[Openid-specs-risc] RISC WG Agenda [Monday 9:30am PDT]

Mon Oct 3 17:35:44 UTC 2016

Notes for today's meeting at:
https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_yYgdlwHMnmt-12Gk/edit#

Oct 3

Attendees: Adam Dawes, Marius Scurtescu, John Bradley, Brad Hill, Dick
Hardt, Nat Sakimura, Phil Hunt, Anton Taborszky, Henrik Biering, Dale Olds

AI: Adam to nail down timing of F2F. Right now it will be for Friday
morning (10 - 3, lunch included). If possible, will move to Thursday
afternoon.

   -

   RISC F2F Agenda
   -

      Initial RISC event definitions
      -

         Hijacking
         -

         Session revocation/Change password
         -

         Token revocation (flavors)
         -

      RP registration
      -

         API
         -

         Email header
         -

      Signal sending transport (API)
      -

      SET proposal alignment
      -

      SET RISC format
      -

      Mutual milestones (RISC spec, SET spec, provider implementations)
      -

      Timing: Tentatively Friday morning and if makes sense, will move to
      Thursday afternoon.
      -

   Registration API/SET - Email registration
   Dick: No one really sees any advantage of the email header. It is
   perfectly possible to message the user directly in tandem with the API
   approach.
   John: this only provides a little cover that the user received an email.
   But doesn’t tell whether was really informed or gave consent. Also raises
   concerns over spying in email.
   -

   Registration privacy best practices
   Dick: Send general notice that new capability to protect you across your
   favorite apps. Give ability to opt out before it starts to happen.
   Phil: Maybe initiate this based on some action from the user- first time
   a user’s app registers for notifications for the user.
   Dick: probably scale this up by starting with new users and see if there
   is any negative reaction to it.
   Brad: To the extent we (FB) are going to do this, we are just going to
   do it, based on existing language in our ToS that allows sharing data
   specifically to prevent fraud and abuse. That will mean we need to have
   agreements with other providers about limitations on the use of this data.
   But that is much easier to do than to get individual user opt-in.
   Nat: I talked with WP29 person, and she did not find it problematic
   either.
   -

   Transport discussion Phil: Rushed to get this ready for the charter. Is
   a parallel with Netconf, xml-based messaging protocol. Lots of parallels
   but totally different stack. Good to check that spec to identify parallel
   use cases but don’t see any convergence. Next steps: waiting for next
   telechat (10/13) for SET workgroup. Planning on 1 hour meeting Seoul IETF
   (mid November). Want specific feedback on mutual registration to
   subscribe to feed. Need to figure out key discovery/rotation needs to get
   solidified. Microsoft wants a simpler more stripped down approach of
   just http post without more of the resilience. Phil will put together
   SET and transport talks at IIW and that will be the primer for everyone for
   the F2F.

On Sun, Oct 2, 2016 at 10:11 PM, Adam Dawes <adawes at google.com> wrote:

> Hi all,
>
> Here's the agenda for the call tomorrow:
>
>    - RISC F2F Agenda
>    - Registration API/SET - Email registration
>    - Registration privacy best practices
>    - Transport discussion
>    - SET
>       - Is there a path to type JWTs? Should we push that?
>
>
>
> *Call In Details*
> 1.  Please join my meeting.
> https://global.gotomeeting.com/join/576653581
>
> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
> United States: +1 (312) 757-3119
> Australia: +61 2 9091 7603
> Austria: +43 (0) 7 2088 0716
> Belgium: +32 (0) 28 08 4372
> Canada: +1 (647) 497-9380
> Denmark: +45 (0) 69 91 84 58
> Finland: +358 (0) 931 58 1773
> France: +33 (0) 170 950 590
> Germany: +49 (0) 692 5736 7300
> Ireland: +353 (0) 15 133 006
> Italy: +39 0 699 26 68 65
> Netherlands: +31 (0) 208 080 759
> New Zealand: +64 9 974 9579
> Norway: +47 21 04 30 59
> Spain: +34 931 76 1534
> Sweden: +46 (0) 852 500 691
> Switzerland: +41 (0) 435 0026 89
> United Kingdom: +44 (0) 20 3713 5011
>
> Access Code: 576-653-581
> Audio PIN: Shown after joining the meeting
>
> Meeting ID: 576-653-581
>
> --
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>
>

-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161003/8551f64e/attachment.html>