Wiki
Clone wikifapi / FAPI_Meeting_Notes_2023-12-14_Pacific
FAPI WG Agenda & Meeting Notes (2023-12-14)
Date & Time: 2023-12-15 00:00 UTC Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
The meeting was called to order at 00:00 UTC.
1. Roll Call (Anoop)
- Attendees: Bjorn, Dima, Nat, Ed, Anoop
- Regrets:
2. Events Update
- Japan Event
Thursday Jan 18, 2024 Hybrid Workshop 8-11 PST
Workshop information, including registration link: https://openid.net/registration-oidf-workshop-tokyo-2024/ Registration is REQUIRED.
- FDX - March 2024
https://www.financialdataexchange.org/FDX/FDX/Events/Event_display.aspx?EventKey=GSSPRING24
3. Liaison/Ext Org
- CAMARA
Issue #632 - Security profile for CAMARA https://bitbucket.org/openid/fapi/issues/632/security-profile-for-camara
Reached out to Camara leadership about doing a presentation.
Proposal to do FAPI update on Dec. 20 15:00 UTC. 20 minutes slot. Nat intends to attend but he will reach out to Dave as well as he would be more alert. From the certification team, Mike L. and Domingos will be there.
They are interested in certification profiles as well.
- CFPB draft rules 1033:
https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-rule-to-jumpstart-competition-and-accelerate-shift-to-open-banking/ https://files.consumerfinance.gov/f/documents/cfpb-1033-nprm-reg-text-with-1001_2023-10.pdf
Themes of feedack listed in https://docs.google.com/spreadsheets/d/14x6BOqO8l5-yjk0qm1m6aaDwjqpseLgMTCIx_Rd036I/edit?usp=sharing
Here is a page with the full proposed rule and link for submitting comment: https://www.federalregister.gov/documents/2023/10/31/2023-23576/required-rulemaking-on-personal-financial-data-rights
4. Issues
- one-time use of request_uri causing error
It was found in Australia that one time usage for request_uri in PAR causes errors in some browser-to-app interactions.
A combination of browser and virus checker was consuming the PAR uri by the time the client got the PAR response.
May need some guidance regarding relaxing the strict one time usage of PAR uri.
Wording from PAR:
Authorization servers SHOULD treat request_uri values as one-time use but MAY allow for duplicate requests due to a user reloading/refreshing their user agent.
https://www.rfc-editor.org/rfc/rfc9126.html#section-4
Relaxing one time usage may be dangerous but might be practical
May write implementation advice/note that these situations may arise
Dima is going to open the issue. We are going to reach out to the Stuttgart team to find if it is a show-stopper if we relax it.
6. Next Call
Next call will be an Pacific Call. Next Pacific call will be in two weeks (1-12-2024 @ 5pm PST) UTC - 1-13-2024 1:00 AM.
Updated