[Openid-specs-risc] RISC WG Agenda [Monday 9:30am PDT]

Adam Dawes adawes at google.com
Mon Oct 3 20:06:08 UTC 2016 

Thanks for the correction. The notes doc has been updated accordingly.

On Mon, Oct 3, 2016 at 11:27 AM, Hardt, Dick <dick at amazon.com> wrote:

> Corrections highlighted. J
>
>
>
> On 10/3/16, 10:35 AM, someone claiming to be "Openid-specs-risc on behalf
> of Adam Dawes" <openid-specs-risc-bounces at lists.openid.net on behalf of
> adawes at google.com> wrote:
>
>
>
> Notes for today's meeting at:
>
> https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_
> yYgdlwHMnmt-12Gk/edit#
> <https://docs.google.com/document/d/1XZi2p4A5LXLJD7sysQTg33mCtC_yYgdlwHMnmt-12Gk/edit>
>
>
>
> *Oct 3*
>
> Attendees: Adam Dawes, Marius Scurtescu, John Bradley, Brad Hill, Dick
> Hardt, Nat Sakimura, Phil Hunt, Anton Taborszky, Henrik Biering, Dale Olds
>
>
>
> AI: Adam to nail down timing of F2F. Right now it will be for Friday
> morning (10 - 3, lunch included). If possible, will move to Thursday
> afternoon.
>
>
>
> · RISC F2F Agenda
>
> oInitial RISC event definitions
>
> § Hijacking
>
> § Session revocation/Change password
>
> § Token revocation (flavors)
>
> oRP registration
>
> § API
>
> § Email header
>
> oSignal sending transport (API)
>
> oSET proposal alignment
>
> oSET RISC format
>
> oMutual milestones (RISC spec, SET spec, provider implementations)
>
> oTiming: Tentatively Friday morning and if makes sense, will move to
> Thursday afternoon.
>
> · Registration API/SET - Email registration
> Dick: No clear one really sees any advantage of the email header. It is
> perfectly possible to message the user directly in tandem with the API
> approach.
> John: this only provides a little cover that the user received an email.
> But doesn’t tell whether was really informed or gave consent. Also raises
> concerns over spying in email.
>
>
>
> · Registration privacy best practices
> Dick: Send general notice that new capability to protect you across your
> favorite apps. Give ability to opt out before it starts to happen.
> Phil: Maybe initiate this based on some action from the user- first time a
> user’s app registers for notifications for the user.
> Dick: probably scale this up by starting with new users and see if there
> is any negative reaction to it. We would want to be transparent to our
> users when we roll this out.
>
> Brad: To the extent we (FB) are going to do this, we are just going to do
> it, based on existing language in our ToS that allows sharing data
> specifically to prevent fraud and abuse. That will mean we need to have
> agreements with other providers about limitations on the use of this data.
> But that is much easier to do than to get individual user opt-in.
> Nat: I talked with WP29 person, and she did not find it problematic either.
>
> · Transport discussion Phil: Rushed to get this ready for the charter. Is
> a parallel with Netconf, xml-based messaging protocol. Lots of parallels
> but totally different stack. Good to check that spec to identify parallel
> use cases but don’t see any convergence. Next steps: waiting for next
> telechat (10/13) for SET workgroup. Planning on 1 hour meeting Seoul IETF
> (mid November). Want specific feedback on mutual registration to subscribe
> to feed. Need to figure out key discovery/rotation needs to get solidified.
> Microsoft wants a simpler more stripped down approach of just http post
> without more of the resilience. Phil will put together SET and transport
> talks at IIW and that will be the primer for everyone for the F2F.
>
>
>
> On Sun, Oct 2, 2016 at 10:11 PM, Adam Dawes <adawes at google.com> wrote:
>
> Hi all,
>
>
>
> Here's the agenda for the call tomorrow:
>
>    - RISC F2F Agenda
>    - Registration API/SET - Email registration
>    - Registration privacy best practices
>    - Transport discussion
>    - SET
>
>
>    - Is there a path to type JWTs? Should we push that?
>
>
>
>
>
> *Call In Details*
>
> 1.  Please join my meeting.
>
> https://global.gotomeeting.com/join/576653581
>
>
>
> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
>
>
> United States: +1 (312) 757-3119
>
> Australia: +61 2 9091 7603
>
> Austria: +43 (0) 7 2088 0716
>
> Belgium: +32 (0) 28 08 4372
>
> Canada: +1 (647) 497-9380
>
> Denmark: +45 (0) 69 91 84 58
>
> Finland: +358 (0) 931 58 1773
>
> France: +33 (0) 170 950 590
>
> Germany: +49 (0) 692 5736 7300
>
> Ireland: +353 (0) 15 133 006
>
> Italy: +39 0 699 26 68 65
>
> Netherlands: +31 (0) 208 080 759
>
> New Zealand: +64 9 974 9579
>
> Norway: +47 21 04 30 59
>
> Spain: +34 931 76 1534
>
> Sweden: +46 (0) 852 500 691
>
> Switzerland: +41 (0) 435 0026 89
>
> United Kingdom: +44 (0) 20 3713 5011
>
>
>
> Access Code: 576-653-581
>
> Audio PIN: Shown after joining the meeting
>
>
>
> Meeting ID: 576-653-581
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
> <%2B1%20650-214-2410>
>
>
>
>
>
>
>
> --
>
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>
>
>
>


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161003/2fb87648/attachment.html>

More information about the Openid-specs-risc mailing list