[Openid-specs-risc] RISC Agenda (Monday 9:30am PST)
Adam Dawes
adawes at google.com
Mon Dec 5 18:31:06 UTC 2016
Notes from Dec 5 meeting. Please update with any corrections or omissions.
Attendees
Adam Dawes, Marius Scurtescu, Dick Hardt, Phil Hunt, Adam Migus, John
Bradley, George Fletcher
Agenda
-
Sharing agreement
-
Amazon thinks that they’ll be ready in mid January. Agreement
generally looks okay but they are most concerned with the actual
info that
will be shared.
-
AoL gotten prelim ok from legal but need to get buy-in from CISO.
-
Confyrm want to participate, need to talk to Andrew for details
-
Oracle doesn’t quite know how to digest this from a legal process
standpoint, coming up with a general template instead of an actual
agreement. There may be more comfort to join an industry consortium,
perhaps one hosted at OIX instead of a common bi-lateral agreement.
-
Ping doesn’t have a great use case and not likely to participate.
-
Conclusion: for Google data, Google will wait to get feedback from
interested parties until the end of January. We’ll then work through once
with the parties that have given feedback to get to the preferred
agreement. Further asks for changes will be very difficult. [Dick] thinks
that there won’t be that many direct agreements.
-
Another use case around account recovery, leveraging credit card
details. RISC would be very helpful here. [Bruce Schneier article
<https://www.schneier.com/blog/archives/2016/12/guessing_credit.html>]
-
IETF summary
-
Formal meeting not too eventful. Some feedback on the name. Follow up
to incorporate Justin’s suggestion on payload.
-
Dick and Yaron Shefer are chairs for the Security Events WG.
AI: Dick needs to nominate current draft
<https://tools.ietf.org/html/draft-hunt-idevent-token-07> for the WG
to adopt.
-
Transport
-
Subscription management. Sorting out control plane from
transmission into possibly two documents. Phil sorting out different
requirements from different use cases (RISC, SCIM, OIDC). The
transport
seems quite different with RISC so need to factor out what
should go into
general spec and what into the RISC profile.
-
Phil will split the transport into control plane and messaging.
We’ll take some time to figure out control plane but let’s
not slow down
data sharing for it.
-
SETs
-
Google is working on events for: All sessions terminated, All
tokens revoked, Account Locked and Account Restored. Google
will propose
some common definitions based on the properties of their
system and we can
work towards more general definitions based on other
companies’ systems.
-
Google Pubsub and Event Pipeline
-
Will be ready to go with manually configured data plane whenever we
can get another party to work with.
AI: Adam to reach out to MSFT to get things coordinated. When the
agreeement is baked, we’ll have more that we can work with.
- For future discussion: Domain based relationships (Microsoft
enterprise - Google enterprise)
On Sun, Dec 4, 2016 at 11:53 PM, Adam Dawes <adawes at google.com> wrote:
> Hi all,
>
> Wanted to follow up from conversations at IETF around token spec and
> transport.
>
> 1. Please join my meeting.
> https://global.gotomeeting.com/join/576653581
>
> 2. Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
> United States: +1 (312) 757-3119 <(312)%20757-3119>
> Australia: +61 2 9091 7603 <+61%202%209091%207603>
> Austria: +43 (0) 7 2088 0716
> Belgium: +32 (0) 28 08 4372
> Canada: +1 (647) 497-9380 <(647)%20497-9380>
> Denmark: +45 (0) 69 91 84 58
> Finland: +358 (0) 931 58 1773
> France: +33 (0) 170 950 590
> Germany: +49 (0) 692 5736 7300 <+49%2069%20257367300>
> Ireland: +353 (0) 15 133 006
> Italy: +39 0 699 26 68 65
> Netherlands: +31 (0) 208 080 759
> New Zealand: +64 9 974 9579 <+64%209-974%209579>
> Norway: +47 21 04 30 59 <+47%2021%2004%2030%2059>
> Spain: +34 931 76 1534 <+34%20931%2076%2015%2034>
> Sweden: +46 (0) 852 500 691
> Switzerland: +41 (0) 435 0026 89
> United Kingdom: +44 (0) 20 3713 5011 <+44%2020%203713%205011>
>
> Access Code: 576-653-581
> Audio PIN: Shown after joining the meeting
>
> Meeting ID: 576-653-581
>
> --
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
> <(650)%20214-2410>
>
>
--
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161205/bd8a9b5d/attachment.html>
More information about the Openid-specs-risc
mailing list