I think Torsten did the example with "debtorAccount" so he can maybe
provide more insight into what he was trying to convey with it. But I
interpreted it similar to Kai in it being more akin to the sub and about
the user's account in general rather than the specific transaction. The
text "selected
> On 2 Jun 2023, at 14:10, Oliva Fernandez, Jorge
> wrote:
>
> Hi,
>
> Reviewing the just releases RFC there are a couple of examples that seems
> incorrect or maybe I’m missing something, in section 9.1 and 9.2 appear a
> field “debtorAccount” outside the “authorization_details” object an
Hi again,
ok I understood your concern better now. I think the authors should be able to
answer that better, but I believe it depends on whether the information the RP
actually needs compared to what information a RS would need in order to fulfill
the operation. For example, when a client would
Hi Kai, and thanks for your response,
The thing is that in section 9.1 say this in the description of the
“debtorAccount”:
”In the example, this account was not passed in the authorization_details but
was selected by the user during the authorization process.”
Seems for me that the “debtorAcco
Hi Oliva,
I don’t see inconsistencies. As far as I understand it, the debtorAccount is
information about the authenticated user account. This is information which the
RS may need in order to know where the money needs to be transferred FROM. This
is nothing which the End-User can change as the
Hi,
Any comment about this? Thanks!
Best regards.
From: "Oliva Fernandez, Jorge"
Date: Friday, 2 June 2023 at 14:10
To: "oauth@ietf.org"
Subject: RFC 9396 - RAR doubt about examples
Hi,
Reviewing the just releases RFC there are a couple of examples that seems
incorrect or maybe I’m missing