Wiki
Clone wikifapi / FAPI_Meeting_Notes_2019-11-20_Atlantic
FAPI WG Meeting Notes (2019-11-20)
Date & Time: 2019-11:20 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
- 1. Roll Call
- 2. Adoption of the Agenda (nat)
- 3. External Organizations
- 4. Pull Requests
- 5. Issues
- 5.1. #255: certification clarification request: location of discovery document
- 5.2. #207: RS256 vs PS256 (again)
- 5.3. #236
- 5.4. #216 TLS_ECDHE_ECDSA cipher suites
- 5.5. #232: Part 1: Complete the privacy consideration section
- 5.6. #240: FAPI-R: length/entropy of authorization code / refresh token / client_secret
- 5.7. #242: Missing Bibliography Reference to FAPILI
- 5.8. #273: Security considerations re large access tokens
- 6. AOB
The meeting was called to order at 14:05 UTC.
1. Roll Call
1.1. Attending:
- Bjorn
- Nat
- Craig Borysowich (Payments Canada)
- Dima Postnikov
- Joseph
- Kosuke
- Stuart Low
- Rob Otto
3. External Organizations
3.1. Open Banking (Joseph)
Open Banking shared a new roadmap consultation mainly focused to wrap up functional spec. e.g., 9 CMA banks should be made available the sweeping service. CMA 9 must pass the functional test.
3.2. ISO
Nat started to explore getting PAS Submitter status.
3.3. IETF
3.3.1. HTTP Signing (Joseph)
Justin's slide https://datatracker.ietf.org/meeting/106/materials/slides-106-secdispatch-http-signing
It was discussed in the Dispatch group. Advised to do it in HTTP group.
Annabel has split Justin's PoP spec. into HTTP bit and OAuth Token presentation bit.
It looks like some evolution of Cavage may happen but it still is in the early days.
3.3.2. OAuth WG (Joseph)
Tomorrow 8AM UTC.
3.3.3. BoF Transactional OAuth
https://www.youtube.com/watch?v=q096sY6L9-E
Exploring whether Justin's or Torsten's spec to be adopted.
3.4. Australia (Stuart)
Analysis of the current draft needs to be done.
Joseph has been talking with the EY team on testing. EY + Data 61 to drawing the testing plan. Data 61 wants to start an independent test.
5. Issues
https://bitbucket.org/openid/fapi/issues/
5.1. #255: certification clarification request: location of discovery document
Joseph is going to create a pull request.
5.2. #207: RS256 vs PS256 (again)
Nat need to create a pull request.
5.3. #236
Closed with pull request #145
5.4. #216 TLS_ECDHE_ECDSA cipher suites
Pending Dave's email intraction with crypto experts.
5.5. #232: Part 1: Complete the privacy consideration section
Nat to write the text.
5.6. #240: FAPI-R: length/entropy of authorization code / refresh token / client_secret
Waiting for Dave's text.
5.7. #242: Missing Bibliography Reference to FAPILI
Around Xmas time by Stuart.
5.8. #273: Security considerations re large access tokens
To be recorded in the implementer's advice document. Concrete text is needed.
6. AOB
The meeting was adjourned at 14:56 UTC.
Updated