FAPI WG Meeting Notes (2020-01-22)
Date & Time: 2020-01-22 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of the Agenda (nat)
- 3. Event
- 4. External Organizations
- 5. Draft Status
- 6. Issues
- 7. Next meeting
- 8. AOB
The meeting was called to order at 14:03 UTC.
Nat Ben White (Plaidd) Bjorn Hjelm Daniel Fett Joseph Kosuke DOn Dima Brian Dave Stuart Low Glyn (Open Banking)
- Added Berlin Group report.
- Around Feb. 18. FAPI F2F. Don is finalizing.
- Likely to be 17th. at Akamai office. FAPI, Lunch, eKYC.
- FAPI and eKYC F2F.
- Eventbrite will be sent by CoB today.
- Due date: January 24.
- OpenID Foundation Workshop on the 1st day.
- May 12 Morning.
- FAPI & eKYC F2F at the conference on 11th May.
- Board meeting on May 11.
- Visited Bonn to discuss with the editors.
- Introduced OAuth and OpenID Connect/FAPI/PAR/RAR.
- Not very interested in aligning.
- They have very complex use cases that they have not figured out.
- Consent management
- Embeded mode.
- It was not as positive as it could be but there are rooms for alignment a bit.
- Global interoperability.
- Ver. 1.1.1 has been released. Side by side with the spec analysis.
- A lot better than it used to be. Focus area would be to make sure that it will not break in certification.
- Consent (Dima)
- Consent requirements: good to compare how consents are dealt with in other Jurisdiction.
- Feb 1. deadline has been moved to July 1.
- Certification has been under conversation but is not used in reality. Perhaps because the current CDS breaks on certification.
- Focus of WG should be vendors breaking their products.
- Now in political phase? FDATA is trying to talk to the Government.
- Identify the diffs that really breaks and escalate.
- Draft letter to be developed by the London meeting.
- Merge is bad.
- client_id and response_type - interop. Perhapss add a note?
- Add a note suggesting for backward compatibility, add these and match.
- WG adopted PAR.
- Accepted as the WG item.
WG discussed the initial text created by Daniel.
They generally agreed that the attacker model is about right. Daniel also pointed out that there is one attack that we do not have a solution for. (PKCE chosen text attack.)
WG members are invited to make comments on the document and the ticket.
If it is a concrete change proposal to the document, it should go to the document itself.
If it is a more general discussion, it should go to ticket
* Short answer: Yes. It is the ecosystem's choice to make it stronger.
* Signed and Encrypting still is supporting "Signed" but the language can be clearer.
* ACTION: Propose an improved language.
- Next week, same time.
- eKYC/IDA Meeting this week is cancelled.
The meeting was adjourned at 14:58 UTC.