FAPI WG Agenda & Meeting Notes (2024-04-17)

Date & Time: 2024-04-17 14:00 UTC
Location: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09

Agenda

1. Roll Call (Dave)
2. Adoption of agenda (Dave)
3. Events (Mike L.)
4. External Orgs & Liaisons (Mike L.)
5. PRs (Nat)
6. Issues (Nat)
- 6.1. 689 - FAPI + FedCM
7. AOB (Nat)

The meeting was called to order at 14:05 UTC.

1. Roll Call (Dave)

Attendees: Daniel Fett, Nat Sakimura, Robert Gallagher, Peter Wallach, Peter Stanley Mike Leszcz, Takahiko Kawasaki, Kousuke koiwai, Mark Andrus.
Regrets: Dave Tonge, Joseph Heenan

3. Events (Mike L.)

3.2. OIDF Workshop at Google

on Monday, April 15th in Sunnyvale – registration now open and required:

Provided FAPI WG updates.

Slides from the WS available at: https://docs.google.com/presentation/d/1Z-g-e6TMUGDYW3PI2yF6rcphjb8SlgrO/edit#slide=id.p41

Workshop slides and recording will be posted hopefully today.

3.4. The OpenID Foundation DCP working group

WG is hosting a hybrid meeting on Friday, April 19, 2024 after IIW Spring 2024. The meeting will allow for in-person and virtual participation and will be hosted at Google in Sunnyvale, CA (address and meeting room to be confirmed).

Note that registration is only required if you are attending in-person:

https://www.eventbrite.com/e/openid-foundation-dcp-working-group-hybrid-meeting-tickets-841453930357?aff=oddtdtcreator.

If you want to late register, get in touch with Mike Leszcz.

3.5. Identiverse

May 28-31, Las Vegas
OIDF has a meeting room available for use for the duration of the event
Mike Lesczc will send a reminder to the list about the FAPI WG F2F

3.6. EIC

Berlin, bcc Berlin Congress Center
June 4 - 7, 2024
https://www.kuppingercole.com/events/eic2024
OIDF will host a brief workshop on Tuesday morning prior to EIC.
Agenda to be finalized.

3.7. OIDF Calendar

OIDF calendar on the website is slightly behind: https://openid.net/calendar/

3.8. Authorization “sync” (George)

Thurs (4/18) after IIW ends. I haven’t found an explicit signup page as yet.

Will focus on authorization.

Contact George for details/signup.

3.9. ISO/SC27

Met last week.
Introduced OpenID Connect as PAS submission.
Many of the participants actually did not know OpenID Connect, so having them as PAS was a good dissemination approach. We should repeat it with FAPI as well.
Also in touch with ITUT about submitting specs

3.10. ITU-T

Gail is in discussion with ITU-T secretariat to see which specifications are to be republished there.
Currently, OIDC and CIBA is being contemplated.
ITU-T SG17 is meeting in Tokyo in May so Nat could perhaps participate to provide more context to them.

4. External Orgs & Liaisons (Mike L.)

4.1. OF & OPIN Brasil

Continuing to process high volume of Brazil OF and OPIN recertifications requests
OPIN is transitioning to unified Open Finance profile on May 1.

4.2. UAE

Domingos, Joseph, Ralph are analysing their initial specs for security and authorization standards

4.3. UIDAI

Unique Identification Authority of India interested in OIDF and FAPI standards
There was a call between Gail and UIDAI. Mike unfortunately could not participate.
Update will be provided next week.

4.4. EU Large Scale Pilot - To be discussed next week

Since no one in this meeting was at the EU Large Scale Pilot meeting, this agenda item was postponed to be taken up in the next week's call.

4.5. Certification Program

Met in person in Rome
Had a discussion with ConnectID on the certification in general.
Had a discussion with the Italian government on the federation.

5. PRs (Nat)

5.1. 485 - Formatting on the IANA request

https://bitbucket.org/openid/fapi/pull-requests/485
Merged already

5.2. 484 - Redirect vs decoupled recommendation for the same device use cases - first attempt.

https://bitbucket.org/openid/fapi/pull-requests/484
Dave has provided some comments already.
Please provide further comments.

5.3. 483 - reworking the text around length of the state parameter

https://bitbucket.org/openid/fapi/pull-requests/483
Removed length limitation from state and added note regarding nonce length for interoperability
Please review, especially > Joseph

6. Issues (Nat)

6.1. 689 - FAPI + FedCM

https://bitbucket.org/openid/fapi/issues/689/fapi-fedcm
Nat to follow up with Gail/Mike to how liaison would work with W3C so that OIDF rep can participate in their meetings.
Nat to follow up with Gail/Mike to how liaison would work with W3C so that OIDF rep can participate in their meetings.
Redirect prototocols may be impacted due to new browser trends.
W3C is working on a new browser API for IDPs to provide identity information
Browsers will break OAuth 2 flows when they disable link decoration user tracking
FedCM is working on a solution that provides display of recent IDPs instead of long list of IDPs
OSW Slides - https://tcslides.link/OSW24-FedCM101
Raise awareness so FAPI WG can provide comments so that it will work with open banking use cases
Was a W3C community group but is now a fully chartered WG
Will try to open a create a formal liaison agreement with W3C so OIDF representation can attend the meetings
Gail is already working on some kind of liaison agreement with W3C regarding credential related work and DCP WG but may allow overlap
Nat to follow up with Mike/Gail on liaison with W3C

7. AOB (Nat)

Next call is Pacific Call @ 5 PM
Meeting link: https://zoom.us/j/97456084642?pwd=bTRFVzk4ZmlRK1M3bEprRlN5c3JFZz09

The meeting adjourned at 15:04.

Wiki

fapi / FAPI_Meeting_Notes_2024-04-17_Atlantic