[Openid-specs-risc] RISC F2F Oct 28

Adam Dawes adawes at google.com
Fri Sep 30 20:33:33 UTC 2016


On Fri, Sep 30, 2016 at 1:18 PM, Hardt, Dick <dick at amazon.com> wrote:

> Is there a reason why we don’t meet in the morning?
>
>
>
Google has our Zurich abuse folks in town who also want to put together a
summit on a separate topic. Lunch is an easier way to break the day into
the two sessions.


> On 9/30/16, 12:53 PM, someone claiming to be "Openid-specs-risc on behalf
> of Phil Hunt (IDM)" <openid-specs-risc-bounces at lists.openid.net on behalf
> of phil.hunt at oracle.com> wrote:
>
>
>
> I plan to attend.  Morning is better so  i can catch late aft flight out
> of sfo.
>
> Phil
>
>
> On Sep 30, 2016, at 12:34 PM, Adam Dawes <adawes at google.com> wrote:
>
> Hi all,
>
>
>
> I haven't seen any registrations
> <https://www.eventbrite.com/e/oidf-risc-wg-f2f-tickets-28032589229> yet
> for the RISC F2F on October 28. If you plan to come, please register to
> make planning easier.
>
>
>
> As far as timing goes, I was planning on having this from 12-5 (lunch
> provided). We can switch to something like 9:30 - 1:30 if that is better
> for folks since I know some people are traveling. Please reply to me if you
> have a strong preference for morning or afternoon and if you don't care,
> please register now.
>
>
>
> Agenda topics:
>
>    - Initial RISC event definitions
>
>
>    - Hijacking
>       - Session revocation/Change password
>       - Token revocation (flavors)
>
>
>    - RP registration
>
>
>    - API
>       - Email header
>
>
>    - Signal sending transport (API)
>    - SET proposal alignment
>    - SET RISC format
>    - Mutual milestones (RISC spec, SET spec, provider implementations)
>
> thanks,
>
> AD
>
>
>
> On Thu, Sep 22, 2016 at 11:38 PM, Adam Dawes <adawes at google.com> wrote:
>
> Notes on today's call:
>
>
>
> Sept 22
>
> Attendees
>
> Adam Dawes, Marius Scurtescu, Jeroen Kemperman, Phil Hunt, Brian Campbell,
> George Fletcher, Dick Hardt, Henrik Biering
>
>
>
> ·         October 28 F2F at Google on Friday after IIW [please register
> <https://www.eventbrite.com/edit?eid=28032589229&published=0>]
>
> ·         SET working group charter:
> Who will be a reviewer? (Dick agrees)
>
> ·         Contract is signed between Microsoft and Google
> Google will get a clean contract and share with Amazon, Facebook, Confyrm.
> Let me know if you have interest in joining as well.
>
> ·         Reviewed Microsoft-Google F2F (below). Went through first 2 use
> cases. Discussed email header registration process.
> Feedback:
>
> o    Header idea is interesting but not sure what it adds
>
> o    The recipient still needs to trust that content of the message
> aligns with the header definition - otherwise can just send promo emails to
> the user to receive RISC signals. Nothing empirically more trustworthy
> about the mail.
>
> o    Seems to add a lot more complexity than just using the pub/sub
> mechanism. Free to have any 2 parties to use this mechanism if they desire
> but doesn’t sound like a great fit for the standard.
>
> o    Header might be useful for enterprise customers - actually not so
> hard to look MX and then do the registration if the mail is hosted.
>
> ·         Marius and Phil have been collaborating on the transport spec.
>
>
>
> NOTES FROM MICROSOFT MEETING 9/21
>
>
>
> Assumptions:
>
> ·         Relying Parties (RPs) start sending a special email header on
> all password reset and account registration messages. RPs keep track of
> when they request an account recovery from IDP.
>
> ·         Mail providers (IDPs) need to keep track of the email reset
> messages received by looking for this header. This will qualify as the
> registration for later events.
>
>
>
> Mail types
>
> ·         Password Reset
>
> ·         Email OTP challenge
>
> ·         Email verification for new accounts
>
> ·         Change email address
>
> ·         Account closed
>
> ·         Password change successful
>
>
>
> Cases
>
> 1.    Relying Party (RP) tells Mail Provider (IDP) of possible compromise
>
> RP will tell IDP when compromise of RP account started when RP received a
> password reset or OTP to IDP account.
>
> RP sends PubSub message to IDP after local detection determines of
> compromise and links it to the account recovery via the IDP.
>
>
>
>    1. Proof at risk: IDP tells RP they are at risk
>
> IDP will tell RP when IDP received an OTP or PWR from RP account during a
> time IDP account was compromised.
>
>
>
> IDP keeps track of incoming PWRs, sends pubsub to RPs that have sent
> recent PWRs
>
>
>
> On Thu, Sep 22, 2016 at 9:24 AM, Adam Dawes <adawes at google.com> wrote:
>
> Hi all,
>
>
>
> For today's call, I think we'll have a bit to talk about. Google and
> Microsoft spent all day yesterday talking about our collaboration together
> for RISC and today Google, Microsoft and Amazon are talking.
>
>
>
> Additionally, if we have time, we can continue our discussion about SET
> and transport.
>
>
>
> Hope to see you there.
>
>
>
> 1.  Please join my meeting.
>
> https://global.gotomeeting.com/join/576653581
>
>
>
> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
>
>
> United States: +1 (312) 757-3119
>
> Australia: +61 2 9091 7603
>
> Austria: +43 (0) 7 2088 0716
>
> Belgium: +32 (0) 28 08 4372
>
> Canada: +1 (647) 497-9380
>
> Denmark: +45 (0) 69 91 84 58
>
> Finland: +358 (0) 931 58 1773
>
> France: +33 (0) 170 950 590
>
> Germany: +49 (0) 692 5736 7300
>
> Ireland: +353 (0) 15 133 006
>
> Italy: +39 0 699 26 68 65
>
> Netherlands: +31 (0) 208 080 759
>
> New Zealand: +64 9 974 9579
>
> Norway: +47 21 04 30 59
>
> Spain: +34 931 76 1534
>
> Sweden: +46 (0) 852 500 691
>
> Switzerland: +41 (0) 435 0026 89
>
> United Kingdom: +44 (0) 20 3713 5011
>
>
>
> Access Code: 576-653-581
>
> Audio PIN: Shown after joining the meeting
>
>
>
> Meeting ID: 576-653-581
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
> <%2B1%20650-214-2410>
>
>
>
>
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
> <%2B1%20650-214-2410>
>
>
>
>
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>
>
>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-risc
>
>


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20160930/304d3e66/attachment-0001.html>


More information about the Openid-specs-risc mailing list