[Openid-specs-risc] Agenda for RISC Call today at 9:30 PDT

George Fletcher gffletch at aol.com
Mon Oct 12 20:52:43 UTC 2015


Not sure I'm going to be able to attend the call today...

One of the other proposals we've been discussing (at least as I 
understand it) is...

4.X? Trusted registration

The implicit relying party informs the Identity Provider of a list of 
email addresses for which the IdP is authoritative and which the 
implicit relying party is asserting to have accounts at its service. The 
Identity Provider may ignore such registration attempts or require an 
out-of-band relationship at the "company" level. Implicit relying 
parties must only include email addresses or phone numbers that they 
have explicitly confirmed.

[Of course the risk is that some implicit relying party will register 
identifiers for which they don't have accounts so as to gain information 
about the identity provider.]

One user facing mitigation might be for the IdP to show the user which 
entities are receiving RISC events somewhere on the user's account 
management page. If the user doesn't have an active account at the 
implicit relying parth, maybe the user could opt the IdP out of 
notifications and potentially based on the information the user would go 
and delete their account at the implicit relying party. This UI could 
handle both explicit and implicit relationships from a RISC perspective.

Thanks,
George

On 10/12/15 2:00 PM, Mark Risher wrote:
> Hi, all:
> We have our weekly call today at 3pm Pacific Time.
>
> I'd propose for the agenda 
> <https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_yYgdlwHMnmt-12Gk/edit> 
> that we try to get the trust model proposals written in the strawman 
> doc 
> <https://docs.google.com/document/d/1o1aB5INXE4xlixhANwiurHemg0_GB06Sf095GeigTyE/edit#heading=h.9q83cspgiqmx>. 
> The more concrete we can make this the better for the ultimate review 
> with the privacy wonks.
>
> Any other nominations?
>
> Thanks,
> /m
>
>
>
> --
> Mark E. Risher | 	 Group Product Manager | 	risher at google.com 
> <mailto:risher at google.com> | 	650-253-3123
>
>
> On Mon, Oct 5, 2015 at 7:29 AM, Adam Dawes <adawes at google.com 
> <mailto:adawes at google.com>> wrote:
>
>     Hi all,
>
>     For today's call, we can take stock of where we are on
>     establishing connections and the privacy implications.
>
>     I've put together a quick straw poll
>     <https://docs.google.com/a/dawes.org/forms/d/1b7P3ZBtbEeXi3Grn7e69GNvzkVWpqQSAxb6di0it9qE/viewform>
>     to capture the range of views about how companies might be willing
>     to implement RISC. We'll see if we get a good quantity of
>     responses to this that we can review.
>
>     Call in Info (Using VoIP option of GoToMeeting is preferred)
>
>     1.  Please join my meeting.
>
>     https://global.gotomeeting.com/join/576653581
>
>
>     2.  Use your microphone and speakers (VoIP) - a headset is
>     recommended. Or, call in using your telephone.
>
>
>     United States: +1 (312) 757-3119 <tel:%2B1%20%28312%29%20757-3119>
>
>     Australia: +61 2 9091 7603 <tel:%2B61%202%209091%207603>
>
>     Austria: +43 (0) 7 2088 0716
>
>     Belgium: +32 (0) 28 08 4372
>
>     Canada: +1 (647) 497-9380 <tel:%2B1%20%28647%29%20497-9380>
>
>     Denmark: +45 (0) 69 91 84 58
>
>     Finland: +358 (0) 931 58 1773
>
>     France: +33 (0) 170 950 590
>
>     Germany: +49 (0) 692 5736 7300
>     <tel:%2B49%20%280%29%20692%205736%207300>
>
>     Ireland: +353 (0) 15 133 006
>
>     Italy: +39 0 699 26 68 65
>
>     Netherlands: +31 (0) 208 080 759
>
>     New Zealand: +64 9 974 9579 <tel:%2B64%209%20974%209579>
>
>     Norway: +47 21 04 30 59 <tel:%2B47%2021%2004%2030%2059>
>
>     Spain: +34 931 76 1534 <tel:%2B34%20931%2076%201534>
>
>     Sweden: +46 (0) 852 500 691
>
>     Switzerland: +41 (0) 435 0026 89
>
>     United Kingdom: +44 (0) 20 3713 5011
>     <tel:%2B44%20%280%29%2020%203713%205011>
>
>
>     Access Code: 576-653-581
>
>     Audio PIN: Shown after joining the meeting
>
>
>     Meeting ID: 576-653-581
>
>     _______________________________________________
>     Openid-specs-risc mailing list
>     Openid-specs-risc at lists.openid.net
>     <mailto:Openid-specs-risc at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-risc
>
>
>
>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-risc

-- 
Chief Architect
Identity Services Engineering     Work: george.fletcher at teamaol.com
AOL Inc.                          AIM:  gffletch
Mobile: +1-703-462-3494           Twitter: http://twitter.com/gffletch
Office: +1-703-265-2544           Photos: http://georgefletcher.photograpy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20151012/89936458/attachment-0001.html>


More information about the Openid-specs-risc mailing list