Clone wiki

fapi / FAPI_Meeting_Notes_2023-03-22_Atlantic

FAPI WG Agenda & Meeting Notes (2023-03-22)

Date & Time: 2023-03-22T14:00Z
Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
Self: https://bitbucket.org/openid/fapi/wiki/edit/FAPI_Meeting_Notes_2023-03-15_Atlantic

Agenda

1. Roll Call (Dave/Nat)
2. Adoption of Agenda (Dave/Nat)
3. Events (Mike L)
- 3.1. OpenID Foundation Workshop (Mike)
- 3.2. Events are now in the Foundation Google Calendar (Mike)
4. Internal Liaisons
- 4.1. NIST SP800-63-4ipd Comments
- 4.2. FAPI2 Conformance test is now available (Mike)
5. External Orgs & Liaisons (Mike L.)
- 5.1. Saudi Arabia (Mike)
6. Draft Updates
- 6.1. Message Signing (Dave)
- 6.2. Grant Management (Dima)
7. PRs (Dave)
8. Issues (Dave)
- 8.1. Proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values (Filip)
9. AOB (Nat)

The meeting was called to order at 14:02 UTC.

1. Roll Call (Dave/Nat)

Attending: Dave, Nat, Chris, Takahiko, Michael, Mike L. Dima, Daniel, Justin, Kelly, Brian, Filip, Bjorn, Lukasz, Kosuke, Gail
Regrets: Joseph
Guest:

2. Adoption of Agenda (Dave/Nat)

Adopted as presented as draft agenda.

3. Events (Mike L)

3.1. OpenID Foundation Workshop (Mike)

Registration page is now open. * https://openid.net/2023/03/17/registration-workshop-at-microsoft/

3.2. Events are now in the Foundation Google Calendar (Mike)

In the new website, it is going to be a single source.

4. Internal Liaisons

4.1. NIST SP800-63-4ipd Comments

Mark is leading the discussion. Several meetings.
Deadlines were postponed to April 14.
Nat has provided a few comments pointing to FAPI as a good practice for security - security is typically not composable and has to take the protocol as a whole with an appropriate security model and analysis to go with.
Link to the comment sheet that OIDF is compiling: * https://docs.google.com/spreadsheets/d/1JHDypzbKg8x2AMfC_z4pzDBk4waVJBp2/edit#gid=571622526

4.2. FAPI2 Conformance test is now available (Mike)

https://openid.net/2023/03/21/fapi-2-conformance-tests-available/

5. External Orgs & Liaisons (Mike L.)

5.1. Saudi Arabia (Mike)

KSA * OP Testing: https://openid.net/certification/fapi_op_testing/ * RP Testing: https://openid.net/certification/fapi_rp_testing/

6. Draft Updates

6.1. Message Signing (Dave)

Dave has sent the fixed Implementer's draft documents to Mike J.

6.2. Grant Management (Dima)

Dima is applying the fix and is sending the draft out.

7. PRs (Dave)

Apart from one PR that we are parking until HTTP signature is settled, there is no standing PR.
Request/Response binding fix is waiting for IETF result next week.

8. Issues (Dave)

8.1. Proposed new FAPI certification test: private_key_jwt client authentication assertion where aud contains multiple values (Filip)

https://bitbucket.org/openid/fapi/issues/403/proposed-new-fapi-certification-test
related to ~~#501~~
see https://bitbucket.org/openid/fapi/issues/403/proposed-new-fapi-certification-test as well.
Filip is going to record the result of the discussion in the ticket.

9. AOB (Nat)

none

The call adjourned at 14:59

Updated 2023-03-22