Wiki
Clone wikifapi / FAPI_Meeting_Notes_2020-02-26_Atlantic
FAPI WG Meeting Notes (2020-02-26)
Date & Time: 2020-02-26 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
Agenda
- 1. Roll Call
- 2. Adoption of Agenda (nat)
- 3. AU Consent Consultation (Stuart/Dima)
- 4. External Organizations
- 5. FAPI Evolution (Torsten)
- 6. Grant request/consent API (Torsten/Daniel/Joseph)
- 7. Refactoring of the specs taking the security assumptions in mind.
- 8. Issues and Pull requests.
- 9. Presentation for the SWIFT Conference on the 18th (torsten)
- 10. Issues
- 11. AOB
The meeting was called to order at 14:__ UTC.
1. Roll Call
1.1. Attending:
- Nat
- Dave Tonge
- Torsten
- Brian
- Daniel
- DIma
- Don
- James Bellairs
- Joseph
- Kosuke
- Perdam
- Pri Pillay (Stitch)
- Stuart
2. Adoption of Agenda (nat)
Adopted as is.
5. FAPI Evolution (Torsten)
Torsten provided the presentation: https://docs.google.com/presentation/d/1LyebJ8FhC1sIM9F5e9TNHRPDOYuXiilHt4wQBkvRvtc/edit#slide=id.p
- Rob: User interface issues. Many wants ROPC to keep control of the UI.
- Ralph: consent means different so need clarification.
Fine-grained authorization request
Consent is application-specific. More granular and complex as time goes by.
8. Issues and Pull requests.
Meeting starts at 11:00 GMT. Remote participation is available.
Ask Don if we can use the room until 5 PM.
9. Presentation for the SWIFT Conference on the 18th (torsten)
OIDF sales pitch with an emphasis on FAPI (API Security) and eKYC.
Use https://docs.google.com/presentation/d/171gOhCdxp1jZBo9P16gFLXOyIGILaPEGs6L7sDctHhg/edit?usp=sharing as the base and add a few slides for Swift.
9.1. Swift Identity APIs
Benefits With 3SKey, SWIFT shoulders your burden to build, maintain and update a technical infrastructure. 3SKey provides a common solution for strong authentication and digital identity, which can be used on any electronic banking channel, including offline applications, web-banking, local and proprietary networks, and SWIFT. 3SKey uses industry standards and provides toolkits and APIs for easy and rapid integration in applications while ensuring maximum security. https://www.swift.com/your-needs/corporates/3skey/benefits 3SKey for Banks factsheet .pdf RESOURCE Trusted and cost-effective solution for strong authentication and digital identity. https://www.swift.com/sites/default/files/resources/swift_needs_factsheet_3skeyforbanks.pdf
10. Issues
10.1. issue #278: duplicate kids in the authorization server's jwks (Joseph)
- Document the key selection algorithm when a duplicated kid is present.
- FAPI certification should give a “pass” to duplicated kids.
Updated