response - FAPI 2.0 Authorization Response (JARM)
- Fapi
Compliance Violation - FAPI 2.0 compliance violation
- Fapi
Config - FAPI 2.0 Configuration
- Fapi
Config Builder - Builder for FAPI 2.0 Configuration
- Fapi
Manager - FAPI 2.0 Security Profile Manager
- Fapi
Request Object - FAPI 2.0 Request Object Claims
- Fapi
Session - FAPI 2.0 Session
- Fapi
Session Builder - Builder for FAPI 2.0 Session
- Fapi
Token Response - FAPI 2.0 Token Response
Enums§
- Fapi
Violation Severity - Severity of a compliance violation