Keycloak FAPI SIG (Special Interest Group)

[Stian Thorgersen]

As there are a number of people interested to participate in collaboration around FAPI support for Keycloak we would like to announce our plans to arrange a FAPI SIG.

As this is our first SIG we don't yet have any exact details on how the SIG should be arranged. Including communication channels, meetings, etc.. More details to follow here, but proposals/suggestions would be welcome.

Please let us know if you are interested in joining this SIG. We are looking for people that can help organize the group, contribute code, as well as review and provide feedback.

[Abhishek Koserwal]

I am interested, I can help with contribute code, review, any other help required etc.

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAJgngAexULYMNifN2oqk%3D5BQZssdUgX40%2BOtt9KGyig_eiGebg%40mail.gmail.com.

--

Regards,
Abhishek Koserwal
Senior Software Engineer
R&D Solutions Engineering
Red Hat  (Pune, India)

@redhatnews   Red Hat   Red Hat

The capacity to learn is a gift; The ability to learn is a skill; The willingness to learn is a choice -- Brian Herbert

[James Holland]

I am interested and can help review etc

[Vishnu Prakash]

I am interested to contribute code.

Regards,

Vishnu Prakash

--

You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/a52f8615-f837-408b-83d2-247d5d31ee4co%40googlegroups.com.

[Vinod NA]

I am interested. I propose to start with biweekly zoom or google meetings accommodating multiple time zones and maybe use keyclaok-fapi repo ( https://github.com/jsoss-sig/keycloak-fapi ) to track and coordinate development activities and other communication.

Regards,

Vinod

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAPLmjegs6n37HW%2BEq8EPor5BQpVXdnAmC6RrZ-LSzq42KcdhSA%40mail.gmail.com.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

Thank you for suggesting Keycloak FAPI SIG. I would like to participate it.


I have been working on the following task since 2017 :

"Contributing FAPI security profile support to keycloak in order to pass FAPI conformance tests against keycloak."

Let me introduce the overview of current situation of this task.


[Already Contributed Features]

Hitachi (mainly I) has developed features required for FAPI security profile support (e.g. Proof Key for Code Exchange, OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens, supporting secure signature algorithms etc.).

Major features have already been supported but there are still some issues need to be resolved for passing FAPI conformance tests in order for keycloak to become Certified Financial-grade API (FAPI) OpenID Providers.


[Clarifying What to do to pass FAPI conformance tests]

We Hitachi began to collaborate with Japanese community member (Wada-san@NRI), and he developed test environment, and we registered issues in keycloak-fapi repository ( https://github.com/jsoss-sig/keycloak-fapi ).

We have listed up tasks as issues in FAPI conformance tests and keycloak's JIRA tickets.


[Status of keycloak's JIRA tickets]

KEYCLOAK-11254 to 11262 :
9 tickets will be resolved by Client Policies (KEYCLOAK-14189 to 14209)

KEYCLOAK-11263 :
still open

KEYCLOAK-14189 to 14209 :
22 tickets are in progress as Client Policies
KEYCLOAK-14189 : sent pull request and in review
KEYCLOAK-14190 : ready and will send pull request after 14189 being merged
KEYCLOAK-14191 : ready and will send pull request after 14189 being merged
KEYCLOAK-14192 : ready and will send pull request after 14189 being merged
KEYCLOAK-14193 : ready and will send pull request after 14189 being merged
KEYCLOAK-14194 : open
KEYCLOAK-14195 : ready and will send pull request after 14189 being merged
KEYCLOAK-14196 : ready and will send pull request after 14189 being merged
KEYCLOAK-14197 : ready and will send pull request after 14189 being merged
KEYCLOAK-14198 : ready and will send pull request after 14189 being merged
KEYCLOAK-14199 : ready and will send pull request after 14189 being merged
KEYCLOAK-14200 : ready and will send pull request after 14189 being merged
KEYCLOAK-14201 : ready and will send pull request after 14189 being merged
KEYCLOAK-14202 : ready and will send pull request after 14189 being merged
KEYCLOAK-14203 : ready and will send pull request after 14189 being merged
KEYCLOAK-14204 : ready and will send pull request after 14189 being merged
KEYCLOAK-14205 : ready and will send pull request after 14189 being merged
KEYCLOAK-14206 : ready and will send pull request after 14189 being merged
KEYCLOAK-14207 : ready and will send pull request after 14189 being merged
KEYCLOAK-14208 : open
KEYCLOAK-14209 : open

KEYCLOAK-14380 :
pull request sent


[Status of issued on keycloak-fapi repository]

2 issues not determined how to resolve and open (no keycloak JIRA ticket created)
https://github.com/jsoss-sig/keycloak-fapi/issues/12
https://github.com/jsoss-sig/keycloak-fapi/issues/22


There are several issues left open so that help is welcomed.

IMO, FAPI SIG will treat the task just mentioned at the beginning of this mail, but also treats other tasks. For example,

* Supporting other FAPI related specification and pass their conformance test
- CIBA (Client Initiated Backchannel Authentication)
- App2App
and other specification that will be coming in the future.

* Establishing automated testing environment for FAPI and its related conformance test
It is beneficial for the developer to get feedback as fast as possible from the result of conformance tests.
It might be better to contribute this environment to keycloak.

Having a web meeting is preferable. IMO, the discussion items might be the following:
* Share what is done
* Share what is remaining task, and in progress
* Discuss Tasks, and who do what
* How to collaborate (repository, chat, e-mail, web meeting) -> I do not have good idea, help is welcomed

Also, I do not have any web meeting facilities. It might be helpful for someone to arrange meeting.


As an aside from it, I will attend and have the talk on OAuth security workshop 2020 in this week so that I will be available in the next week.


Regards,
Takashi Norimatsu
Hitachi, Ltd.

----------
From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> On Behalf Of Stian Thorgersen
Sent: Friday, July 17, 2020 7:11 PM
To: Keycloak Dev <keyclo...@googlegroups.com>
Subject: [!][keycloak-dev] Keycloak FAPI SIG (Special Interest Group)

As there are a number of people interested to participate in collaboration around FAPI support for Keycloak we would like to announce our plans to arrange a FAPI SIG.

As this is our first SIG we don't yet have any exact details on how the SIG should be arranged. Including communication channels, meetings, etc.. More details to follow here, but proposals/suggestions would be welcome.

Please let us know if you are interested in joining this SIG. We are looking for people that can help organize the group, contribute code, as well as review and provide feedback.

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mailto:keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://clicktime.symantec.com/3T5uqrU2NTFVEbLg5YUrDzn7Vc?u=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fkeycloak-dev%2FCAJgngAexULYMNifN2oqk%253D5BQZssdUgX40%252BOtt9KGyig_eiGebg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter.

[Hiroyuki Wada]

Hi,

I am interested. I can contribute from our keycloak-fapi repository ( https://github.com/jsoss-sig/keycloak-fapi ).

Regards,

--

Hiroyuki Wada (@wadahiro)

Nomura Research Institute, Ltd.

2020年7月20日月曜日 16:42:17 UTC+9 乗松隆志 / NORIMATSU，TAKASHI:

[jona...@backbase.com]

Hi

Backbase are also interested in seeing if we can support this initiative.

Regards,

Jon

--

Jon Meyler
Domain Architect (IAM) · R&D · Cardiff
LinkedIn · Twitter · Careers

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

2 weeks have passed since I've heard the announce of the plan to arrange a FAPI SIG Keycloak FAPI SIG.

How about holding a web meeting on the following date and time?
Date :
6 Aug or 7 Aug
Time :
UTC
8:00
CEST (UTC+2)
10:00
IST (UTC+5.5) :
13:30
JST (UTC+9) :
17:00
about 1 hour or so.

Also, I do not have any web meeting facilities. It might be helpful for someone to arrange a web meeting.

Regards,

Takashi Norimatsu
Hitachi, Ltd.

-----Original Message-----
From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> On Behalf Of 乗松隆志 / NORIMATSU，TAKASHI
Sent: Monday, July 20, 2020 4:42 PM
To: st...@redhat.com; Keycloak Dev <keyclo...@googlegroups.com>
Subject: [!]RE: [keycloak-dev] Keycloak FAPI SIG (Special Interest Group)

Hello,

Thank you for suggesting Keycloak FAPI SIG. I would like to participate it.


I have been working on the following task since 2017 :

"Contributing FAPI security profile support to keycloak in order to pass FAPI conformance tests against keycloak."

Let me introduce the overview of current situation of this task.


[Already Contributed Features]

Hitachi (mainly I) has developed features required for FAPI security profile support (e.g. Proof Key for Code Exchange, OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens, supporting secure signature algorithms etc.).

Major features have already been supported but there are still some issues need to be resolved for passing FAPI conformance tests in order for keycloak to become Certified Financial-grade API (FAPI) OpenID Providers.


[Clarifying What to do to pass FAPI conformance tests]

We Hitachi began to collaborate with Japanese community member (Wada-san@NRI), and he developed test environment, and we registered issues in keycloak-fapi repository ( https://clicktime.symantec.com/3EkubfuCi2NWJHDczKrRUo37Vc?u=https%3A%2F%2Fgithub.com%2Fjsoss-sig%2Fkeycloak-fapi ).

https://clicktime.symantec.com/3Vx83ADgsXWPyVWLc2uytQ17Vc?u=https%3A%2F%2Fgithub.com%2Fjsoss-sig%2Fkeycloak-fapi%2Fissues%2F12
https://clicktime.symantec.com/3BKDMm5nBxbSphttt8a5QvF7Vc?u=https%3A%2F%2Fgithub.com%2Fjsoss-sig%2Fkeycloak-fapi%2Fissues%2F22

To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://clicktime.symantec.com/3D3wUFJhozGr5FzeZY1ZPiX7Vc?u=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fkeycloak-dev%2FTYAPR01MB428550240F1ACBEB4FDCB580CE7B0%2540TYAPR01MB4285.jpnprd01.prod.outlook.com.

[Francis Pouatcha]

We at adorsys are interested in contributing, as we will be using keycloak as FAPI server for our open banking solution.

--

Francis Pouatcha

Co-Founder and Technical Lead

adorsys GmbH & Co. KG

https://adorsys-platform.de/solutions/ 

[Francis Pouatcha]

Hello Takashi,

As soon as you decide on the day and time, I will provide a zoom link for the meeting.

Best regards.

/Francis

--

Francis Pouatcha

Co-Founder and Technical Lead

adorsys GmbH & Co. KG

https://adorsys-platform.de/solutions/

--

You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/a7e07620-7279-494a-87c1-2b9be76b523ao%40googlegroups.com.

[Kannan Rasappan]

Hi Takashi

We (Pritish and myself) are happy to continue contributing to Keycloak on Banfico.com behalf.

Best regards

Kannan

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

I'm sorry. I've not considered that it is a vacation season now.

 

Anyway, I would like to hold a FAPI SIG meeting as I proposed.

 

Date : Fri Aug 7

 

Time :

UTC

  8:30

CEST (UTC+2)

  10:30

IST (UTC+5.5)

  14:00

JST (UTC+9)

  17:30

 

Duration : 1 hour

 

Discussion Topic :

 share what we would like to do about FAPI

 

To Francis of adorsys, Kannan and Pritish of banfico,

You have told that you would participate in this meeting. Could you still participate in this meeting that will be held on the date and time as I proposed above?

 

To Francis of adorsys,

You have told that you could provide a zoom link for the meeting. Could you still provide the zoom link for this meeting?

 

To everybody,

If you are interested in this meeting, I am happy if you could participate in this meeting.

 

Regards,

Takashi Norimatsu

Hitachi, Ltd.

 

From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> On Behalf Of Kannan Rasappan

Sent: Friday, July 31, 2020 8:09 AM
To: Keycloak Dev <keyclo...@googlegroups.com>

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/d20901c1-488c-4c5b-a5eb-04c7979930bfn%40googlegroups.com.

[hogg...@googlemail.com]

Hi all,

 

Temenos are happy to supply webinar/zoom link if required also.

 

Regards

James Holland

Temenos

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/TYAPR01MB42853A28F5E21D124940A198CE4A0%40TYAPR01MB4285.jpnprd01.prod.outlook.com.

[lokesh ravichandhu]

We wish to join the call and contribute for the FAPI, please let us know the finalized time for the discussion on the topic. :)

Thanks,

Lokesh

[Francis Pouatcha]

I setup a zoom meeting titled: Keycloak FAPI SIG (Special Interest Group) - Zoom Call

I sent the invite to :

Sent Invite to:

Takashi Norimatsu

Vinod

Lokesh Ravichandhu

Dmytro Mishchuk

Kannan Rasappan

James Holland

Andrii Murashkin

Feel free to forward the meeting invite.

Missing E-Mail for:

Abhishek Koserwal

James Holland

Vishnu Prakash

Hiroyuki Wada

Jon Meyler

I will post the Zoom link for everybody else here 5 minutes before the call start. If somebody wishes to have the invite in their calendar, reply again to this thread and i will see the mail and retrieve you email for the invite.

Best regards

/Francis

On Friday, July 17, 2020 at 6:11:18 AM UTC-4, Stian Thorgersen wrote:

[Francis Pouatcha]

Bellow is the zoom link to the FAPI SIG Meeting.

Zoom-Meeting beitreten
https://zoom.us/j/95005282436?pwd=TmNIQ3ZSaVpURnRZUHNxYk9yNml0dz09

Meeting-ID: 950 0528 2436
Kenncode: 971890
Schnelleinwahl mobil
+13126266799,,95005282436# Vereinigte Staaten von Amerika (Chicago)
+16465588656,,95005282436# Vereinigte Staaten von Amerika (New York)

Einwahl nach aktuellem Standort
        +1 312 626 6799 Vereinigte Staaten von Amerika (Chicago)
        +1 646 558 8656 Vereinigte Staaten von Amerika (New York)
        +1 301 715 8592 Vereinigte Staaten von Amerika (Germantown)
        +1 346 248 7799 Vereinigte Staaten von Amerika (Houston)
        +1 669 900 9128 Vereinigte Staaten von Amerika (San Jose)
        +1 253 215 8782 Vereinigte Staaten von Amerika (Tacoma)
Meeting-ID: 950 0528 2436
Ortseinwahl suchen: https://zoom.us/u/abRE8Wu0w6

Best regards.

/Francis

[Jonathan Meyler]

The Zulip stream set up by Stian for this is: https://keycloak.zulipchat.com/#narrow/stream/248413-dev-sig-fapi

Jon

--
You received this message because you are subscribed to a topic in the Google Groups "Keycloak Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/keycloak-dev/Ck_1i5LHFrE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/dd978c46-cb09-4eec-9869-ba7d7bf3d993o%40googlegroups.com.

--

Jon Meyler

[Francis Pouatcha]

Thanks a lot to Takashi for the great presentation. Here is a link to the recording.

Thema: Keycloak FAPI SIG (Special Interest Group)

Startzeit des Meetings : 7.Aug.2020 02:51 AM

Aufzeichnung von Meeting:

https://zoom.us/rec/share/4PdJbKmzqnxOZdLfuRHyZ_4iJYrCX6a81SJKqPsFyUhyg69lzxnf53_t-ZBGCGJT

[Stian Thorgersen]

I was away on holiday so was not able to attend. Thanks to everyone that did join.

Was any notes taken during the meeting?

--

You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/076a5f4a-2a61-49d3-84e7-035a36d56a65o%40googlegroups.com.

[Marek Posolda]

Same here. I will watch the recording at least. I hope to be able to join the following FAPI SIG meetings.

Besides the meeting recording, I see there are slides ( FAPI_Support_Milestone.pptx ) attached to the https://keycloak.zulipchat.com/#narrow/stream/248413-dev-sig-fapi .

Marek

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAJgngAdxYw32XwtJk9OMzfaXW8irF5xSdWRvfBvvNUfEYiPh%2BQ%40mail.gmail.com.

[Vinod NA]

Hi,

I hope everyone had a good weekend!

I have added a poll for the next FAPI-SIG meeting, could you all please add your availability? If you think I should postpone or prepone the meeting, please let me know.

https://doodle.com/poll/fgs7w88wy2aucp3h

@Stian and Marek, could we please get help from the core team to review and merge the following pull request from Takashi?

https://github.com/keycloak/keycloak/pull/7278

Have a great week ahead!

Thanks and regards,

Vinod

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/693db45b-4091-e7de-0227-b2478ed853db%40redhat.com.

[Stian Thorgersen]

Hi Vinod,

Did you take notes from the first meeting?

If possible it would be great to postpone the next meeting for one week, so we can try to get at least one person from the core Keycloak team to attend.

[Vinod NA]

Hi Stian,

I haven't taken notes. In the last meeting the discussion was mainly focused on what Takashi had in his presentation ( https://keycloak.zulipchat.com/user_uploads/15578/UpPO2UzWl_Lw7npguUiwGisH/FAPI-SIG_1st_MTG_agenda.pptx )

Sure, I will have a new doodle created, could you please vote your preference there?

https://doodle.com/poll/fk4aixhyt7tbcpw3

Thanks and regards,

Vinod

[Stian Thorgersen]

Can you please take notes next time, and make the notes publicly available please.

Would also be great to have some description of the workgroup, including goals and open work. Ideally in a markdown file on https://github.com/keycloak/keycloak-community.

Perhaps also we should make the meetings available to anyone to join (in listening mode only)?

With regards to scheduling the next call, please make sure Marek is able to attend. I will attend if I can, but don't schedule it to fit me ;)

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAAAHJ%2B7__Ui_SrpHjNXPDHafL7mzWKnLizWfj7kC8wKWS92uCA%40mail.gmail.com.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

>Can you please take notes next time, and make the notes publicly available please.

I’ve take the notes on the first meeting on 7 Aug. But it is not official one.

I’m not familiar with English so that hopefully someone could take the minute.

 

>Would also be great to have some description of the workgroup, including goals and open work. Ideally in a markdown file on https://github.com/keycloak/keycloak-community.

I’d like to write the draft and send its PR at the first setout.

Regards,

Takashi Norimatsu

Hitachi, Ltd.

 

 

[Marek Posolda]

Just FYI. I've added some feedback to the PR https://github.com/keycloak/keycloak/pull/7278 . It is just minor feedback about how the condition should be named. If anyone else has different opinion or suggestion, it will be welcome to comment here or in the PR.

In general, I hope we will be able to move more quickly with the feedback on the PRs now since the PTO season is slowly ending (at least for me) :-)

Thanks,

Marek

[Vinod NA]

I will also try to help with note taking even though I am not that good at it. BTW, the previous meeting was available for anyone to join. Francis shared the meeting details to the distribution list and most of the attendees were in listening mode only. Francis also shared the meeting recording ( https://zoom.us/rec/share/4PdJbKmzqnxOZdLfuRHyZ_4iJYrCX6a81SJKqPsFyUhyg69lzxnf53_t-ZBGCGJT ) in the mailing list.

Thanks,

Vinod

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

I’ve sent the pull-request for the description of FAPI-SIG to the keycloak-community repository.

https://github.com/keycloak/keycloak-community/blob/6b684fb001ce74d9daaa352e9dddb4d3e3184d38/sig/FAPI-SIG.md

 

I’d be happy if everyone who are interested to it review this description.

 

Also, I’ve put all presentation materials sent on Zulip chat onto the following jsoss-sig/keycloak-fapi repository. Everyone can access them.

https://github.com/jsoss-sig/keycloak-fapi/tree/master/FAPI-SIG

 

Regards,

Takashi Norimatsu

Hitachi, Ltd.

 

 

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/TYAPR01MB4285512DA563A7CB909F6BD5CE2F0%40TYAPR01MB4285.jpnprd01.prod.outlook.com.

[Kannan Rasappan]

Thanks 乗松隆志

Hope everything is going well and back from summer holidays.

Can we confirm the meeting pl. (https://doodle.com/poll/fk4aixhyt7tbcpw3)

The calendar seems to get booked with other meetings for us.

Vinod, could you help please.

Many thanks

Kannan

ᐧ

You received this message because you are subscribed to a topic in the Google Groups "Keycloak Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/keycloak-dev/Ck_1i5LHFrE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/TYAPR01MB42856C3531CC4BEA6B27CA95CE2B0%40TYAPR01MB4285.jpnprd01.prod.outlook.com.

--

Kannan Rasappan
Founder & CEO
+44 7515 371 384
kan...@banfico.com

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Any views presented in this email are solely those of the author and do not necessarily represent those of Banfico Ltd. Banfico does not accept liability for any errors or omissions in the content of this message, which arise as a result of email transmission. Registered Office: One Canada Square, Canary Wharf, London E14 5AB. Registered in England and Wales No. 11036752. Should you want to report or request to remove your details or any aspects of GDPR, please email to datap...@banfico.com

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

I’ve created CIBA sub tasks as issues in kc-sig-fapi ( https://github.com/keycloak/kc-sig-fapi/issues ). However, it might be difficult for everyone to understand what these issues mean and start working with them because these require the understanding of CIBA prototype implementation (https://github.com/tnorimat/keycloak/tree/ciba-prototype-v1.0).

 

I’m now preparing the interface specification and description of this prototype implementation. If completed, I’d like to post it to kc-sig-fapi afterwards.

 

Regards

Takashi Norimatsu

Hitachi, Ltd.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

My colleague, Yoshiyuki Tabata will make a presentation about FAPI security profile support to keycloak on APIdays London 2020 Day 1 at 12:20 AM BST on 27 Oct.

https://www.apidays.co/london/

 

This presentation mentions FAIP-SIG activity. We are happy if you would listen to it.

 

Regards,

Takashi Norimatsu

Hitachi, Ltd.

 

From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> On Behalf Of 乗松隆志 / NORIMATSU，

TAKASHI

Sent: Wednesday, September 30, 2020 2:59 PM
To: Keycloak Dev <keyclo...@googlegroups.com>

Subject: [!]RE: RE: Re: [keycloak-dev] Re: Keycloak FAPI SIG (Special Interest Group)

 

Hello,

 

I’ve created CIBA sub tasks as issues in kc-sig-fapi ( https://clicktime.symantec.com/3WXzG5tveHhA25ghYz3iumP7Vc?u=https%3A%2F%2Fgithub.com%2Fkeycloak%2Fkc-sig-fapi%2Fissues ). However, it might be difficult for everyone to understand what these issues mean and start working with them because these require the understanding of CIBA prototype implementation (https://clicktime.symantec.com/3WqDmN19XCexDL9TLGvmGxL7Vc?u=https%3A%2F%2Fgithub.com%2Ftnorimat%2Fkeycloak%2Ftree%2Fciba-prototype-v1.0).

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/TYAPR01MB42852431860AF6341C7B8AFECE330%40TYAPR01MB4285.jpnprd01.prod.outlook.com.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

I’ve uploaded the guide for how to contribute in FAPI-CIBA project.

https://github.com/keycloak/kc-sig-fapi/blob/master/FAPI-SIG/documents/FAPI-CIBA/FAPI-CIBA_ContributionGuide.pdf

 

This is just my proposal. I’d be happy if you read it and give me some feedback.

 

The basic idea is as follows.

 

For this CIBA contribution case, it is difficult to send PR to keycloak directly by each contributor of FAPI-CIBA project itself.

 

Therefore, all commits are put together onto tnorimat’s repository and I will send PR to keycloak.

 

For upstreaming, according to keycloak’s contribution rule, commits need to be squashed onto one commit per PR. However, I keep each contributor’s commit as it is when upstreaming because who contributes what part must be clarified to pay our respect to contributors.

[Pedro Igor Craveiro e Silva]

Looking forward to the PR!

Wouldn't be enough to create a single commit where each contributor is set in a `Co-authored-by` trailer?

--

You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/TYAPR01MB4285FE54833991FA7899ABEDCE080%40TYAPR01MB4285.jpnprd01.prod.outlook.com.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

Yes, the way you’ve proposed covers both following the keycloak’s contribution rule and clarifying actual contributors.

https://docs.github.com/en/free-pro-team@latest/github/committing-changes-to-your-project/creating-a-commit-with-multiple-authors

 

IMO, it might be better than my original proposal.

 

I’ve updated the guide incorporating this point.

https://github.com/keycloak/kc-sig-fapi/blob/master/FAPI-SIG/documents/FAPI-CIBA/FAPI-CIBA_ContributionGuide.pdf

 

Regards,

Takashi Norimatsu

Hitachi, Ltd.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CA%2B3s2iQgPLrQ8hrWOrLRveyaYzNw6HN2OO_w8gLNq%2BnnVUCRBQ%40mail.gmail.com.

[乗松隆志 / NORIMATSU，TAKASHI]

Hello,

 

As I proposed in the 4th FAPI-SIG meeting, I’ve added “Client Policy Official Support” project onto the keycloak/kc-sig-fapi repository.

 

Presentation : https://github.com/keycloak/kc-sig-fapi/blob/master/FAPI-SIG/meetings/4th/presentations/FAPI-SIG_4th_MTG_agenda.pdf

Recording : https://zoom.us/rec/play/bzOjuI1h-4pjPXkX71Snoq1FM44S836S-PnZ7DDd8bip6mNxCcY3T8Or2TuIuEmoobvnroTNqajyzrtr.aChNRjeHzRN6Ro5i?continueMode=true&_x_zm_rtaid=DdA5aV8dRdasmB9cAJvwYA.1602553613512.e4af3969e7924a5b475cf5e114ce444e&_x_zm_rhtaid=86

Project : https://github.com/keycloak/kc-sig-fapi/projects

 

The objectives of this project are as follows.

 

* Admin user can use Client Policy feature on Admin Console.

* Client Policy feature can be used publicly, not technology preview.

 

As mentioned in the 4th FAPI-SIG meeting, making Client Policy be officially supported is needed at first in order for FAPI-RW and FAPI-CIBA to be officially supported.

Client Policy itself is also beneficial for other purposes like mentioned in https://groups.google.com/forum/#!topic/keycloak-dev/1wFE2x41UGY about supporting/checking OAuth2 BCP and other OAuth2 based security profiles.

 

Therefore, IMO, it seems to be worth working on Client Policy Official Support in FAPI-SIG activity.

 

Regards,

Takashi Norimatsu

Hitachi, Ltd.

.

[Felipe Castro]

Hi team, how are you? There was a new update of the Openbanking Brazil SPEC and in this new spec item 17 was included: 17. shall not allow `refresh tokens` rotation feature. (https://github.com/OpenBanking-Brasil/specs-seguranca/blame/504e498c670001e98dd694c275b4855f2bc86387/open-banking-brasil-financial-api-1_ID3.md#L233)

The entire discussion on the subject can be found on the Forum: https://bitbucket.org/openid/fapi/issues/456/

Basically for every unique consent or grant as it’s is known, there should be a unique refresh token issued. Every time that refresh token is used a new access token for that grant should be issued and the refresh token kept the same.

Different grants would have different refresh tokens.

It`s possible to implement something like this?