Wiki
Clone wikifapi / FAPI_Meeting_Notes_2023-09-13_Atlantic
FAPI WG Agenda & Meeting Notes (2023-09-13)
- Date & Time: 2023-09-13 14:00 UTC
- Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
Agenda
The meeting was called to order at 14:03 UTC.
1. Roll Call (Nat)
- Attendees: Nat, Joseph, Mike, Craig, Kyle, Lukasz, Robert, Peter Stanley, Peter Wallach, Kosuke, Mark Andrus, Bjorn, George, Venkatasubramanian
- Regrets:
2. Adoption of agenda (Nat)
- Adopted as is.
3. Events (Mike L.)
3.1. IIW Workshop
OIDF planning workshop prior to IIW on Oct 9 at Cisco in Mountain View, California. Need to register 1 week before the workshop.
Link: https://openid.net/registration-workshop-october-9-2023/
4. Liaison/Ext Org (Mike/Chris)
4.1. Brazil
- Open Finance and Insurance -- Milestones coming week. Both OPs and RPs certifications starting in Feb-April 2024
4.2. Australia
- Minor changes to conformance suite
6. Issues (Dave)
#603- Require servers to allow for clock skew- Decided Shall be no less than 10 seconds and should not be more than 60 seconds.
- Ecosystems may adjust values maximum as necessary.
- #490 - Request for suggestions for tests for FAPI2-Baseline RP/client testing
- assigned to Joseph
#602- "Client" is misleading in the context of signed introspection responses- Solved with PR #431
#625- Changes to introduction of http signing section- Assigned to Dave
#624- " client's misconfigured token endpoint" is confusing- Use text suggestion from Daniel
- Assigned to Nat
#623- Replace reference to obsolete RFC7525 with BCP195- Replace obsoleted reference with BCP 195
- Need to replace DPoP references also
- Assigned to Daniel
#619- Authentication property of FAPI 2.0- Should authentication be considered in security analysis and whether it needs to be addressed
- Identity aspects are out of scope but it’s important to ensure proper user authentication
- Clarify that Identity management layer is not part of FAPI2
- Add text in intro and scope
- #469 - Add protocol version and variant identifier
- Priority lowered to minor
- #457 - Create JSON Schema for Grant Management Specification
- Priority lowered to minor
#549- Network Layer Protections restrict use of more recent TLS 1.2 ciphers- Context of issue is no longer valid since updated TLS BCP does not recommend usage of some newly added ciphers
- Mark as resolved, no action needed
- #555 - Tracking: Implementers of FAPI 1.0 and FAPI 2.0
- Add new implementations to the issue
#626- DPoP reference needs to be updated to the RFC- assigned to Daniel
Updated