[Openid-specs-risc] RISC WG Agenda [Monday 9:30am PDT]

Hardt, Dick dick at amazon.com
Mon Oct 3 18:27:16 UTC 2016


Corrections highlighted. ☺

On 10/3/16, 10:35 AM, someone claiming to be "Openid-specs-risc on behalf of Adam Dawes" <openid-specs-risc-bounces at lists.openid.net<mailto:openid-specs-risc-bounces at lists.openid.net> on behalf of adawes at google.com<mailto:adawes at google.com>> wrote:

Notes for today's meeting at:
https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_yYgdlwHMnmt-12Gk/edit#<https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_yYgdlwHMnmt-12Gk/edit>


Oct 3

Attendees: Adam Dawes, Marius Scurtescu, John Bradley, Brad Hill, Dick Hardt, Nat Sakimura, Phil Hunt, Anton Taborszky, Henrik Biering, Dale Olds

AI: Adam to nail down timing of F2F. Right now it will be for Friday morning (10 - 3, lunch included). If possible, will move to Thursday afternoon.


· RISC F2F Agenda

oInitial RISC event definitions

§ Hijacking

§ Session revocation/Change password

§ Token revocation (flavors)

oRP registration

§ API

§ Email header

oSignal sending transport (API)

oSET proposal alignment

oSET RISC format

oMutual milestones (RISC spec, SET spec, provider implementations)

oTiming: Tentatively Friday morning and if makes sense, will move to Thursday afternoon.

· Registration API/SET - Email registration
Dick: No clear one really sees any advantage of the email header. It is perfectly possible to message the user directly in tandem with the API approach.
John: this only provides a little cover that the user received an email. But doesn’t tell whether was really informed or gave consent. Also raises concerns over spying in email.



· Registration privacy best practices
Dick: Send general notice that new capability to protect you across your favorite apps. Give ability to opt out before it starts to happen.
Phil: Maybe initiate this based on some action from the user- first time a user’s app registers for notifications for the user.
Dick: probably scale this up by starting with new users and see if there is any negative reaction to it. We would want to be transparent to our users when we roll this out.
Brad: To the extent we (FB) are going to do this, we are just going to do it, based on existing language in our ToS that allows sharing data specifically to prevent fraud and abuse. That will mean we need to have agreements with other providers about limitations on the use of this data.  But that is much easier to do than to get individual user opt-in.
Nat: I talked with WP29 person, and she did not find it problematic either.

· Transport discussion Phil: Rushed to get this ready for the charter. Is a parallel with Netconf, xml-based messaging protocol. Lots of parallels but totally different stack. Good to check that spec to identify parallel use cases but don’t see any convergence. Next steps: waiting for next telechat (10/13) for SET workgroup. Planning on 1 hour meeting Seoul IETF (mid November). Want specific feedback on mutual registration to subscribe to feed. Need to figure out key discovery/rotation needs to get solidified. Microsoft wants a simpler more stripped down approach of just http post without more of the resilience. Phil will put together SET and transport talks at IIW and that will be the primer for everyone for the F2F.

On Sun, Oct 2, 2016 at 10:11 PM, Adam Dawes <adawes at google.com<mailto:adawes at google.com>> wrote:
Hi all,

Here's the agenda for the call tomorrow:

  *   RISC F2F Agenda
  *   Registration API/SET - Email registration
  *   Registration privacy best practices
  *   Transport discussion
  *   SET

     *   Is there a path to type JWTs? Should we push that?


Call In Details
1.  Please join my meeting.
https://global.gotomeeting.com/join/576653581

2.  Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

United States: +1 (312) 757-3119<tel:%2B1%20%28312%29%20757-3119>
Australia: +61 2 9091 7603<tel:%2B61%202%209091%207603>
Austria: +43 (0) 7 2088 0716
Belgium: +32 (0) 28 08 4372
Canada: +1 (647) 497-9380<tel:%2B1%20%28647%29%20497-9380>
Denmark: +45 (0) 69 91 84 58
Finland: +358 (0) 931 58 1773
France: +33 (0) 170 950 590
Germany: +49 (0) 692 5736 7300<tel:%2B49%20%280%29%20692%205736%207300>
Ireland: +353 (0) 15 133 006
Italy: +39 0 699 26 68 65
Netherlands: +31 (0) 208 080 759
New Zealand: +64 9 974 9579<tel:%2B64%209%20974%209579>
Norway: +47 21 04 30 59<tel:%2B47%2021%2004%2030%2059>
Spain: +34 931 76 1534<tel:%2B34%20931%2076%201534>
Sweden: +46 (0) 852 500 691
Switzerland: +41 (0) 435 0026 89
United Kingdom: +44 (0) 20 3713 5011<tel:%2B44%20%280%29%2020%203713%205011>

Access Code: 576-653-581
Audio PIN: Shown after joining the meeting

Meeting ID: 576-653-581

--
Adam Dawes | Sr. Product Manager | adawes at google.com<mailto:adawes at google.com> | +1 650-214-2410<tel:%2B1%20650-214-2410>




--
Adam Dawes | Sr. Product Manager | adawes at google.com<mailto:adawes at google.com> | +1 650-214-2410

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161003/a1194985/attachment-0001.html>


More information about the Openid-specs-risc mailing list