Clone wiki

fapi / FAPI_Meeting_Notes_2018-01-23

FAPI WG Meeting Notes (2018-01-23)

Date & Time: 2018-01-23 23:00 UTC

Location: GoToMeeting

The meeting was called to order at 23:05 UTC.

1.   Roll Call

  • Attending: Nat, Dave, Edmund, Joseph, Bjorn, Tom
    • Guest:
  • Regrets: John, Anoop

2.   Adoption of the Agenda (Nat)

  • OAuth Question on the client id added.

3.   Upcoming Events

3.2.   API Days (Nat)

Nat will be attending to do presentation about FAPI and OpenBanking

3.3.   Informal FAPI meeting

Monday afternoon in London. Location TBD. Nat will send out a message asking who is going to attend.

4.   Issues

4.1.   #129 TLS cipher restrictions should be relaxed for the authorise endpoint

What is currently in the pull request seem to be a good text. If there is no objection, we should adopt it.

ASK: Adopted the pull request.

4.2.   #127 CIBA: security issues

Text for the security consideration was proposed. When the text is added, the ticket should be closed.

Tom wanted it to be a requirement. Dave is going to put it as the requirement.

Dave also has submitted it to be dealt at the OAuth security workshop in March.

DISPOSITION: Adopted the proposed text.

4.4.   #110 more definition of s_hash

Brian wants the behavior of the AS when state is not in the request to be specified. Nat suggested that s_hash must not be in the ID Token if the request did not have state specified.

DISPOSITION: Proposal accepted. Nat to make a pull request.

4.5.   #114 Require state

Linked to #110. Nat proposed to require state in pure OAuth, while making it optional for OIDC.

DISPOSITION: Adopted the direction.

4.7.   zzz: client_id

Test suite always sends client id in the body.

4.8.   Implementer's Draft (Edmund)

Waiting for the issues to be cleared.

5.   AOB

5.1.   Next Call (Atlantic)

The next call is scheduled to be in the Atlantic time zone.

  • The meeting was adjourned at 23:55 UTC.