Wiki
Clone wikifapi / FAPI_Meeting_Notes_2023-06-28_Atlantic
FAPI WG Agenda & Meeting Notes (2023-06-28)
Date & Time: 2023-06-28 14:00 UTC Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
Agenda
The meeting was called to order at 14:00 UTC.
1. Roll Call (Nat)
- Attendees: Nat, Brian, Craig, Justin, Kusuke, Lukasz, Peter, Takahiko, Victor, Chris, Joseph
- Regrets: Dave, Mike
3. Events (Nat)
- OSW Submission Deadline == July 2.
- IETF San Francisco is coming up in the last week of July.
4. Liaison/Ext Org (Mike)
- ISO/IEC 27566 Age assurance systems open for comment
5. Issues (Nat)
Dealt with the following issues
#613: FAPI1A - Remove 5.2.4 and 5.2.5- It should be ok to remove, though it changes the appearance.
#611: Can 8.3.5 of FAPI 1 Advanced moved to 8.3.4?- There is no test in 8.3.5. However, it was pointed out that someone might be pointing to the section and changing the section number may break it.
- Also, it was pointed out that changing the appearance is not desirable.
- #614: Pandoc publishing - the internal link names have I think, changed
- The main links have not changed.
- There were links like rfc.section.5 as well, which is not really desirable but can be added.
#600: Errata to remove "Financial-grade" references from FAPI1- Text changes make the appearance change, but it was agreed that it was desirable.
- Callers felt changing the filename should also be ok as long as there will be a redirect link.
- #606: Address concerns related to JWT
- This kind of question comes up every now and then.
- Creating a FAQ on the use of JWT may be a good idea. Perhaps Oauth.net has one?
- There is a recording of the “JWT or Not: Personally Insecure Reflections on Software (In)Security” session at the Identiverse conference last year by Brian as well. https://www.youtube.com/watch?v=IgKRGS6cQWw
#602: "Client" is misleading in the context of signed introspection responses- It was agreed that it is confusing. We need a better text, but a concrete proposal is needed.
#603: Require servers to allow for clock skew- Text was agreed. Need a PR.
- #607: Create a Resource Server Profile on top of FAPI 2
- Changed the category from FAPI 2 to Implementation advice
#608: Make clear that requests and responses to resource servers don't have to be bound- Waiting for a PR
- #609: CIBA - Make clear limitation of binding message
- Need to come up with the actual text
Updated