Closed perlboy closed 4 years ago
In “Registration API Endpoints” section Register standard mentions “TLS-MA” for register endpoint (and others).
https://cdr-register.github.io/register/#registration-errors
Ah sorry, right you are, clearly missed that, closing.
There is a table in the cdr-register specification which explains what components require MTLS but it does not include Client Registration. From what I can tell there is no explicit statement that Dynamic Client Registration must be secured with MTLS?
Based on the UK spec it states the following:
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/36667724/OpenBanking+OpenID+Dynamic+Client+Registration+Specification+-+v1.0.0-rc2#OpenBankingOpenIDDynamicClientRegistrationSpecification-v1.0.0-rc2-ClientRegistrationEndpoint
Is this aligned with implementations in Australia?