3.1.   OSW 2022 (Daniel)

Early bird ticket is available for the next 8 days.

• https://oauth.secworkshop.events/osw2022

3.2.   IIW Workshop (Mike)

• April 25
• Still trying to find the location in Mountain View.
• Full WS details will be available this week.
• Working group updates
• Guest speakers
• Torsten will give GAIN PoC updates
• Debbie Bucci on open data initiatives in healthcare.

3.3.   IETF OAuth (Rifaat)

• DPoP etc.

4.1.   iGov WG

5.1.   U. Stuttgart

FAPI 2.0 security review: delivered contract on Tuesday.

5.2.   Saudi Arabia

Call with Central bank of SA.

5.3.   Berling Group

Next meeting end of April.

6.1.   FAPI DCR/M (Dynamic client registration and Management) (Joseph)

• https://bitbucket.org/openid/fapi/issues/466/proposal-for-fapi-dcr-dcm-dynamic-client
• n/a

6.2.   Grant Management (Dima)

• n/a

6.3.   JARM

• Dave to send out the WGLC.

7.1.   PR306 - Add refresh token rotation clause and note

• https://bitbucket.org/openid/fapi/pull-requests/306

7.2.   PR307 - Rework the TLS section re issue 461

Follow BCP. s/4/3/.

7.3.   PR311 - Remove support for hybrid flow

Tending to remove. Please chime in if you think that is not a good idea.

7.4.   PR312 - Make clear that we only support code flow

Change back to "shall support" instead of "shall use".

7.5.   PR310 - withdraw clause re introspection (re: #417)

7.6.   PR315 - FAPI2 iss + JARM (Re: #478)

The text should be modified to make the client not use iss outside JWT.

JARM is not required in FAPI 2.0 Baseline.

7.7.   PR316 - Explicitly mention mtls_endpoint_aliases (re: #415)

7.8.   PR314 (re: #471)

• https://bitbucket.org/openid/fapi/pull-requests/314

Add explicit clause about lifetime of request_uri

Maybe a good idea but the attacker model does not directly imply that. Also, it may act as a limiting factor for some use-cases.