Clone wiki

fapi / FAPI_Meeting_Notes_2018-03-28

FAPI WG Meeting Notes (2018-03-28)

Date & Time: 2018-03-28 14:00 UTC

Location: GoToMeeting

The meeting was called to order at 14:05 UTC.

1.   Roll Call

  • Attending: John, Nat, Joseph, Tom
    • Guest:
  • Regrets: Dave, Chris, Mike S.

3.   Pull Requests

4.   Issues

  • Talked about #135 at some length. It looks like a core problem is how to express the needs for "meaningful consent" at the authorization server. Unlike in the regular OAuth's case, FAPI Part 2 allows the client to be authenticated via a digital signature, so the authorization server can actually show who is requesting what to the end user. However, the actual user interface for showing that information is out of scope for OpenID Connect Core. We might want to come up with a text that expresses the need for the "meaningful consent."

5.   External Organizations

5.2.   OpenAPI (Nat)

  • There was a call with the OpenAPI Foundation last Friday. It is heading in a good direction, e.g., supporting signed JWT response, etc. Nat will send a link to it in the mail list. If you are interested, please get involved.

6.   Events

6.1.   IIW (John)

  • John is going to present FAPI in the pre-IIW OpenID Workshop.
  • Please send the presentation ideas to the list to help John.

7.   AOB

  • There seem to be some demands for FAL3 authentication in the US now, as a part of Fedramp program.
  • EAP WG has a draft that deals with it and it may go to the implementer's draft vote in the near future. If you are interested, please join the WG and submit your comments.

7.1.   Next Call

The next call is scheduled to be in the Pacific time zone.

  • The meeting was adjourned at 15:01 UTC.