1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. fapi

Wiki

Clone wiki

fapi / FAPI_Meeting_Notes_2024-04-04_Pacific

View History

FAPI WG Agenda & Meeting Notes (2024-04-04)

Date & Time: 2024-04-05 00:00 UTC Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09

The meeting was called to order at 00:00 UTC.

1.   Roll Call (Anoop)

  • Attendees: Mark, Dima, Anoop, Ralph
  • Regrets: Nat

2.   Events Update

2.1.   OAuth Security Workshop

Rome April 10-12 – final call for speakers is open until March 10th.

All details here: https://oauth.secworkshop.events/osw2024

2.2.   OIDF Workshop at Google

on Monday, April 15th in Sunnyvale – registration now open and required: https://openid.net/registration-oidf-workshop-monday-april-15-2024/

2.3.   The OpenID Foundation DCP working group

WG is hosting a hybrid meeting on Friday, April 19, 2024 after IIW Spring 2024. The meeting will allow for in-person and virtual participation and will be hosted at Google in Sunnyvale, CA (address and meeting room to be confirmed). Note that registration is only required if you are attending in-person:

https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357?aff=oddtdtcreator.

Please register if you are planning to participate in-person so we can plan accordingly.

2.4.   Identiverse

May 28-31, Las Vegas

OIDF has a meeting room available for use for the duration of the event

Any working groups wanting to hold a F2F meeting should contact Mike Lescz to coordinate.

4.   Issues & PRs

4.2.   Nonce discussion (Length of nonce tested in OP conformance)

https://bitbucket.org/openid/fapi/issues/674/length-of-nonce-tested-in-op-conformance

Remove normative text regarding state length

Add note that state is not used for CSRF but may be used by clients for application state. State may be JWTs which may be large.

New PR will be created. (remove prescription).

4.3.   686 - CIBA response parameters in PSD2 TPP use-cases

Some ecosystems use CIBA to implement proprietary authorization APIs There is a new parameter required to initiate the CIBA flow. The authorization server needs to pass an parameter to the client application.

More discussion needed

4.4.   685 - Use of TLS 1.2 Ciphers

The issue is description change from FAPI 1.0 and FAPI 2.0 Mark will update comment on the ticket

https://bitbucket.org/openid/fapi/issues/685/use-of-tls-12-ciphers

6.   Next Call

Next call will be an Pacific Call. Next Pacific call will be in two weeks (04-18-2024 @ 5pm PST) UTC - 04-19-2024 1:00 AM.

Updated