Clone wiki

fapi / FAPI_Meeting_Notes_2019-03-27_Atlantic

FAPI WG Meeting Notes (2019-03-27)

Date & Time: 2019-03-27 14:00 UTC

Location: GoToMeeting

The meeting was called to order at 14:05 UTC.

1.   Roll Call

  • Attending: * Bjorn, Dave, Joseph, Torsten
  • Guests:
  • Regrets:

3.   Update from Face to Face at OSW & External Organisations

  • Discussion around external organisations

5.   Sender Constraining

  • Daniel, John and Torsten writing a draft for sender-constraining in a token bound like way but without token binding.
  • Using application level signatures
  • New header that carries a JWT that contains the target url, the method,

6.   FDX - FAPI Update

  • Dave explained about the schema and the history from durable data API

7.   FAPI Conformance Test Suite

  • Not looked at JARM yet
  • Joseph asked about implementation - (Connect2Id & OpenID Provider)
  • Action to raise ticket about whether JARM is well integrated with part 2
  • Launch on 1st April for FAPI testing

8.   Update on Lodging Intent

  • Torsten to update draft with this other approach
  • Change name to rich authorisation data

9.   Issues Security BCP assumes passive attackers, whereas FAPI assumes otherwise.

10.   Next Call

  • Pacific call next week. Atlantic call in 2 weeks time.