3.1.   Identiverse

Meeting with organizers to follow up on OIDF submissions as well as OIDF sponsorship of Identiverse.

3.2.   EIC

The EIC closing date for proposals Feb 28 - https://www.kuppingercole.com/events/eic2022/callforspeakers

4.1.   Australia (Gail/Dima/Joseph)

Mike Leszcz was in contact with the CDR team to coordinate a call for next week to get an update briefing from the CDR regarding their FAPI efforts, including a transition to FAPI 2.0. Will also share OIDF updates.

Possibly might give an update during next week’s call depending on timing of the call.

4.2.   Brazil (Mike L.)

Continue to receive RP certifications (Currently 19 organisations certified.)

Extended RP community group to the end of March to encourage RP certifications.

Mike and Joseph was in meeting with Central bank to get an update regarding CIBA requirements.

Will require CIBA certifications probably at the end of Q1 or during Q2.

Certification team will add OP and RP CIBA tests for Brazil.

4.3.   Berlin Group (Dave)

• Dave to follow up.

4.4.   FDX (Mike)

• n/a

4.5.   The Middle East and North Africa (Ali)

Waiting for the green light to sign the MOU.

Pending announcement by the central bank of UAE to issue new licenses to challenger banks.

Might be worthwhile to have that information mentioned in the press release preceding the MOU.

Will hear from them next week regarding the signing of the MOU between the OIDF and DFC.

There should be agreed parts on the MOU to have both sides appoint people to discuss next steps.

Will follow Brazil footsteps by using informational workshops about relevant standards and developing a community approach.

4.6.   Mexico (Gail)

n/a

4.7.   NIST (Gail)

NIST IR 8389 is now available for comments.

See http://lists.openid.net/pipermail/openid-specs-fapi/2022-January/002514.html for more details.

NIST Page: https://csrc.nist.gov/publications/detail/nistir/8389/draft?utm_campaign=Daily%20News&utm_medium=email&_hsmi=199892597&_hsenc=p2ANqtz-8e00EUjDiF3cjokSiAHdV2blyRoL4PdEUljePvkXfNQO4YqwPt-MachArLcSSoeen1_Y8lc3UlnOD734uGAZX1BPYbUg&utm_content=199892597&utm_source=hs_email

4.8.   Russia (Dima/Mike)

• Bank of Russia is looking at the security profile right now.
• Dima and Mike is following up.

4.9.   UK (Chris)

90-days reauthentication requirements are being removed.

The deadline will be March or May

It will be the job of TPP to make sure the consent of the Customer is there.

Europe is potentially planning to extend the time from 90 days to 180 or similar.

Customer has to effectively go back to the bank to reauthenticate. This is a friction point which might cause drop off.

It will be up to TPP to make sure that customers are actually using the services and dosn’t need to involve the bank

FData is writing a paper to feed back into the European consultation.

People with questions or concerns should reach out to ghela.boskovich _at_ fdata.global. She’s coordinating response to European regulators.

4.10.   GAIN (Mike)

6.1.   FAPI DCR/M (Dynamic client registration and Management) (Joseph)

• https://bitbucket.org/openid/fapi/issues/466/proposal-for-fapi-dcr-dcm-dynamic-client

Create a FAPI profile for dynamic client registration and dynamic client management, RFC7591, and RFC7592 Australia, UK, and Brazil produced their own profiles.

WG should create some generic requirements on secured DCR/DM for future ecosystems.

Need to be mindful of markets that have single directory, multi directories, and those that don’t (Bahrain), and private systems that use FAPI

The term directory has different meanings depending on market.

Small markets with small amount of banks and third parties don’t need directories. They’re just doing open banking as a single regulator. Only need lists of firms, IDs, and certs.

Directories are used in multi-markets or multi-sector requirements, overall regulations, Open Finance, and multiple regulators.

Joseph will create initial draft for discussion and adoption.

6.2.   Grant Management (Dima)

• Next week.