Wiki
Clone wikifapi / FAPI_Meeting_Notes_2020-10-28_Atlantic
FAPI WG Meeting Notes (2020-10-28)
- Date & Time: 2020-10-28 14:00 UTC
- Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- Note URI: https://bitbucket.org/openid/fapi/wiki/edit/FAPI_Meeting_Notes_2020-09-30_Atlantic
Agenda
The meeting was called to order at 14:03 UTC.
1. Roll Call
- Attending:
- Bjorn Hjelm (Verizon)
- Brian Campbell
- Dave Tonge
- Dima Postnikov
- Don Thibeau
- Francis Pouatcha (adorsys)
- Joseph Heenan (Authlete)
- Kosuke Koiwai (KDDI)
- Nat Sakimura (NAT.Consulting)
- Stuart Low
- Takahiko Kawasaki (Authlete)
- Dima Postnikov
- Regrets: Daniel
- Guest:
2. Adoption of Agenda (Nat)
- Events
- External organizations
- PRs
- Issues
3. Events
3.1. IIW (Nat)
- Was SSI focused
- Few sessions about OAuth, OpenID Connect
- Daniel presented session on threat model
- Tobias and Christina made presentation about SIOP
- Mostly about DIDs and VCs
- Now over > 70 DID methods, might be cause for concern
3.2. FDX/OIDF (Don)
- There will be Keynote at OIDF Workshop today focused on FAPI with panelists (Nat Sakimura, Don Cardinal, Anoop Saxena)
- Looks at practical next steps forward
- Serve members by avoiding duplication of efforts in regards to how FDX uses FAPI and current requirements for people to become members of both orgs
- Set closer collaboration for FAPI 2.0 with FDX
3.3. APIDays London (Dave)
- 10/27 - 10/28
- Dave gave a talk.
- A vendor gave FAPI Workshop. Akana.
4. External Organizations
4.1. Berlin Group (Francis)
- Taskforce: Banks only. Now other FIs including insurance.
- Advisory board: Francis sits here.
- Published open findings of the framework
- Berlin Group Next Gen
- Tool is renamed to Open Finance RP Framework
- Broadening the scope beyond banking to include financial assets , bankable assets
- Berlin group is structured into 2 main groups,
- task force, was limited to banks, now open for insurances and all financial institutes
- Advisory board, constituted of the markets
- Francis is a member
- Will be renamed to Open Finance Advisory Board, includes service providers, TPPs, and other market players
- Press releases coming out
- Francis will keep track
- Going towards sharing more than just banking data
- Still have problem of authorization and API mixed into single interface
- Francis putting pressure to split it
- FAPI can be reused for other areas instead of reinventing everything
- Don asked if OIDF can be member or observer of board
- Francis will address this with 2 chairs
- Board has quarterly meetings
- Members elect 10 board members
- OIDF can join as member now and be eligible for board for 2021-2022 term
- Francis will invite Don to the next session
- Francis asked if OIDF proposed liaison agreement to Berlin group
- Agreement was proposed earlier pre-Covid, still no response
- Francis will attempt to get agreement through the board instead of task force
- Don volunteered Torsten to join discussions
4.2. ETSI (Dave)
- OBE signature profile coming out.
- They did not accept base64url encode payload proposal.
- OBE talking about detached signatures, and RFC 7797 encodes the payload but OBE signing digest headers only
- WG has a working document regarding requirements for signing compile dby Joseph
- WG decided to make draft for non-repudiation
- Will need initial draft for adoption
- Stuart asked if we should have a separate profile for non-repudiation or make it part of FAPI 2.0
- Might be better to have a profile that can be referenced from FAPI 2.0
- Brian suggested to keep it simple and prevent scope creep.
- Current available signing standards don’t seem to meet requirements or still work in progress
- Dave, Francis, and Brian will be coming up with a signature draft for the WG to consider.
4.3. Australia (Stuart)
Consent revocation proposal adds a lot of complexity. There is no standards to built upon.
https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/247
Big 4 banks and recipients going into Phase 2 of consumer data sharing
Includes new products
Tweaks to information security profile
Joint accounts
Still finalizing consultation, looks very complex
- No existing technical standards available to achieve goals
- Intermediaries
- Cascading consents (communicating consents via third parties)
- No existing technical standards available to achieve goals
OAC conformance testing
- Joseph has CDR version of test on production and certification
Joseph still finalizing Australian response letter
- Still don’t know where to send it
- Might be better to do open letter and CC the chair
4.5. UK (Ralph)
- No updates
5. PRs (Dave/Nat)
issue
#330- potentially misleading language WRT JWT ATs - language is confusing- Suggested removing "opaque"
- Intent is tat AT is not to be consumed by clients
- remove "opaque" and reword note, make it similiar to RFC 6749 language that AT is usually opaque to clients
- No PR yet
issue
#317- Reassigned to Dave
6. AOB
The meeting was adjourned at 15:00 UTC.
Updated