FAPI WG Agenda & Meeting Notes (2021-11-05)

Date & Time: 2020-11-05 01:00 UTC 17:00 PST (5pm)

Agenda

The meeting was called to order at 01:00 UTC.

1. Roll Call (Nat)

Attending: Nat Sakimura, Mark Verstage (DSB), Dima Postnikov, Edmund Jay, Ivan Hosgood (DSB)
Regrets: Anoop

Topics that we talked about are:

The scope of "FAPI 2.0 Suite", e.g., FAPI 2.0 Profiles, Grant Management, PAR, RAR, CAEP, RISC, CIBA etc.
The scope of the Formal Analysis may need to be synchronized with that. This would give really give a compelling advantage of FAPI 2.0 Suite over FAPI 1.0 as the latter's formal analysis does not involve those extra bits.
We also need to start planning for the conformance test suite development. Need to involve Gail and the team.

Issue ~~#456~~
A lot of interoperability issues on Refresh Token Rotation found in Australia. Many banks rotate refresh tokens with the change of Access Token.
Nat pointed out that is not the intention of Refresh Token and FAPI 1.0 does not ask for the rotation. It is always assumed that the refresh token is not rotated so we could even issue interpretation notes on it.
Watching at the fact that Many Implementation follows refresh token rotation anti-pattern, it would be advisable for FAPI 2.0 specs to explicitly prohibit Refresh Token rotation.