FAPI WG Meeting Notes (2016-12-21)
- Date & Time: 2016-12-21 15:00 UTC
- (07:00 PDT, 15:00 UK, 16:00 Denmark, 00:00+1 JST)
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (Nat)
- 3. Implementer's draft Part 1 (Nat)
- 4. Working Draft 02
- 5. Issues (Nat)
- 6. Events
- 7. External Orgs
- 8. AOB
The meeting was called to order at 15:05 UTC.
- Present: Dave, Sascha, Nat, Henrik, John
- Regrets: Anton (as it is the last day for him at DT) <-- Thanks from the WG.
- Public review has been started.
- Details can be found at: http://openid.net/2016/12/19/public-review-period-for-financial-api-part-1-read-only-api-security-profile-started/
- Financial_API_WD_001.md Financial API - Part 1: Read Only API Security Profile
- Financial_API_WD_002.md Financial API - Part 2: Read and Write API Security Profile
- Financial_API_WD_003.md Financial API - Part 3: Open Data API
- Financial_API_WD_004.md Financial API - Part 4: Protected Data API and Schema - Read only
- Financial_API_WD_005.md Financial API - Part 5: Protected Data API and Schema - Read and Write
- There were long discussion around the various forms of attack esp. the session hijacking, lead by John.
- Nat also pointed out that he outlined some of the security issues that needs to be addressed in his Paris presentation: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect
- Dave pointed out that UK Open Banking IE needs it at the latest by May so we need to execute quite quickly.
- Nat volunteered to take the first crack at it so that WG members can start filing the issues and giving pull requests.
- Several new editorial issues have been filed for Part 1. Since they are all editorial, they can be applied before the vote.
- Dec 13 & 14 @ Paris. Nat got a ticket to Paris now.
- Slides for session 1: As distributed before.
- Slides for session 2: http://www.slideshare.net/nat_sakimura/financial-grade-oauth-openid-connect
- Connected with Figo.
- Connected with Open Bank Project
- The myth that OAuth 2.0 not suitable to Banking API cleared.
- Dave sent the current status report in http://lists.openid.net/pipermail/openid-specs-fapi/2016-December/000212.html
- IE is still dealing with governance process and still closed.
- For open data schema, they are using ISO 20022 dictionary and converting it into JSON.
- HSBC (one of the 9 banks involved with the IE) has launched their beta
- API for open data: https://developer.hsbc.com/swagger-index.html
- It may help connecting with Berkeley, who is very much involved in OIX, our sister organization.
- On hold now for other priorities. Will resume in the new year.
- For now, Nat is put as the liaison officer for X9, but he would like Paul to take over.