Wiki
Clone wikifapi / FAPI_Meeting_Notes_2018-07-24_F2F
FAPI WG Meeting Notes (2018-07-24) F2F
Date & Time: 2018-07-24 01:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
The meeting was called to order at 03:08 UTC.
1. Roll Call
- Attending: Nat, Kengo (Folio), Mark (Radium), Dave, Henrik (Authlete), Joseph (Authlete), Hide (Authlete), Taka (Authlete), Wada 8NRI), Hiroshi Aiba (NRI), Ralph (Radium), Justin (Fintech Labs).
- Guests: Takashi Uematsu (Hitachi), Yukawa (DeNA)
- Regrets:
2. Adoption of the Agenda (Nat)
- Adopted as is
3. CIBA (Dave)
- Concerns raised on posting token out. Just notify the client/resource.
#66in CIBA. People should look at it. This is the biggest change to be made at CIBA core spec.- This will make the CIBA Profile in FAPI very lightweight.
- This implies that existing MNO behaviour has to put into an MNO profile rather than in the core.
4. Security Report and ID2 (Nat)
- Mandate AT hash.
- It works. The mitigation suggested is to
- Claimed HTTPS URI --> Add a note about native apps. For the platforms without support for it,
- Dynamic Client Registration
3) It can be done. It was discussed before. Perhaps it should be done in the security documentation. Credit tarnishing attack can be a real use case.
5. App2app (Dave)
Need to add a note explaining how native apps can be user agent for confidential client. Many cases using an app as user agent/browser.
Redirect URI place and security consideration.
Reference BCP.
Dave to propose the text.
6. Open Banking Update (Ralph)
Discussed about an "exciting" new development. The information will be shared as soon as it becomes sharable.
Updated