Clone wiki

fapi / FAPI_Meeting_Notes_2019-07-31_Atlantic

FAPI WG Meeting Notes (2019-07-31)

Date & Time: 2019-07-31 14:00 UTC

Location: GoToMeeting

The meeting was called to order at 14:03 UTC.

1.   Roll Call

1.1.   Attending:

  1. Bjorn Hjelm (Verizon)
  2. Dave.Tonge (Moneyhub)
  3. Dima Postnikov
  4. Joseph Heenan
  5. Kosuke Koiwai (KDDI)
  6. Nat Sakimura
  7. Ralph Bragg
  8. Stuart Low
  9. Torsten Lodderstedt (

3.   External Organizations

3.1.   IETF (Nat)

  • Daniel presented Pushed Request Object to the OAuth WG. It was well accepted. Once we are done with the editing that applies the changes to all the current issues, we should submit it towards IETF 106. Nat will check if we need to do Implementer's Draft vote before that.
  • Justin presented XYZ. It will likely to be taken up as an experimental spec.

3.2.   ISO/TC68 (Nat)

  • Two new WG, one for eKYC and another for QR code payment is being formed under SC2.
  • FAPI may want to open a liaison with the later so that we can review the document and give feedback.

3.3.   Open Banking (Ralph)

  • Payment API is lacking reverse and refund. It needs to be dealt with.

3.4.   PSD2 (Ralph)

  • Wait and see mode in many banks.
  • App to App / App based decoupled authentication. CIBA like. Now compelled to adopt due to EBA comment.
    • App based direct redirect Can be implemented through Intent / Redirect.
  • EBA comment can be implemented both decoupled and redirect.
  • Joseph commented that calling through HTTPS Claimed URL is mandatory.
  • Torsten said may be not.
  • Dave commented that it is the perfect timing for the deployment document as FAPI supports it.
    • Torsten commented that the title of the document should include "implementation" as otherwise developers will not notice it.
  • Joseph asked Ralph when the delta between the OB version and FAPI version of CIBA will close.
  • Ralph replied that it is upon him. It should happen soon.

3.5.   Australia (Dima/Stuart)

  • Combination of partial adoption of OIDC suite + custom claims - some std claims (iss).
  • Most of the work is on data and metadata.
  • Perhaps we should provide feedback and letter.
  • Stuart and Dima to draft a factual statement of the problems so that FAPI or OIDF can officially comment on their spec.


General feedback thread is open:

If you have consent decision feedback:

And authorization flow:

4.   Events

Nothing for August.

5.   Pull requests and issues

5.1.   PR #125 CIBA: let AS determine whether signed request is mandatory

5.2.   PR #115 FAPI-R/RW: Bring clauses about acr inline with usage

6.   AOB

6.1.   Next Call

The meeting was adjourned at 15:00 UTC.