Wiki
Clone wikifapi / FAPI_Meeting_Notes_2020-01-08_Atlantic
FAPI WG Meeting Notes (2020-01-08)
Date & Time: 2020-01-08 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
The meeting was called to order at 14:03 UTC.
1. Roll Call
1.1. Attending:
- Nat
- Bjorn
- Brian
- Daniel
- Dave
- Dima
- Ian Lowe
- Joseph
- Kousuke
- Rob Otto
- Torsten
- Mark Haine
- Nick Cuthbert
3. Event
3.1. Swift Conference/FAPI F2F
- Around Feb. 18. FAPI F2F. Don is finalizing.
- Likely to be 17th.
- FAPI and eKYC F2F.
- Tony is securing the room.
3.2. Identiverse Presentation Submission
- Due date: January 10.
4. Draft Status
4.1. OAuth JAR (Nat)
- Merge is bad.
- client_id and response_type - interop. Perhapss add a note?
- Add a note suggesting for backward compatibility, add these and match.
4.2. OAuth PAR (Torsten)
- WG adopted PAR.
4.3. OAuth RAR (Torsten)
- Please cast +1 to the OAuth thread.
- Need to develop Roadmap to include PAR and RAR.
4.4. #163 Security Model (Daniel)
- https://docs.google.com/document/d/1Lo2LCV5eV7iVGbsM0C7i3pL1nWRftfqjpfFCx5Q3Pds/edit#heading=h.u85w4jb6qchc
- https://docs.google.com/spreadsheets/d/1PtG4f-Svils7wHBa7cGaZubbh-6lGifce38c_oShSss/edit#gid=550739163
WG discussed the initial text created by Daniel.
- https://bitbucket.org/openid/fapi/issues/163/more-description-of-the-security-model
- https://docs.google.com/spreadsheets/d/1PtG4f-Svils7wHBa7cGaZubbh-6lGifce38c_oShSss/edit
They generally agreed that the attacker model is about right. Daniel also pointed out that there is one attack that we do not have a solution for. (PKCE chosen text attack.)
WG members are invited to make comments on the document and the ticket.
If it is a concrete change proposal to the document, it should go to the document itself.
If it is a more general discussion, it should go to ticket #163.
6. AOB
The meeting was adjourned at 14:__ UTC.
Updated