[Openid-specs-risc] RISC WG call today [3pm PDT]

Adam Dawes adawes at google.com
Tue Aug 9 08:31:55 UTC 2016 

Here are my notes. Please let me know if I missed anything.

*Attendees*: Adam Dawes, Mark Risher, Marius Scurtescu, John Bradley, Nat
Sakimura, Adam Migus, George Fletcher, Phil Hunt

*Google Contract for Data Sharing*
Mark Risher gave update that Google is in final stages of redlining the
contract with the first partner. Question about the best way to scale this
going forward so that we don't have iterative bi-lateral negotiations.

Discussion about clearninghouse like Confyrm serving as way to scale
contracting and also discussion about using Open Identity Exchange to
create a trust framework for coming up with legal document that could be
vetted by multiple legal teams and would then serve as a
take-it-or-leave-it kind of offer for others.

AI: Adam will send out email to Amazon, Facebook, Microsoft, Confyrm and
Paypal to see if they can get legal resource to work together on a standard
contract that we can all agree on using the Google contract as a base. We
can then decide whether we want to formalize that as a Trust Framework at
OIX or just re-use it as convenient.

*Data Transport Discussion*
Google has been working on building pub/sub infrastructure to propagate
changed password events which can be extended for other RISC events. In
early trials on hijacking signals, it was observed that freshness of the
signals is important.

Marius has been talking with Phil about his ID-events spec and RISC events.
General agreement that ID-events spec might describe multiple modes of
transport for messages, it makes sense that RISC should specifically
designate a post method for transport. We can define the specifics of that
within the RISC group but we will probably want to formalize it as a part
of the ID-events spec. ID-events can then have additional transport
mechanisms which can be used by other specs that have different use cases
like SCIM.

Agreement that we should also start looking at the event message format.
Consensus that we should NOT extend ID tokens to be used for RISC events
but should more generically use JWTs and define the claims. Reusing ID
Tokens poses some security risk and easy to create bugs. OpenID Connect WG
is also working with ID-events for back-channel logout mechanism but we
agreed that RISC should go on a separate track because semantics are
probably different.

Because we are getting close on more scalable trials and hopefully contract
will allow us to scale participants, it makes sense to now invest more
effort in defining the event messages and transport issues. We will now
increase RISC meetings to every two weeks to get moving on this work.

AI: Adam to adjust schedule of meetings

Please update with any errors or omissions.

thanks,
AD

On Mon, Aug 8, 2016 at 5:14 PM, Hardt, Dick <dick at amazon.com> wrote:

> Sorry I was not able to make the call today. Will a summary of the call be
> posted soon?
>
>
>
> On 8/8/16, 1:31 PM, someone claiming to be "Openid-specs-risc on behalf of
> Adam Dawes" <openid-specs-risc-bounces at lists.openid.net on behalf of
> adawes at google.com> wrote:
>
>
>
> Hi all,
>
>
>
> We have our monthly RISC call scheduled for today. Agenda:
>
>
>
> - Progress on legal agreement for data sharing
>
> - Transport design for sending RISC messages
>
> - AOB
>
>
>
>
>
> 1.  Please join my meeting.
>
> https://global.gotomeeting.com/join/576653581
>
>
>
> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
>
>
> United States: +1 (312) 757-3119
>
> Australia: +61 2 9091 7603
>
> Austria: +43 (0) 7 2088 0716
>
> Belgium: +32 (0) 28 08 4372
>
> Canada: +1 (647) 497-9380
>
> Denmark: +45 (0) 69 91 84 58
>
> Finland: +358 (0) 931 58 1773
>
> France: +33 (0) 170 950 590
>
> Germany: +49 (0) 692 5736 7300
>
> Ireland: +353 (0) 15 133 006
>
> Italy: +39 0 699 26 68 65
>
> Netherlands: +31 (0) 208 080 759
>
> New Zealand: +64 9 974 9579
>
> Norway: +47 21 04 30 59
>
> Spain: +34 931 76 1534
>
> Sweden: +46 (0) 852 500 691
>
> Switzerland: +41 (0) 435 0026 89
>
> United Kingdom: +44 (0) 20 3713 5011
>
>
>
> Access Code: 576-653-581
>
> Audio PIN: Shown after joining the meeting
>
>
>
> Meeting ID: 576-653-581
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>
>
>
>


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20160809/913c5e67/attachment-0001.html>

More information about the Openid-specs-risc mailing list