2.1.   IETF

IETF 119 coming up on Mar 16 - 22. Brisbane

https://datatracker.ietf.org/meeting/119/agenda

2.2.   OAuth Security Workshop

Rome April 10-12 – final call for speakers is open until March 10th.

All details here: https://oauth.secworkshop.events/osw2024

2.3.   OIDF Workshop at Google

on Monday, April 15th in Sunnyvale – registration now open and required: https://openid.net/registration-oidf-workshop-monday-april-15-2024/

2.4.   The OpenID Foundation DCP working group

WG is hosting a hybrid meeting on Friday, April 19, 2024 after IIW Spring 2024. The meeting will allow for in-person and virtual participation and will be hosted at Google in Sunnyvale, CA (address and meeting room to be confirmed). Note that registration is only required if you are attending in-person:

https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357?aff=oddtdtcreator.

Please register if you are planning to participate in-person so we can plan accordingly.

2.5.   Identiverse

May 28-31, Las Vegas

OIDF has a meeting room available for use for the duration of the event

Any working groups wanting to hold a F2F meeting should contact Mike Lescz to coordinate.

3.1.   Brazil

4.1.   Issue #682 Clarify allowed use of state and required CSRF protection in FAPI 2.0 SP

https://bitbucket.org/openid/fapi/issues/682/clarify-allowed-use-of-state-and-required

Text is to be created.

Proposed “The PKCE challenge shall be transaction-specific and securely bound to the client and the user agent in which the transaction was started.” From BCP 2.1.1 Proposed changing “transaction” to “flow” “Transaction” needs to be defined if used

4.2.   minimum-length-for-ec-keys

https://bitbucket.org/openid/fapi/issues/683/minimum-length-for-ec-keys

Need more broader discussion. Not closed on 224 for EC.

4.3.   use-of-fapi-with-mandatory-mtls

https://bitbucket.org/openid/fapi/issues/670/use-of-fapi-with-mandatory-mtls https://bitbucket.org/openid/fapi/pull-requests/475