Wiki
Clone wikifapi / FAPI_Meeting_Notes_2024-02-28_Atlantic
FAPI WG Agenda & Meeting Notes (2024-02-28)
- Date & Time: 2024-02-28 14:00 UTC
- Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09
Agenda
- 1. Roll Call (Dave)
- 2. Adoption of agenda (Dave)
- 3. Events (Mike L.)
- 4. External Orgs & Liaisons (Mike L.)
- 5. FAPI 2.0 PRs & Issues (Dave)
- 6. Issues
- 6.1. #665 Reference PAR in 5.3.1.1 (12)
- 6.2. #670 Use of FAPI with mandatory MTLS
- 6.3. #638 Add some more text to Introduction
- 6.4. #660 Define requirements for OpenAPI FAPI securityScheme type
- 6.5. #674 length of nonce tested in OP conformance tests
- 6.6. #651 Avoid "should be" and "shall be" where possible
- 6.7. #642 Continuation of #619 -- Add some text to make the readers aware of the caveats.
- 7. AOB (Dave)
The meeting was called to order at 14:05 UTC.
1. Roll Call (Dave)
- Attendees:
- Regrets:
2. Adoption of agenda (Dave)
- Adopted as is.
3. Events (Mike L.)
- OIDF Shared Signals Interop at Gartner IAM March 4th & 5th: https://openid.net/call-for-participation-demonstrate-interoperability-of-your-caep-implementations/
- IETF 119 Brisbane March 1622: https://datatracker.ietf.org/meeting/119/agenda
- OSW in Rome April 10-12 – registration is now open and final call for speakers is open until March 10th. All details here: https://oauth.secworkshop.events/osw2024
- OIDF Workshop at Google on Monday, April 15th in Sunnyvale – registration now open and required: https://openid.net/registration-oidf-workshop-monday-april-15-2024/
- The OpenID Foundation DCP working group is hosting a hybrid meeting on Friday, April 19, 2024 after IIW Spring 2024. The meeting will allow for in-person and virtual participation and will be hosted at Google in Sunnyvale, CA (address and meeting room to be confirmed). Note that registration is only required if you are attending in-person: https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357?aff=oddtdtcreator. Please register if you are planning to participate in-person so we can plan accordingly.
- Authenticate 2024 – call for speakers open now until March 4th with all details here: https://authenticatecon.com/authenticate-2024-call-for-speakers/
- Identiverse May 28-31 in Vegas – OIDF is planning to have breakout room if the WG is interested in meeting
- OIDF calendar on website is current: https://openid.net/calendar/
4. External Orgs & Liaisons (Mike L.)
- OFBR – continued high volume of FAPI re-certification requests to meet central bank mandates/milestones. Certification team is doing an excellent job in managing the increased volume.
- OPIN – starting to see next phase of FAPI re-certifications
- Chile – 18 months timeline
5. FAPI 2.0 PRs & Issues (Dave)
5.1. PR 463 Fixes #653 - Update abbreviated terms
- PR 463 https://bitbucket.org/openid/fapi/pull-requests/463
- To be merged
5.2. PR 472 remove keyword can from note
- https://bitbucket.org/openid/fapi/pull-requests/472
- To be merged
5.3. PR 473 Fixes #676 Update clause reference in Note2
- https://bitbucket.org/openid/fapi/pull-requests/473
- Fixes
#676Update clause reference in Note2, should refer to clause 10 instead of clause 9. - To be merged
6. Issues
6.2. #670 Use of FAPI with mandatory MTLS
#670- Dima to create a PR this week
6.3. #638 Add some more text to Introduction
#638- Nat to create a PR
6.4. #660 Define requirements for OpenAPI FAPI securityScheme type
- #660
- There is no sensible way to express a security scheme in OpenAPI right now.
- This ticket is suggesting to create a document so that it can be proposed to them.
- This does not impact the spec so the spec can proceed independently.
- Peter Stanley supported it, mentioning that OpenID Connect is a scheme there.
6.5. #674 length of nonce tested in OP conformance tests
#674- In FAPI2, it is not the web server limit but the internal processing e.g. DB.
- Supports for minimum values for AS on nonce (64) and state (512).
- Some discussion on the corresponding client values.
- We should discuss it over a PR.
6.6. #651 Avoid "should be" and "shall be" where possible
#651- Make authorisation server and/or clients etc. as the subject of the sentence.
- Dave is going to make a PR
Updated