1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. fapi

Wiki

Clone wiki

fapi / FAPI_Meeting_Notes_2023-06-28_Atlantic

View History

FAPI WG Agenda & Meeting Notes (2023-06-28)

Date & Time: 2023-06-28 14:00 UTC Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09

The meeting was called to order at 14:00 UTC.

1.   Roll Call (Nat)

  • Attendees: Nat, Brian, Craig, Justin, Kusuke, Lukasz, Peter, Takahiko, Victor, Chris, Joseph
  • Regrets: Dave, Mike

3.   Events (Nat)

  • OSW Submission Deadline == July 2.
  • IETF San Francisco is coming up in the last week of July.

4.   Liaison/Ext Org (Mike)

  • ISO/IEC 27566 Age assurance systems open for comment

5.   Issues (Nat)

Dealt with the following issues

  • #613: FAPI1A - Remove 5.2.4 and 5.2.5
    • It should be ok to remove, though it changes the appearance.
  • #611: Can 8.3.5 of FAPI 1 Advanced moved to 8.3.4?
    • There is no test in 8.3.5. However, it was pointed out that someone might be pointing to the section and changing the section number may break it.
    • Also, it was pointed out that changing the appearance is not desirable.
  • #612: Is there any test items in 5.1 of FAPI 1 Advanced? (Hanging paragraph in 5.1)
    • There is none, but see #611.
  • #614: Pandoc publishing - the internal link names have I think, changed
    • The main links have not changed.
    • There were links like rfc.section.5 as well, which is not really desirable but can be added.
  • #600: Errata to remove "Financial-grade" references from FAPI1
    • Text changes make the appearance change, but it was agreed that it was desirable.
    • Callers felt changing the filename should also be ok as long as there will be a redirect link.
  • #606: Address concerns related to JWT
    • This kind of question comes up every now and then.
    • Creating a FAQ on the use of JWT may be a good idea. Perhaps Oauth.net has one?
    • There is a recording of the “JWT or Not: Personally Insecure Reflections on Software (In)Security” session at the Identiverse conference last year by Brian as well. https://www.youtube.com/watch?v=IgKRGS6cQWw
  • #602: "Client" is misleading in the context of signed introspection responses
    • It was agreed that it is confusing. We need a better text, but a concrete proposal is needed.
  • #603: Require servers to allow for clock skew
    • Text was agreed. Need a PR.
  • #607: Create a Resource Server Profile on top of FAPI 2
    • Changed the category from FAPI 2 to Implementation advice
  • #608: Make clear that requests and responses to resource servers don't have to be bound
    • Waiting for a PR
  • #609: CIBA - Make clear limitation of binding message
    • Need to come up with the actual text

6.   AOB (Nat)

  • none

The meeting adjourned at 14:55.

Updated