Clone wiki

fapi / FAPI_Meeting_Notes_2017-03-07

FAPI WG Meeting Notes (2017-03-07)

Date & Time: 2017-03-07 23:00 UTC

Location: GoToMeeting

The meeting was called to order at 15:10 UTC.

1.   Roll Call

  • Present: Nat, Tom, Brian, Edmund, John, Henrik.
  • Regrets:
  • Guest:

2.   Adoption of the Agenda (Nat)

  • Added FS-ISAC
  • Moved External Orgs as the first item.

3.   External Orgs

3.1.   FS-ISAC DDA (Brian)

  • FS-ISAC had a call. Feedback on DDA 2.0 that extends to tax, qtip, etc.
  • Banks are also interested in the consent flow.
  • Banks supporting DDA: Wells Fargo, Fidelity, Citi,
  • OFX: Chase

3.2.   UK OBS (Nat/John)

  • Need to come up with some spec in one to two weeks.
  • The solution needs to be implementable by the major vendors.
  • Bunch of change requests to be discussed in WD section of the agenda.

3.3.   Others

Followings were not discussed.

  • OFX (Anoop)
  • ISO/TC68
  • Figo
  • JP Banking Association (Nat)

4.   Drafts

4.2.   Part 2: Read & Write API Security Profile (Nat & Edmund)

4.2.1.   PoP other than Token Binding

  • WG decided to mandate PoP but allow two different methods:
    • Token Binding
    • Sender constraint via Client Cert.
  • Client cert sender constraint should allow following verification methods:
    • jku
    • x5u
    • x5t
    • dn <-- needs to be defined. All the others are defined in RFC8700.
  • Nat will come up with a draft and send it over to the list, and post it to IETF on Friday.

4.5.   Part 5: Protected Data API and Schema - Read and Write

  • This seems to be a priority.
  • Passing payment info in request object to have the user consent.
  • Gather example schema in the document so that we can abstract them later.

5.   AOB

5.1.   Next Call (Atlantic)

  • Next call is Atlantic shift and is in next week. Nat is unable to make it. Perhaps John or Dave to set up a call.
  • Consider twice a week call until UK requirements are met?

The meeting adjourned at 23:58 UTC.