Wiki
Clone wikifapi / FAPI_Meeting_Notes_2022-03-02_Atlantic
FAPI WG Meeting Notes (2022-03-02)
- Date & Time: 2022-03-02T14:00Z
- Location: GoToMeeting https://global.gotomeeting.com/join/321819862
- Self: https://bitbucket.org/openid/fapi/wiki/edit/FAPI_Meeting_Notes_2022-02-02_Atlantic
Agenda
The meeting was called to order at 14:05 UTC.
1. Roll Call (Nat)
1.1. Attending
- David Januchowski (Okta)
- Joseph Heenan (Authlete / OpenID Foundation)
- Takahiko Kawasaki
- Michael Palage
- Nat Sakimura
- Dima Postnikov
- Daniel Fett (Yes)
- Mike Leszcz
- Adrian Field
- Rifaat Shekh-Yusef (Okta)
- Kosuke Koiwai
- Elizabeth Garber
- Chris Michael
- George Fletcher
- Dave Tonge
- Travis Spencer (Curity)
- Brian Campbell
- Ralph Bragg
- Regrets:
- Guest:
2. Adoption of Agenda (Nat)
- Move the NIST response and white paper topic to the front.
3. Draft NISTIR8389 Cybersecurity Considerations for Open Banking Technology and Emerging Standards
- Link: https://csrc.nist.gov/publications/detail/nistir/8389/draft
- Commentary link : https://docs.google.com/document/d/10GTmFGtyZO96CpigzvZ1kyl5rIqVqsjwfR9IMAay3yk/edit#
- Due: March 3
Whitepaper link: https://docs.google.com/document/d/18i1f-lYd7VgAyw_2vYZChlFcSZwG_yK_epF7wAJkBaw/edit
Please comment on the link above, especially the last two pages.
The whitepaper will be kept as a draft for some more time but the NSIT response will be sent tomorrow.
4. Events (Nat)
n/a
5. Internal Liaison (Nat)
5.1. AB/Connect WG (Nat)
The FedCM is just addressing a niche problem. It is addressing Account chooser and thrid party logout is going to be broken.
PrivacyCG wants to prevent navigational tracking. They said that FedCM will solve it, This will break the redirect based protocols e.g., SAML, OAuth, OpenID and thus FAPI.
Interested parties probably should raise voices of concern.
Links:
- W3C Federated ID CG:https://www.w3.org/community/fed-id/
- W3C Privacy CG: https://www.w3.org/community/privacycg/
- https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline
- https://github.com/fedidcg/meetings/blob/main/2022/2022-02-14-notes.md
- https://github.com/whatwg/html/issues/6364
IIW Side Event is being planned for this.
6. External Organizations (Nat)
6.1. Australia (Gail/Mike L.)
- Working with DSB and U.Stuttgart to start formal security analysis. Hopefully the work will start at the end of this week.
6.2. Brazil (Mike L.)
- RP certifications coming in.
- CIBA certification requirements coming.
- Chicago advisory group, Radium, setting up RP community group.
- Hopeing to create a knowledgebase.
- Carnival week.
6.5. GAIN (Elizabeth/Mike L.)
- Finalized participation agreement.
- Elizabeth has sent out a link to the agreement.
- project paper link:
- PoC web page is going
- Kick-off call is tomorrow.
GAIN POC Online Meeting Venue and Schedule Weekly Thursday Call @ 7 pm UTC Location: https://meet.goto.com/520132557
First POC call tomorrow, Thursday, March 3rd. The meeting is on the OIDF Google calendar.
6.6. The Middle East and North Africa (Chris)
- Israel:
- Central bank of Israel is announcing open banking / finance regulations and releasing first.
- Closely aligned with Berlin Bank Standards.
- 15 banks.
- First phase is account information.
- Saudi Arabia
- They are interested in opening dialogue with OIDF.
- Following UK model.
- Quite innovative around conformance certification model - realtime automated certification.
6.7. Nigeria (Mike)
- Having a call after eKYC call to better understand the USSD requirements.
6.8. UK (Chris)
- n/a
6.9. USA (Gail)
- n/a
NIST.IR.8389-draft - https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8389-draft.pdf
We will discuss it as an independent topic below.
7. Specs
7.1. FAPI DCR/M (Dynamic client registration and Management) (Joseph)
- https://bitbucket.org/openid/fapi/issues/466/proposal-for-fapi-dcr-dcm-dynamic-client
- Joseph to work on it but is currently preoccupied with FAPI 2.0 tests.
- Nat pointed out that now that additional ecosystems are coming in, it is important to get at least something out as a guidance.
7.3. JARM
- Need to move forward to get it finalized.
8. PRs (Dave)
All the PRs are Dave's apart from the initial draft still being worked on by Dima, and Dave had to leave the meeting today early, we skipped the discussion.
9. Issues (Dave)
Following new issues were discussed and opened.
Updated