Wiki
Clone wikifapi / FAPI_Meeting_Notes_2024-07-24_Atlantic
FAPI Working Group Meeting Summary
- 2024-07-24
- @ Zoom
- Attendees:
- Mike Leszcz
- Filip Skokan: Filip Skokan
- Joseph Heenan (OIDF & Authlete): Joseph Heenan
- Dave Tonge: Dave Tonge
- Daniel Fett: Daniel Fett
- Peter Stanley (OBL): Peter Stanley
- hide: Hideki Ikeda
- Peter Wallach: Peter Wallach
- Bjorn Hjelm: Bjorn Hjelm
1. Agenda and Updates
- Upcoming OIDF workshop on October 28th before IIW
- External organization engagement updates:
- CFPB
- Open Banking Canada
- Chile
- UAE
- Certification testing for FAPI 2.0 and DPoP discussed
2. Main Discussion Topics
a) Refresh Token Rotation (PR 509)
- Agreed on option 6: Allow rotation only for extraordinary circumstances
- Debated wording to ensure proper testing and certification
- Decided to update text to "shall not use refresh token rotation except for extraordinary circumstances"
- Will finalize in next meeting after further review
b) Updating FAPI Working Group Description
- Noted outdated description on openid.net
- Discussed need to update charter and remove mention of JSON data schemas
- Dave Tonge to draft updated text for review
c) Security BCP Reference (PR 496)
- Discussed how strongly to reference the OAuth 2.0 Security BCP
- Agreed to change wording from "implements" to "follows" recommendations
- Will review and aim to merge in next meeting
3. Other Items
- Brief mention of Chrome's decision to not deprecate third-party cookies
- Request for review of issue 704 referencing a US cybersecurity report
4. Next Steps
- Review and finalize PR 509 and PR 496 in next meeting
- Dave Tonge to update working group description text
- Members to review issue 704 for potential FAPI spec updates
The meeting focused on refining language in key documents and discussing certification processes, with an emphasis on collaborative decision-making and thorough review of proposed changes.
Updated