Avatar

Stuart Low

  • Total activity 40
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 2 users
  • Votes 0
  • Subscriptions 18

Activity overview

Latest activity by Stuart Low
  • Avatar

    Stuart Low commented,

    The question was around DCR but the response relates to authorisation request establishment. How does a Recipient discover what signing algorithm to use for DCR requests? Historically there was a s...

  • Avatar

    Stuart Low commented,

    Further the JAR spec (which would be the authoritative spec here) specifies clients MAY send: https://www.rfc-editor.org/rfc/rfc9101.html#section-5-9 The requirement of these parameters is a backwa...

  • Avatar

    Stuart Low commented,

    In the transition from Hybrid Flow to Auth Code Flow, the mandatory nature of the following fields does not change in the normative standards. Therefore the scope, response_type, client_id and red...

  • Avatar

    Stuart Low commented,

    This guidance is incorrect. If a provider blocks a request at it's border the request is not received and therefore is not reportable. Sanctioned countries for instance are typically blocked at the...

  • Avatar

    Stuart Low commented,

    This document contains the statement of: "When a consumer is no longer eligible, the DH is obliged to withdraw any consents of that consumer." This appears to be inaccurate. When a Consumer becomes...

  • Avatar

    Stuart Low commented,

    Hi Sheeja Soby, on (1) this was discussed during banking implementation here: https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/106. On (2) previous guidance has been t...

  • Avatar

    Stuart Low commented,

    A bunch of inaccuracies here: A PAR request must be validated at submission as if it was submitted at the authorisation endpoint. This diagram has the client parameters and content validation at S...

  • Avatar

    Stuart Low commented,

    In the context of "headers are often case-sensitive" being on header names this is completely wrong. Please stop redefining HTTP 1.1.

  • Avatar

    Stuart Low commented,

    Apologies October 2020, edited in July 2021.

  • Avatar

    Stuart Low commented,

    Enhanced Error handling introduces an "Invalid Page" error response so the following statement now seems invalidated: "As no specific behaviour is defined, the interpretation is left to the Data Ho...