[Openid-specs-risc] RISC Agenda (Monday 9:30am PST)

Adam Dawes adawes at google.com
Mon Dec 5 18:31:06 UTC 2016


Notes from Dec 5 meeting. Please update with any corrections or omissions.


Attendees

Adam Dawes, Marius Scurtescu, Dick Hardt, Phil Hunt, Adam Migus, John
Bradley, George Fletcher

Agenda

   -

   Sharing agreement
   -

      Amazon thinks that they’ll be ready in mid January. Agreement
      generally looks okay but they are most concerned with the actual
info that
      will be shared.
      -

      AoL gotten prelim ok from legal but need to get buy-in from CISO.
      -

      Confyrm want to participate, need to talk to Andrew for details
      -

      Oracle doesn’t quite know how to digest this from a legal process
      standpoint, coming up with a general template instead of an actual
      agreement. There may be more comfort to join an industry consortium,
      perhaps one hosted at OIX instead of a common bi-lateral agreement.
      -

      Ping doesn’t have a great use case and not likely to participate.
      -

      Conclusion: for Google data, Google will wait to get feedback from
      interested parties until the end of January. We’ll then work through once
      with the parties that have given feedback to get to the preferred
      agreement. Further asks for changes will be very difficult. [Dick] thinks
      that there won’t be that many direct agreements.
      -

   Another use case around account recovery, leveraging credit card
   details. RISC would be very helpful here. [Bruce Schneier article
   <https://www.schneier.com/blog/archives/2016/12/guessing_credit.html>]
   -

   IETF summary
   -

      Formal meeting not too eventful. Some feedback on the name. Follow up
      to incorporate Justin’s suggestion on payload.
      -

      Dick and Yaron Shefer are chairs for the Security Events WG.
      AI: Dick needs to nominate current draft
      <https://tools.ietf.org/html/draft-hunt-idevent-token-07> for the WG
      to adopt.
      -

      Transport
      -

         Subscription management. Sorting out control plane from
         transmission into possibly two documents. Phil sorting out different
         requirements from different use cases (RISC, SCIM, OIDC). The
transport
         seems quite different with RISC so need to factor out what
should go into
         general spec and what into the RISC profile.
         -

         Phil will split the transport into control plane and messaging.
         We’ll take some time to figure out control plane but let’s
not slow down
         data sharing for it.
         -

      SETs
      -

         Google is working on events for: All sessions terminated, All
         tokens revoked, Account Locked and Account Restored. Google
will propose
         some common definitions based on the properties of their
system and we can
         work towards more general definitions based on other
companies’ systems.
         -

   Google Pubsub and Event Pipeline
   -

      Will be ready to go with manually configured data plane whenever we
      can get another party to work with.
      AI: Adam to reach out to MSFT to get things coordinated. When the
      agreeement is baked, we’ll have more that we can work with.
      - For future discussion: Domain based relationships (Microsoft
   enterprise - Google enterprise)


On Sun, Dec 4, 2016 at 11:53 PM, Adam Dawes <adawes at google.com> wrote:

> Hi all,
>
> Wanted to follow up from conversations at IETF around token spec and
> transport.
>
> 1.  Please join my meeting.
> https://global.gotomeeting.com/join/576653581
>
> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
>
> United States: +1 (312) 757-3119 <(312)%20757-3119>
> Australia: +61 2 9091 7603 <+61%202%209091%207603>
> Austria: +43 (0) 7 2088 0716
> Belgium: +32 (0) 28 08 4372
> Canada: +1 (647) 497-9380 <(647)%20497-9380>
> Denmark: +45 (0) 69 91 84 58
> Finland: +358 (0) 931 58 1773
> France: +33 (0) 170 950 590
> Germany: +49 (0) 692 5736 7300 <+49%2069%20257367300>
> Ireland: +353 (0) 15 133 006
> Italy: +39 0 699 26 68 65
> Netherlands: +31 (0) 208 080 759
> New Zealand: +64 9 974 9579 <+64%209-974%209579>
> Norway: +47 21 04 30 59 <+47%2021%2004%2030%2059>
> Spain: +34 931 76 1534 <+34%20931%2076%2015%2034>
> Sweden: +46 (0) 852 500 691
> Switzerland: +41 (0) 435 0026 89
> United Kingdom: +44 (0) 20 3713 5011 <+44%2020%203713%205011>
>
> Access Code: 576-653-581
> Audio PIN: Shown after joining the meeting
>
> Meeting ID: 576-653-581
>
> --
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
> <(650)%20214-2410>
>
>


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161205/bd8a9b5d/attachment.html>


More information about the Openid-specs-risc mailing list