<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I support Baseline and Advanced.<br>
</p>
<p>At the potential risk of opening another rabbit hole (sorry again
Dave! :)), I'd also like to suggest consideration for the adoption
of semantic versioning (<a class="moz-txt-link-freetext" href="https://semver.org/">https://semver.org/</a>) as this is a widely
understood convention for implementer's (ie. software
engineering). For published versions of the standard this would be
x.y format (or simply x) while WG internal changes prior to
release could utilise x.y.z. All changes within a major version
(x) would be backward compatible meaning changes beyond initial .0
would be constrained to MAY, SHOULD, OPTIONAL and RECOMMENDED
clauses or a Brand New Profile (I've used "Extreme" in examples).<br>
</p>
<p>By adopting this through to Certification Suite, tests could be
associated with version numbers (rather than specific references
to clauses) and release notes per version would be used to
highlight clause additions/numbering changes etc. On this basis
certification could be given for "FAPI 1 (Profile)", "FAPI 2
(Profile)" with implementer's having the choice to potentially
further specify certification indicating they meet "FAPI 2.1
(Profile)".<br>
</p>
<p>Prior to considering a ticket creation I'd be interested in the
mailing lists thoughts on this. By way of example this would
result in an initial starting point of:<br>
</p>
<p>FAPI 1.0 Read<br>
FAPI 1.0 Read/Write<br>
FAPI 2.0 Baseline<br>
FAPI 2.0 Advanced</p>
<p>As functionality is added (primarily in 2.y I would assume) this
would involve the WG using full x.y.z format then releasing x.y
version. From the current state where there is already a v1 (so
it's off limits) the "typical" initial approach would be to use
the arbitrarily non conformant v0 or v99. Alternatives could be
the use of -alpha pre releases but at least personally I've found
this problematic. Since pictures are often more explanatory here's
a rough starting point of how this would flow. I've deliberately
avoided talking about FAPI 3 (ie. breaking changes post FAPI 2) as
this seems like a "Future Stu problem". :)<br>
</p>
<p><img src="cid:part1.964DC5D9.06E7E90B@biza.io" alt=""></p>
<p><br>
</p>
<div class="moz-cite-prefix">On 21/2/20 12:30 am, Daniel Fett via
Openid-specs-fapi wrote:<br>
</div>
<blockquote type="cite"
cite="mid:fd1021d6-742d-7207-31f5-86d86409e83d@danielfett.de">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">Yes, it should be Baseline.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">-Daniel<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Am 20.02.20 um 14:19 schrieb
n-sakimura:<br>
</div>
<blockquote type="cite"
cite="mid:AD1E7003-B824-47F5-9883-814A7B405C6C@cu.nri.co.jp">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Thanks. That sounds good, though the name that was talked about
in the room in the F2F London was “Baseline” instead of
“Basic”.
<div><br>
</div>
<div>Best, </div>
<div><br>
</div>
<div>Nat<br>
<br>
<div dir="ltr">
<div><span style="background-color: rgba(255, 255, 255, 0);">PLEASE
READ:This e-mail is confidential and intended for</span></div>
<div><span style="background-color: rgba(255, 255, 255, 0);">the
named recipient only. If you are not an intended
recipient,<br>
please notify the sender and delete this e-mail.</span></div>
</div>
<div dir="ltr"><br>
<blockquote type="cite">2020/02/19 15:59、Daniel Fett via
Openid-specs-fapi <a class="moz-txt-link-rfc2396E"
href="mailto:openid-specs-fapi@lists.openid.net"
moz-do-not-send="true"><openid-specs-fapi@lists.openid.net></a>のメール:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="moz-cite-prefix">+1</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">FWIW, I'm currently preparing
a first draft for 2.0. I currently expect 2.0 to consist
of separate documents for the attacker model, the two
profiles, grant management and potentially CIBA.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">-Daniel<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Am 19.02.20 um 16:34 schrieb
Dave Tonge via Openid-specs-fapi:<br>
</div>
<blockquote type="cite"
cite="mid:CAP-T6TQQZ3_jyEKSL6Mpt-6rwO4UF_nuQ0i2+qAg2a2_gAwZyg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> Dear WG<br
clear="all">
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> We had
a good discussion on the call today around the next
steps for FAPI and came to the following conclusion:</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> 1. We
should use versioning to indicate that the FAPI
evolution is a new major version</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> 2. We
need to keep support for the current FAPI-R and
FAPI-RW for some time as they have been implemented
by many people and have a good suite of conformance
tests.</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> 3.
There were no objections to the names of "Basic" and
"Advanced"</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> With
this in mind we propose:</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> 1. The
current "Financial-grade API - Part 1: Read-Only API
Security Profile" (FAPI Read) spec should be changed
to "<span
style="font-family:Arial,Helvetica,sans-serif">Financial-grade
API 1.0 - Part 1: Read-Only API Security Profile
(FAPI 1.0 Read)</span></div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> 2. The
current "Financial-grade API - Part 2: Read and
Write API Security Profile" (FAPI Read/Write) spec
should be changed to "<span
style="font-family:Arial,Helvetica,sans-serif">Financial-grade
API 1.0 - Part 2: Read and Write API Security
Profile (FAPI 1.0 Read/Write)</span><span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <span
style="font-family:Arial,Helvetica,sans-serif">3.
We introduce two new documents:</span></div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <span
style="font-family:Arial,Helvetica,sans-serif"> - </span><span
style="font-family:Arial,Helvetica,sans-serif">Financial-grade
API 2.0 - Basic Security Profile" (FAPI 2.0 Basic)</span></div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <span
style="font-family:Arial,Helvetica,sans-serif"> - </span><span
style="font-family:Arial,Helvetica,sans-serif">Financial-grade
API 2.0 - Advanced Security Profile" (FAPI 2.0
Advanced)</span><span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"> <span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default" style="">This will allow us
to maintain the existing specs (and their associated
conformance suites). It will also allow the
evolution of FAPI that we've been discussing to move
ahead - including with new names to signal use-cases
beyond financial read and financial read/write. The
new documents (2.0 Basic and 2.0 Advanced) can be
re-ordered and won't need to maintain backwards
compatibility to the numbering of sections and list
items.</div>
<div class="gmail_default" style=""><br>
</div>
<div class="gmail_default" style="">It would be good
to get feedback from the WG about this proposal as
we are keen to move forward.</div>
<div class="gmail_default" style=""><br>
</div>
<div class="gmail_default" style="">Thanks</div>
<div class="gmail_default" style=""><br>
</div>
<div class="gmail_default" style="">Dave</div>
<div class="gmail_default" style=""><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div
style="font-size:1em;font-weight:bold;line-height:1.4">
<div
style="color:rgb(97,97,97);font-family:"Open
Sans";font-size:14px;font-weight:normal;line-height:21px">
<div
style="font-family:Arial,Helvetica,sans-serif;font-size:0.925em;line-height:1.4;color:rgb(220,41,30);font-weight:bold">
<div
style="font-size:14px;font-weight:normal;color:rgb(51,51,51);font-family:lato,"opensans",arial,sans-serif;line-height:normal">
<div
style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4">
<div
style="font-weight:400;color:rgb(51,51,51);line-height:normal">
<div
style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4">Dave
Tonge</div>
<div
style="font-size:0.8125em;line-height:1.4">
<div class="gmail_default"
style="font-family:"trebuchet ms",sans-serif"> FAPI Co-Chair</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-fapi mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-fapi@lists.openid.net" moz-do-not-send="true">Openid-specs-fapi@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a>
</pre>
</blockquote>
<p><br>
</p>
<span>_______________________________________________</span><br>
<span>Openid-specs-fapi mailing list</span><br>
<span><a class="moz-txt-link-abbreviated"
href="mailto:Openid-specs-fapi@lists.openid.net"
moz-do-not-send="true">Openid-specs-fapi@lists.openid.net</a></span><br>
<span><a class="moz-txt-link-freetext"
href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi"
moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-fapi mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-fapi@lists.openid.net">Openid-specs-fapi@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a>
</pre>
</blockquote>
</body>
</html>