Wiki
Clone wikifapi / Connect_Meeting_Notes_2017-11-14
FAPI WG Meeting Notes (2017-11-14)
Date & Time: 2017-11-14 23:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
The meeting was called to order at 23:05 UTC.
1. Roll Call
- Attending: Anoop, Bjorn, Brian Campbell, Brian Costello, Carla, Edmund, Joseph, Nat, Torsten
- Guest:
- Regrets:
2. Adoption of the Agenda (Nat)
- Adopted as prevously distributed.
3. External Orgs
3.1. Berling Group Consultation (Nat)
Consultation links:
- https://www.berlin-group.org/market-consultations
- https://docs.wixstatic.com/ugd/c2914b_6a15d20b155a4d62922c67fe5a6e3dd5.pdf?index=true
See last weeks discussions for issues.
Draft response:
https://docs.google.com/document/d/1fh09jiJGITuefXkB1Zq3oCrhHNvP5BWXDrpKPJK_iRE/edit?usp=sharing
Torsten is taking the lead in producing the document.
Joseph pointed out that Appendix A had an appearance that Embedded mode is phishing resistant. Nat pointed out that Dave has already fixed the issue and Joseph verified it.
Torsten also has created a proposal to use OAuth as the redirect method and it was already submitted by the German Saving Bank. In addition, there seem to be several TPPs that are proposing to use OAuth as the mechanism and not as an afterthought. More comments in that line from the Fintech side is desirable. Individual corporate members of the WG are encouraged to submit their comments.
For the WG response, Torsten is still waiting for the feedback from Tony and John.
He plans to send it out before noon Singapore time.
3.2. FS-ISAC (Anoop)
- FS-ISAC has shared the newest document with us. We need to provide them with a comment on it. The document is supposed to have incorporated FAPI security profiles.
- The document has been shared with the liaison committee members, but any WG can obtain the document by contacting Anoop.
4. Events
4.1. Report on the FAPI WG Meeting Nov 6, 2017 London (Nat)
Venue: Sandbox 2 Level39, One Canada Square, London, E14 5AB Time: 09.00 - 15.00
The meeting report is available at https://bitbucket.org/openid/fapi/wiki/FAPI_Meeting_Notes_2017-11-06.
Nat explained it briefly. Joseph pointed out that there was an error in the continuous integration platform. The note was saying that it was using Jenkins but instead it is using GitLab. The note was corrected.
During the explanation of the next step, Joseph pointed out that revving the implementers draft for both Part 1 and 2 instead of just part 1 would make sense as there are some updates on the TLS consideration etc. on Part 2 as well. There was no objection in the room.
Updated