3.1.   OIDF virtual workshop (Mike L.)

• Thursday, December 9th at 9 AM PT.
• Link with registration details: https://openid.net/2021/10/19/registration-open-for-openid-foundation-virtual-workshop-thursday-december-9-2021/

3.2.   GSMA (Gail/Bjorn)

The second workshop is on Nov. 29 for deeper technical dive.

Dave is presenting on behalf of FAPI WG.

3.3.   OAuth Security Workshop (Daniel)

OAuth Security Workshop 2021 is coming up https://barcamps.eu/osw2021/

Nov 30 - Dec 1, 2021

Free Virtual Event

Session proposals are still accepted are scheduling

Some OIDF Session topics:

• Browser interaction, third party cookies
• SIOP cross-device security, risk mitigation
• State of OAuth clients for modern security features

4.1.   Australia (Gail/Dima/Joseph)

n/a

4.2.   Brazil (Mike L.)

Hosted RP workshop yesterday. Joseph walked through RP certifications.

Close to 200 participants.

Both Marks and Domingos participated.

Still receiving OP certification requests and RP requests are starting to come in.

Slack channel activity is increasing.

It looks like RP Certification mandate is official for some participants using accounts or payments.

Still questions about which profiles need to be certified (e.g. private key or MTLS).

JARM is not yet required for RPs.

4.3.   Berlin Group (Francis)

Meeting was postponed to work on PAR.

Second workshop is pushed to the beginning of next year.

Gail asked about digital wallet (cryptocurrency, digital euro) movement in EU.

It’s still in early stages and there is a lot of confusion.

4.4.   FDX (Mike)

FDX and OIDF Blog posts are now public.

4.5.   The Middle East and North Africa (Ali)

MOU being developed.

DIFC wants to speak to a bank to see if they can also be part of the MOU to bring more weight to the relationship.

4.6.   Russia (Dima/Mike)

They will get back later this week.

4.7.   UK (Chris)

Ongoing consultation on sweeping and vRP use cases and OBIE and OpenFinance future.

PayByLink http://lists.openid.net/pipermail/openid-specs-fapi/2021-November/002483.html

Request to pay. No interest in the market and has not taken off. Berlin group is also looking at something similar as a premium API.

There is more interest in confirmation to pay but the current regulatory framework is lacking account linking to identity and causing a lot of fraud (same in PayByLink). Confirmation to Pay has made the situation worse.

There are no concrete solutions to the problem.

One unlikely proposal is to make the receiving banks liable for the fraud so they will be inclined to implement strong KYC, but is not being considered at the moment.

4.8.   Mexico (Gail)

There are some standards being drafted that are not public but do not look promising at the moment.

Might be useful for the OIDF to proactively reach out to regulators.

4.9.   GAIN (Gail)

MOU agreement is being developed to clarify roles and commitments of “G5” organizations.

Target date is likely to shift to the beginning of January

Don and Mark Haine are organizing a mega deck to explain the process, flesh out POC, roadmap, split of work between OIDF and OIX.

The roadmap will be shared with the G5 on Dec 1.

Participation agreement for POC is seeing some movement and is targeted for Jan.

eKYC interop event this week with 4 IdPs. Report will be provided at OAuth Security Workshop.