FAPI WG Meeting Notes (2019-01-02)
Date & Time: 2019-01-02 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
The meeting was called to order at 14:05 UTC.
- Dave, Bjorn, Chris, Rob, Torsten, Ralph, John
- Agenda was agreed
- New name: Cross-browser Payment Initiation Attack
- Torsten to pick up with Nat to get the doc issued under OpenID name
- Chris to introduce Yolt to Torsten
- Dave to open an issue and assign to Torsten on verifying the state (https://bitbucket.org/openid/fapi/issues/205/add-requirement-for-client-to-verify-state)
- No updates
- WG encouraged to check the developing security profile and input.
- Banks developing V3, but 3 banks will be late.
- Banks are struggling with app-to-app journeys
- Banks also need testing facilities available from March.
- OpenBanking is working on improved testing and conformance suites.
- Including functional tests and tests for CIBA. Will be available by March.
- Also working on value-add APIs, such as variable recurring payments.
- Question on CIBA. OB will just link to existing profile.
- We need to get FAPI CIBA profile ready as soon as possible.
- New draft has reference to FAPI.
- Dave to send around.
https://bitbucket.org/openid/fapi/issues/142/standardising-lodging-intent https://bitbucket.org/openid/fapi/issues/158/fapi-part-2-request-object-for-public https://bitbucket.org/openid/fapi/issues/170/remove-public-client-support https://bitbucket.org/openid/fapi/issues/181/userinfo-response-should-be-a-jwt-ops https://bitbucket.org/openid/fapi/issues/203/guidance-around-jwks-and-jwks_uri https://bitbucket.org/openid/fapi/issues/192/jarm-default-jws-alg-for https://bitbucket.org/openid/fapi/issues/189/behaviour-of-as-when-client-passes
- Pacific call next week. Atlantic call in 2 weeks time.