[Openid-specs-fapi] Meeting notes for 2025-02-19 Atlantic call
Nat Sakimura
nat at sakimura.org
Thu Feb 20 01:12:47 UTC 2025
It is available here:
https://bitbucket.org/openid/fapi/wiki/FAPI_Meeting_Notes_2025-02-19_Atlantic
The list of all the meeting notes are at:
https://bitbucket.org/openid/fapi/wiki/browse/
A paginated version of this index is available at
https://bitbucket.org/openid/fapi/wiki/Home
FAPI Working Group Meeting Notes
- *Date:* February 19, 2025
- *Time:* 14:00 GMT
- *Location* Zoom
Attendees
Nat Sakimura (Chair), Dave Tonge, Mike Leszcz (OIDF), Dima Postnikov, Bjorn
Hjelm, Hideki Ikeda, Filip Skokan, Peter Wallach (Mastercard), Robert
Gallagher (Mastercard), George Fletcher, Peter Stanley (OBL), Kosuke Koiwai
1. Roll Call
Attendance was taken via chat window.
2. Adoption of Agenda
The agenda was adopted as presented: 1. Roll Call 2. Adoption of Agenda 3.
Events 4. External Orgs & Liaisons 5. PRs 6. Issues 7. AOB
3. Events
*Mike Leszcz shared upcoming events:*
3.1 FAPI 2.0 Security profile and attacker model is FINAL
The voting closed, and it passed. Congratulations to the working group.
3.2 Other events
- OSW 2025: Feb 26-28 in Reykjavik, Iceland
- DICE: March 4-5 in Zurich
- ISO/IEC JTC 1/SC 27/WG5: March 10-15, 2025 in Fairfax
- ISO/IEC JTC 1/SC 27: March 17-18, 2025 in Fairfax
- MOSIP Connect: March 11-13 in Philippines
- IETF: March 15-21 in Bangkok
- OIDF Workshop prior to IIW: April 7th at Google in Mountain View
- DCP WG meeting prior to the workshop
- IIW Spring 2025: April 8-10
The OIDF calendar on the website is current: https://openid.net/calendar/
4. External Orgs & Liaisons
*Mike Leszcz provided ecosystem updates:*
- Announced FAPI 2 specifications have been approved
- Working on annual FAPI recertifications for Open Finance Brazil and
Open Insurance Brazil
- January 2025 was one of the largest months for certification
requests
- Coordinating with Dima on a follow-up meeting with CMF in Chile
- Dima is working on a reference architecture for a white paper
- CMF will provide input while OIDF continues supporting their FAPI 2
adoption
- Will notify all ecosystem partners about the FAPI 2 finalization
5. PRs
Dave Tonge provided an update on outstanding PRs:
- Cross-device flow PR: still needs improved notes
- Message signing spec: awaiting updated reference to security analysis
from researchers
- Once received, will submit final document for message signing
6. Issues
Several issues were discussed:
*Issue #736
<https://bitbucket.org/openid/fapi/issues/736/move-fapi1-fapi2-comparison-table-from>:
Move FAPI 1/FAPI 2 comparison table from spec*
- Dima raised the issue that the comparison table might not be relevant
for ecosystems adopting FAPI 2 directly
- Determined it's too late to remove as specs are already approved
- Issue closed
*Issue #734
<https://bitbucket.org/openid/fapi/issues/734/summary-of-changes-between-fapi2sp-id2-and>:
Summary of changes between FAPI2-SP-ID2 and final*
- Dima is working on documenting differences between the last
implementer's draft and the final version
- Requested reviewers to help validate the document
- Particularly relevant for ecosystems migrating from ID2 to the final
version
*Issue #610
<https://bitbucket.org/openid/fapi/issues/610/ability-for-as-to-reject-requests-that>:
State parameter length*
- Discussion about what happened to the state parameter length
requirements
- General recollection that it was moved to implementation guidelines
- Current spec only mentions state parameter value could exceed 1,000
characters
*Issue #425
<https://bitbucket.org/openid/fapi/issues/425/fapi-20-purpose-and-fapi-wg-scope>:
FAPI 2.0 purpose and FAPI WG scope*
- Nat and Dave have been exchanging emails to move this forward
Other issues:
- The conformance team will discuss the private key JWT audience issue
at their in-person meeting next week
7. AOB
No other business was raised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20250220/9bebf791/attachment.htm>
More information about the Openid-specs-fapi
mailing list