FAPI WG Meeting Notes (2020-08-05)
Date & Time: 2020-08-05 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
The meeting was called to order at 14:05 UTC.
- Attending: Nat, Bjorn, Allan, Dave, Tony, Joseph, Ralph, Kosuke, Chris, Dima
There are two workstreams that are potentially relevant to FAPI. One is Web Payment. The other is WebID CG. WebID is trying to sort the problem that a browser cannot reliably distinguish legitimate authentication federation and web tracking. It is related to ITP.
Privacy Path @ IETF that uses JWT seems to be relevant here as well.
- rest of CMA9 still working towards certifications
- Significant potential breaking issue reuse of PSD2 eIDAS certs in the UK if a no-deal Brexit after 1 Jan - see https://eba.europa.eu/eba-calls-financial-institutions-finalise-preparations-end-transitional-arrangements-between-eu-and
Particularly this phrase: Furthermore, account information service providers (AISPs) and payment initiation service providers (PISPs) registered/authorised in the UK will no longer be entitled to access customers' payment accounts held at the EU payment service providers and their PSD2 eIDAS certificates under Article 34 of the Commission Delegated Regulation (EU) 2018/389 will be revoked.
If taken at face value, and if all QTSPs revoke all UK firms' PSD2 eIDAS certs, and if FCA retains the current requirement for these PSD2 eIDAS certs in the UK, then...
Please give feedback to all the standing PRs.
It is using the real domains as examples are straight out of the conformance test. It should be replaced with example.com etc.
Changing a should to shall, requiring metadata to be obtained through OIDD.
Note: a few banks currently fails this requirement.
Nat proposed a text. Ralph is writing a friendly amendment to it. Once it is ready, it should be merged in.
The meeting was adjourned at 14:59 UTC.