FAPI WG Meeting Notes (2019-11-27)
Date & Time: 2019-11:27 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (nat)
- 3. Report from Pacific Call (Nat)
- 4. Events (Nat)
- 5. Issues
- 5.1. #163: more description of the security model (Daniel)
- 5.2. #255: certification clarification request: location of discovery document
- 5.3. #207: RS256 vs PS256 (again)
- 5.4. #236
- 5.5. #216 TLS_ECDHE_ECDSA cipher suites
- 5.6. #232: Part 1: Complete the privacy consideration section
- 5.7. #240: FAPI-R: length/entropy of authorization code / refresh token / client_secret
- 5.8. #242: Missing Bibliography Reference to FAPILI
- 5.9. #273: Security considerations re large access tokens
- 6. Pull Requests
- 7. AOB
The meeting was called to order at 14:05 UTC.
- Pedram Hosseyni
- Stances towards FDX, ACDS, Open Banking, etc.
- Abstracted model for Consent and Revoke as an International Standard Token Establishment for multi-regional
- Special Call at 5 PM Pacific Time on the December 5th.
- Jan 23, 24, 27, 28.
- Tokyo and Miyazaki
- Details: http://lists.openid.net/pipermail/openid-specs-fapi/2019-November/001613.html
- December 5, 2019
- MoneyHub etc. shortlisted in the award.
- Pushing JWS HTTPS.
- Draft JWS Headers due shortly before Jan 20 next meeting.
- eIDAS scheme are based on CMS and JWS is a good candidate to replace it.
- Polish API, STET coming together. Portugal deferred to Berling Group. BG committed to JWS.
- ETSI wants to reuse IANA registry.
- Justin presented OAuth XYZ, Torsten on PAR and RAR.
- There would be an activity to do OAuth 3.0 based on XYZ but there would be 2.1.
- Migration path needs to be prepared, e.g., versioned endpoints.
- Cavage was presented to Sec Dispatch and Justin and Annabel is writing a new draft to be presented to HTTP group.
Joseph is going to create a pull request.
Nat need to create a pull request.
Pending Dave's email intraction with crypto experts.
Nat to write the text.
Around Xmas time by Stuart.
To be recorded in the implementer's advice document. Concrete text is needed.
The meeting was adjourned at 14:56 UTC.