Wiki
Clone wikifapi / FAPI_Meeting_Notes_2023-03-22_Atlantic
FAPI WG Agenda & Meeting Notes (2023-03-22)
- Date & Time: 2023-03-22T14:00Z
- Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
- Self: https://bitbucket.org/openid/fapi/wiki/edit/FAPI_Meeting_Notes_2023-03-15_Atlantic
Agenda
The meeting was called to order at 14:02 UTC.
1. Roll Call (Dave/Nat)
- Attending: Dave, Nat, Chris, Takahiko, Michael, Mike L. Dima, Daniel, Justin, Kelly, Brian, Filip, Bjorn, Lukasz, Kosuke, Gail
- Regrets: Joseph
- Guest:
2. Adoption of Agenda (Dave/Nat)
- Adopted as presented as draft agenda.
3. Events (Mike L)
3.1. OpenID Foundation Workshop (Mike)
- Registration page is now open. * https://openid.net/2023/03/17/registration-workshop-at-microsoft/
3.2. Events are now in the Foundation Google Calendar (Mike)
- In the new website, it is going to be a single source.
4. Internal Liaisons
4.1. NIST SP800-63-4ipd Comments
- Mark is leading the discussion. Several meetings.
- Deadlines were postponed to April 14.
- Nat has provided a few comments pointing to FAPI as a good practice for security - security is typically not composable and has to take the protocol as a whole with an appropriate security model and analysis to go with.
- Link to the comment sheet that OIDF is compiling: * https://docs.google.com/spreadsheets/d/1JHDypzbKg8x2AMfC_z4pzDBk4waVJBp2/edit#gid=571622526
5. External Orgs & Liaisons (Mike L.)
5.1. Saudi Arabia (Mike)
- KSA * OP Testing: https://openid.net/certification/fapi_op_testing/ * RP Testing: https://openid.net/certification/fapi_rp_testing/
6. Draft Updates
6.1. Message Signing (Dave)
- Dave has sent the fixed Implementer's draft documents to Mike J.
6.2. Grant Management (Dima)
- Dima is applying the fix and is sending the draft out.
7. PRs (Dave)
- Apart from one PR that we are parking until HTTP signature is settled, there is no standing PR.
- Request/Response binding fix is waiting for IETF result next week.
8. Issues (Dave)
8.1. Proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values (Filip)
- https://bitbucket.org/openid/fapi/issues/403/proposed-new-fapi-certification-test
- related to
#501 - see https://bitbucket.org/openid/fapi/issues/403/proposed-new-fapi-certification-test as well.
- Filip is going to record the result of the discussion in the ticket.
Updated