1.   Roll Call

• Present: John, Nat, Bjorn, Brian, Roland, Torsten, Rich
• Regret: Mike, George

2.   Commonalities and Differences Report on Fed Specs (Andreas/Roland)

Started to write the text, but far from being finished. It should be ready for review in the beginning of October.

Nordu Net meeting next week. TecEx before the IIW week.

3.   Issues

4.   Oct. 9 Certification Meeting (Roland)

Present: Mike, Roland, Hans, Filip,

Presentation was made on Open Banking test tool. It was found out that the tests are for Open Banking that includes further restriction over FAPI and not FAPI itself.

There also was a re-certification discussion. Banks are required to re-certify every 6 months, but what would happen if the test tool had a bug fix in the meantime? How would it affect?

New test features like refresh token and the third party initiated requests were also being discussed.

No clear direction on whether to keep two versions, how they should be used in combination, etc. emerged.

5.   Impact of ITP2 in iOS12 and MacOS about to come out on the implicit flow (req. by George)

Relevant thread in the list: http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20180604/thread.html#6774

It seems to affect the full page redirect, including SAML etc.

vittorio draft ref:

http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20180702/006832.html

Nat will reach out to Vittorio.

6.   Token Binding (John)

The code was removed from Canary release already. Chrome cannot reach AAL3 because of it. People need to use other browsers, e.g., Edge. It undermines the work on WebAuthen.

7.   3. AOB