Thirdparty API SIG Minutes - 2021-01-20

Attendees

  • Lewis Daly
  • Michael Richards
  • Sam Kummary
  • Don Changfoot
  • Henrik Karlsson
  • Lesley-Ann Vaughan

Agenda

  1. Start walking through the PISP Linking Draft Sequence Diagrams (Lewis + Michael)
  2. AOB

Minutes

  • Lewis started presenting the PISP Linking Sequence Diagrams
  • On DISC-5 Henrik noted that DFSPs would be unlikely to want to disclose “accountNickname” information without first authenticating a user
  • The discussion continued, weighing up the pros and cons of different approaches
    • Lewis explained how we ended up with this API call, and how it is an optimization for the OTP flow to allow users to select the list of accounts they would like to link before needing to authorize with the DFSP.
    • Lesley-Ann talked more broadly of her experience working with MMOs, and the tradeoffs between user experience and security
    • We decided that we need a way to provide Hubs and DFSPs with different options when it comes to implementing PISP functionality, and need to think through those options now.

Action Items

  • Start a document on the different options available to DFSPs and Hubs deploying PISP functionality (Lewis)
    • Centrally or self-hosted Auth-Service
    • Disclosing of account nicknames in the linking phase

Meeting Recording

Passcode: c8^!Akyi

1 Like