FAPI WG Meeting Notes (2020-08-26)
Date & Time: 2020-08-26 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- 1. Roll Call
- 2. Adoption of Agenda (Nat)
- 3. Events
- 4. External Organizations
- 5. PRs for 1.0 (Dave)
- 6. Issues (Dave)
- 7. AOB
The meeting was called to order at 14:05 UTC.
- Attending: Nat, Anoop, Joseph, Daniel, Chris, Don, Brian, Kosuke, Ralph, Torsten, Dima, Dave, Stuart, Tony, Mark.
- Sept. 21st.
- US FDX Developers Conference Keynote on global interoperability by Nat Sakimura
- Stuart Low will be presenting his view on the evolution of FAPI
- Increasing cross over on the members, e.g., Authelete, ForgeRock, Ozone, Ping, etc.
- OIDF Workshop on October 25.
Preparing comment for public consultation on eIDAS regulation.
Main topic: the likelihood of EBA mandating eIDAS certs to be revoked on hard Brexit. FCA looking at a potential alternative, which is the fall back to the previous model.
CMA9 and others going through FAPI certification:
Firms are interested in the timing of FAPI 2.0 and differences. Nat gave his view on the roadmap.
Daniel noted that the payload signature is a roadblock.
ACT: Will deal with it in the next call.
It is generally agreed. However, Stuart and Dima noted that there could be impacts to AU. Stuart will talk with the AU lead tomorrow.
Joseph re-generated examples using example.com etc. instead of real domains.
ACT: ALL: Please provide independent checks.
Torsten asked several questions on the PR.
- He does not want a document behind a paywall to be referred.
Nat and Dave noted that they are not normatively referred - i.e., they are not necessary to comply with this document. At the same time, they provide valuable advice to implementers if they are interested in it. It would be a disservice to readers if we did not have any references. Joseph also asked if there is any credible and internationally vetted document and there seems to be none.
- He believes the statement "The authorization request should request only the claims that are needed for the purpose of the processing of PII to adhere to the collection minimization principle" belongs to OpenID Connect Core and not here.
Since we have run out of time, callers agreed to engage in the PR and try to close it by the next call.
The meeting was adjourned at 15:04 UTC.