Wiki
Clone wikifapi / FAPI_Meeting_Notes_2023-10-19_Pacific
FAPI WG Agenda & Meeting Notes (2023-09-21)
Date & Time: 2023-10-19 00:00 UTC Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
The meeting was called to order at 00:00 UTC.
1. Roll Call (Anoop)
- Attendees: Nat, Mark Verstege, Bjorn, Dima, Edmund
- Regrets:
2. Recap of Atlantic Meeting
Saudi Arabian profile discussions * Potentially moving to FAPI 2 * currently using FAPI1 w/PAR/PKCE * Migration should be easy
Discussions about Vendor Support of FAPI2
- Certification page lists 10 certified implementations
- FAPI1 has more support
- Lots of vendors support underlying specs so FAPI2 is also supported
- Only the motions of going through certification remains
- Support of the Issuer in the authorization response needs to be configured
- Message Signing mechanisms are a part of FAPI1 so they should be widely supported as well
- HTTP Signing support is new in FAPI2
PR were discussed but were not merged * Needs more discussions with Dave who was not present
Formal Analysis was completed
- Has 2 cases
- Identity layer is out of scope for FAPI 2
- Added OIDC to the analysis
- User is work authenticated to the client using OIDC
- Session mix-up didn't For FAPI2, if such attacks are of concern, OIDC/identity layer is strongly recommended in conjuction to FAPI2
Mark will approve PR regarding clock skew
Dima needs to fix links in WG page but has no permissions * Will work w/MikeL to resolve
ConnectID is live in production in AU
- Sugges making a blog post about it
3. Next Call
Next call will be an Pacific Call. Next Pacific call will be in two weeks (10-05-2023 @ 5pm PST) UTC - 10-05-2023 1:00 AM.
Updated