Problem description
KnowYourCustomerFill-in responses contain personal identifiable information.
Although request and thus responses are protected by TLS, there might be several hops through the network that terminate that TLS connection and then forward the request and see the request and the response content.
Possible evolution
The final response server could encrypt the response to the API consumer.
Caveats:
The final resource server might not know the initial API consumer, if e.g. an aggregator send their own KnowYourCustomer-Fill-in request and the response is then encrypted to them.
Alternative solution
Additional context
camaraproject/IdentityAndConsentManagement#310
Problem description
KnowYourCustomerFill-in responses contain personal identifiable information.
Although request and thus responses are protected by TLS, there might be several hops through the network that terminate that TLS connection and then forward the request and see the request and the response content.
Possible evolution
The final response server could encrypt the response to the API consumer.
Caveats:
The final resource server might not know the initial API consumer, if e.g. an aggregator send their own KnowYourCustomer-Fill-in request and the response is then encrypted to them.
Alternative solution
Additional context
camaraproject/IdentityAndConsentManagement#310