finos · robmoffat · Feb 16, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
@@ -28,4 +28,6 @@ cucumber-report.html
 nyc-coverage-report/
 .history/
 .rollup.cache
-tsconfig.tsbuildinfo
+tsconfig.tsbuildinfo
+**/html-report/
+packages/fdc3-security/junit.xml
@@ -0,0 +1,30 @@
+1.  Add notes to contexts about the fact they need to be signed.  Link to docs. (DONE)
+2.  Sort out JOSE compatibility.  (DONE)
+3.  (App Providable) Context Metadata - improve signature section. (DONE)
+4.  GetUser (DONE)
+10. Rob to tidy up the implementation directory (DONE).
+5.  Write negative tests for JosePublicFDC3Security.
+6.  readonly authenticity?: unknown;  ContextMetadata in fdc3-standard.  Move the Authenticity definition into schema and export it for use here.  DONE
+7.  Yannick go through flow diagram and compare with Public / Private.  /Users/rob/Documents/finos/fdc3-general/FDC3/packages/fdc3-security/src/PrivateFDC3Security.ts (DONE)
+12. Yannick to review website/docs/api/security.md (DONE)
+13. Talk to Yannick about the get user process. (DONE)
+
+For Thursday
+------------
+9.  Review the generated documentation in /api
+
+- Show people the schemas
+- Show the new metadata
+- Show people api docs
+- Ask Kris / Julianna about ContextMetadata, AppProvidableContextMetadata and DesktopAgentProvidableContextMetadata - shouldn't one be the union of the other two?
+
+
+11. Re-write the feature files for testing the implementation, including the trust boundary.
+13. Use the new testing steps project.
+15. Document allowList function. (RM)
+
+For Later
+---------
+
+14.  We need to encrypt user JWTs in transit using the requester's public key. (DONE IN SPEC)
+16. User Request needs a nonce