FAPI WG Meeting Notes (2017-03-15)
Date & Time: 2017-03-15 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (Dave)
- 3. Drafts
- 3.1. Part 1: Read Only API Security Profile (Dave)
- 3.2. Part 2: Read & Write API Security Profile (John, Nat & Dave)
- 3.3. Part 3: Open Data API
- 3.4. Part 4: Protected Data API and Schema - Read only
- 3.5. Part 5: Protected Data API and Schema - Read and Write
- 4. External Orgs
- 5. AOB
The meeting was called to order at 14:05 UTC.
- Present: Nat, John, Tom, Bjorn, Joseph, Dave.
- Regrets: Henrik
- Adopted as is
- Sacha has opened a pull request
- Consensus to change "can" to "may"
- WG discussed new draft for JWT Pop Token Usage <https://tools.ietf.org/html/draft-sakimura-oauth-jpop-01>
- Discussion around the use of "Common Name" rather than "Distinguished Name"
- Dave to circulate with UK Open Banking for feedback
- WG discussed whether there should be "mandatory to implement" sections of the spec
- WG decided that it was important that the client only need to support a small number of PoP methods - even if AS supported many
- WG discussed how access tokens would be presented - Bearer vs Jpop. Draft to be reviewed to ensure this is clear. Feedback requested on feasibility of support within time constraints.
- FAPI Spec is in strong consideration
- Need to work closely to ensure that the spec balances security requirements and real world implementation issues
Followings were not discussed.
- No other external orgs were discussed