FAPI WG Meeting Notes (2018-07-24) F2F

Date & Time: 2018-07-24 01:00 UTC

Agenda

The meeting was called to order at 03:08 UTC.

1. Roll Call

Attending: Nat, Kengo (Folio), Mark (Radium), Dave, Henrik (Authlete), Joseph (Authlete), Hide (Authlete), Taka (Authlete), Wada 8NRI), Hiroshi Aiba (NRI), Ralph (Radium), Justin (Fintech Labs).
Guests: Takashi Uematsu (Hitachi), Yukawa (DeNA)
Regrets:

Concerns raised on posting token out. Just notify the client/resource.
- ~~#66~~ in CIBA. People should look at it. This is the biggest change to be made at CIBA core spec.
- This will make the CIBA Profile in FAPI very lightweight.
- This implies that existing MNO behaviour has to put into an MNO profile rather than in the core.

Claimed HTTPS URI --> Add a note about native apps. For the platforms without support for it,
Dynamic Client Registration

3) It can be done. It was discussed before. Perhaps it should be done in the security documentation. Credit tarnishing attack can be a real use case.

Need to add a note explaining how native apps can be user agent for confidential client. Many cases using an app as user agent/browser.

Redirect URI place and security consideration.

Reference BCP.

Dave to propose the text.

Discussed about an "exciting" new development. The information will be shared as soon as it becomes sharable.

There will be a Pacific call tomorrow.