FAPI WG Informal Meeting Notes (2016-08-02)
Date & Time: 2016-08-02 23:00 UTC - 00:10 UTC Location: GoToMeeting Attendees: Nat, Nov, Edmund
Since the meeting invitation was not sent to the list, this meeting is informal.
- Meeting notification and WG Page
- New & Open Issues
1. Meeting notification and WG Page
Nat apologized that as he did not send the meeting invitation properly to the list, this meeting is informal.
Edmund pointed out that the meeting URL is not properly put at the WG page that one has to dig into the meeting calendar to find the link.
Nat updated the WG page on the fly and promised to send out the meeting invitation after the call.
2. New & Open Issues
In the call, participants discussed the following issues listed in the issue tracker
- issue #2: Accounts: Total Pages and Page does not make sense
#4: Remove MessageFormat and references to it
- issue #7: Add "Open Data" data set
#8: Should hard coded paths be avoided
#10: Internationalization of strings
#11: OAuth Profile should mandate RFC7636 (PKCE) for code flow
#12: OAuth Profile should mandate per AS redirect URI for Clients with session comparison
#13: TLS 1.0 should be banned
#14: Allowed Redirection Client URI is not a defined term
#15: Client Authentication, not Client Authorization
#16: Client Authentication -- Do we need TLS mutual authentication?
#17: Incomplete sentence "In line with FFIEC (Federal Financial Institutions Examination Council) guidance on Authentication to mitigate security risks."
#18: "Authorization token" is not a defined term in RFC6749
#19: Remove or Improve OAuth Interactions Diagram
- issue #20: Meaning of the Surrogate Identifier Clause not clear
#21: Residual Data clause should be generalized and moved to privacy considerations
#22: Undefined OAuth response parameter
user_idappears in the text
#23: How do I find AccountID to use in transfer?
The discussion results are recorded in each issue tickets. As far as the terminology is concerned, it was prevalent among the callers that OAuth term should be used instead of creating something else.
Nat asked the participants to review the Editor's comments added to Financial_API_WD_000.md
Call adjourned at 00:14 UTC.