FAPI WG Meeting Notes (2019-08-21)
Date & Time: 2019-08-21 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (Nat)
- 3. Certification
- 4. External Organizations
- 5. Pull requests
- 5.1. #131 first proposal to integrate JARM as equal option
- 5.2. #137 changed the draft to use the application/x-www-form-urlencoded encoding
- 5.3. #134 FAPI-R/RW: client authentication restrictions apply to all endpoints
- 5.4. #130 Initial attempt at listing requirements for FAPI HTTP signing
- 5.5. #129 First Cut
- 5.6. #113 FAPI-R: Clarify authorization code reuse requirements
- 5.7. #135 FAPI-RW: Apply cipher restrictions to < TLS 1.3
- 5.8. Code reuse issue
- 5.9. #125 CIBA: let AS determine whether signed request is mandatory
- 6. Issues
- 7. AOB
The meeting was called to order at 14:04 UTC.
- Nat Sakimura
- Dima Postnikov
- Kosuke Koiwai
- Joseph Heenan
- Dave Tonge
- Anthony Nadalin
- Brian Campbell
- Torsten Lodderstedt
- Eric Tedeschi
- Bjorn Hjelm
- Ralph Bragg
- Anoop Saxena
- Added Certification
2 Banks paid. One has not submit the result yet. The other has, but not yet publisheable. Request from Open Banking to separate FAPI Certification result. This was discussed and those on the call agreed that it would be beneficial to separate the FAPI results from the OIDC results. Jospeh to speak to the certification team about this.
- Sept. 13, 14 in Detroit.
- Presso needed. If you have one already, please send it to Bjorn and nat.
JOseph is doing the final review.
Related to issue
Changes the JSON POST to form encoding.
Brian asked that posting raw JSON may be simpler.
Joseph will make the change to pull request.
Accepted as a new document.
Just qualifying TLS cipher restrictions.
In Open Banking, Discovery is mandated so there is no deployment impact in that respect. Two good comments from Brian and Torsten. Joseph will create a pull request.
People in the call agreed that it should be advertised, but we did not get to the conclusion whether it should be "SHALL" or "SHOULD".
Discussion is going to be continued on the ticket and we will come back to it in the next call.
The meeting was adjourned at 15:09 UTC.