Wiki
Clone wikifapi / FAPI_Meeting_Notes_2018-05-23
FAPI WG Meeting Notes (2018-05-23)
Date & Time: 2018-05-23 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
The meeting was called to order at 14:__ UTC.
1. Roll Call
- Attending: Nat, Brian, Dave, Joseph, Ralph, Bjorn
- Guest:
- Regrets:
2. Adoption of the Agenda (Nat)
- Implementer's draft.
3. New Name for the WG (Nat)
- Financial-Grade API WG
4. Implementer's Draft
- Review: Ralph, Joseph, Brian
5. Road map for OpenBanking -> FAPI (Ralph)
- Delta between the OB spec and Part 2
- Conformance test harness
- Evaluation of the delta
- Open Banking
6. External Organizations
6.2. ISO/TC68/SC 9 (Dave)
- Released the first draft. Not much is changed. Part 1 and 2 are in there.
- Unsure of the process.
6.3. Other EU SDOs (Dave)
- STET and Berlin Group
- Joint Workshop towards the end of June.
7. Pull Requests
Those on the call accepted the change and recommended that it be merged in
There was agreement to go with Nat's proposed wording. Dave to update the pull request.
There was agreement to merge in the change. There was some discussion about the need to have a standards based approach to "lodging intent". OpenBanking, Stet and Berlin Group have all taken different approaches and none of them are using the request object endpoint. Dave to raise an issue for this.
Tom advised that we should hold on this - he will get back to us on the next call.
We discussed this pull request and then moved into a related issue, see below.
8. Issues
- https://bitbucket.org/openid/fapi/issues?status=new&status=open
- https://bitbucket.org/openid/fapi/issues/11/oauth-profile-should-mandate-rfc7636-pkce
We discussed this and came to the consensus that PKCE should be required for all clients in part 1, not just public clients. Joseph to create a pull request with this change.
This issue can be closed when the related pull request is merged
We discussed this issue and agreed to leave some comments on the issue. There was a discussion about whether the name needed to match up with FAPI at all.
Those on the call felt that the wording in FAPI was fine, even though it is more restrictive than the base standard.
We discussed this and agreed that Dave would try and raise the issue in the OAuth Working Group.
9. AOB
9.1. Next Call
The next call is scheduled to be in the Pacific time zone.
- The meeting was adjourned at 14:50 UTC.
Updated