FAPI WG Meeting Notes (2018-01-31)
Date & Time: 2018-01-17 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
The meeting was called to order at 14:05 UTC.
- Attending: Nat, Bjorn, Ralph, Joseph
- Regrets: John
- Date: 2018-01-29 14:00 - 17:00
- Location: Renessance Hotel, St Pancras, London
- Present: Nat, John, Don, Joseph, Mike, Mark
We went through all the remaining issues for Part 1 and 2 and agreed on the dispositions. They are recorded on the respective tickets. Joseph and Dave are going to send the corresponding pull requests. Once it is done, They can go to the next round of implementers draft.
For CIBA, since the model is very different from the standard OAuth, we felt that it is better to do some more security analysis. Dave has filed his paper to the forthcoming OAuth Security Workshop and we will discuss it there. If it looks like sufficiently secure there, then we can go to the implementer's draft.
Some of the issues around CIBA seemed more appropriate to be applied to the main CIBA spec., and they are going to be taken to Modrna WG.
Date: 2018-01-30 Location: Barclays accelerator, London
In the meeting a lot of time was spend in discussing what the RTS means and what could be done for the embedded flow.
Certification suit demo was done in the session as well.
Date: 2018-01-30, 31 Location: Cite International Université de Paris
Nat met with Isabelle from 42crunch. She explained her plan to start the extension work around OpenAPI security expressivity at the OpenAPI Foundation. Current thinking around the extension is on
- Getting machine readable OAuth/OpenID server configuration and express the constraint
- Supporting JOSE
Ralph pointed out that there is also some voices around pushing for better tooling around attached signature mode.
Nat will put Ralph in touch with Isabelle.
Nat also met with a DXC guy who spoke about BIAN. He will put Nat in touch with BIAN.