1.1.   Attending:

1. Dave
2. Nat
3. Brian
4. Daniel
5. Joseph
6. Kosuke
7. Ralph
8. Stuart
9. Torsten
10. Bjorn
11. Pedram Hosseyni

1.2.   Regrets:

4.1.   OpenID Summit Tokyo and associated events (Nat)

• Jan 23, 24, 27, 28.
• Tokyo and Miyazaki
• Details: http://lists.openid.net/pipermail/openid-specs-fapi/2019-November/001613.html

4.2.   FDATA Summit

• December 5, 2019
• Edinborough
• MoneyHub etc. shortlisted in the award.
• https://fdata.global/summit/awards-2019/

4.3.   ETSI (Ralph)

• Pushing JWS HTTPS.
• Draft JWS Headers due shortly before Jan 20 next meeting.
• eIDAS scheme are based on CMS and JWS is a good candidate to replace it.
• Polish API, STET coming together. Portugal deferred to Berling Group. BG committed to JWS.
• ETSI wants to reuse IANA registry.

4.4.   IETF (Torsten)

• Justin presented OAuth XYZ, Torsten on PAR and RAR.
• There would be an activity to do OAuth 3.0 based on XYZ but there would be 2.1.
• Migration path needs to be prepared, e.g., versioned endpoints.
• Cavage was presented to Sec Dispatch and Justin and Annabel is writing a new draft to be presented to HTTP group.

5.1.   #163: more description of the security model (Daniel)

• https://bitbucket.org/openid/fapi/issues/163/more-description-of-the-security-model

5.2.   #255: certification clarification request: location of discovery document

Joseph is going to create a pull request.

5.3.   #207: RS256 vs PS256 (again)

Nat need to create a pull request.

5.4.   #236

Closed with pull request #145

5.5.   #216 TLS_ECDHE_ECDSA cipher suites

Pending Dave's email intraction with crypto experts.

5.6.   #232: Part 1: Complete the privacy consideration section

Nat to write the text.

5.7.   #240: FAPI-R: length/entropy of authorization code / refresh token / client_secret

Waiting for Dave's text.

5.8.   #242: Missing Bibliography Reference to FAPILI

Around Xmas time by Stuart.

5.9.   #273: Security considerations re large access tokens

To be recorded in the implementer's advice document. Concrete text is needed.