Clone wiki

fapi / FAPI_Meeting_Notes_2020-03-04_Atlantic

FAPI WG Meeting Notes (2020-03-04)

Date & Time: 2020-03-04 14:00 UTC

Location: GoToMeeting

The meeting was called to order at 14:__ UTC.

1.   Roll Call

1.1.   Attending:

  1. Nat
  2. Pedram
  3. Daniel
  4. Kosuke
  5. Dima
  6. Brian
  7. Joseph
  8. Bjorn
  9. Barry ODonohoe

1.3.   Regrets:

  1. Dave Tonge
  2. Tony Nadalin
  3. Anoop Saxena

5.   Refactoring of the specs taking the security assumptions in mind (Daniel)

  • FAPI 2.0 drafts consists of attacker model and security profiles.

  • Baseline profile document has a diff table between 1.0 and 2.0.

WG members are invited to comment on it.

  • Advanced profile has non-repudiation feature.

This property has not been proved. Dima has contacted Pedram and U. Stuttgart for it.

There is a lot of open issues which pertain to 2.0 rather than 1.0.

Joseph voiced concern about requiring mTLS on Baseline.

There is a virtual interim OAuth 10:00 AM Central US Time on this coming Monday to discuss these issues.

7.   Issues

Dealt with #90, #279, #281, #275, #280, #274, #276, #163. See issues for more details.

8.   AOB

  • Joseph pointed out that only 5/70 or so banks have certified against OIDF test suite and 11 for now obsolete OBIE. As the result, there are fair amount of interoperability issues, esp. on App2App. To sort it out, joint workshop etc. is being proposed.

The meeting was adjourned at 14:59 UTC.