Clone wiki

fapi / FAPI_Meeting_Notes_2017-05-16

FAPI WG Meeting Notes (2017-05-16)

Date & Time: 2017-05-16 23:00 UTC

Location: GoToMeeting

The meeting was called to order at 23:07 UTC.

1.   Roll Call

  • Attending: Nat Sakimura, Tom Jones, Edmund Jay, Anthony Nadalin
    • Guest: Bruno Azenha [Accenuter Technology Architecture (UKI)]
  • Regrets: Anoop Saxena, John Bradley (flying)

2.   Adoption of the Agenda (Nat)

  • Adopted modifed. (Person in charge of the topic for this meeting was changed.)

3.   External Orgs

3.1.   Euro Retail Payments Board (Nat)

3.2.   UK Open Banking (Nat)

  • Workshop on May 22 in London.
  • Tony will be there as well, though still waiting for the invitation. Sue is following up.

3.3.   ISO/TC68 (Nat)

  • Liaison request is in a 4 months letter ballot.
  • They are in F2F meeting this week in Rio.

3.4.   Mobile Connect (Nat)

  • Nat has not been able to coordinate a joint call yet.
  • There have been some interactions with Bjorn and Tom. Since Tom had no write access to their repo, he just have sent out the comments as an email.

4.   Part 2: WGLC Issues

Some new comments as the result of the WGLC arrived. All the current tickets for Part 2 including the new ones were discussed. Some of the tickets relating to the attack description in the security consideration need further examination. Nat will take it offline with Edmund to see if they are worthwhile in including them. If they determine that they are not for this document, they will close them without adding them to the security considerations.

Besides the ticketed items, Nat noted that he needs to hear back from Dave and Ralph that if their re-read upon the clarification of what is a public client was OK. He will follow up during the Europe day time.

It is expected that all the tickets will be closed by the end of the week, in time for the Open Banking Workshop.

Once they are closed, Nat will announce the WG consensus and request the start of the process for the implementers draft vote.

5.   AOB

Tom asked if FAPI is a profile and would it be ok for other community to create another profile that restrict SHOULD to MUST. The answer is YES. Both OpenID Connect and OAuth are general in nature and it probably is the case that in some use cases they need to lock the parameters down.

5.1.   Next Call (Atlantic)

Nat and Tony may be flying at the time of the meeting and will come back to the work group on how we should host the meeting in that case.

The meeting was adjourned at 23:48 UTC.