[Openid-specs-risc] [RISC-WG] Agenda for today (3pm PDT)
Adam Dawes
adawes at google.com
Mon May 15 22:52:06 UTC 2017
Notes:
May 15,
Attendees:Adam Dawes, Marius Scurtescu, Annabelle Backman, Dale Olds,
Henrik Biering, Phil Hunt, Edmund Jay
-
F2F Review
<https://docs.google.com/presentation/d/1E1wO33adnitJVkfoibHDJeYsZql3i1ImneBxI1aA-HQ/edit?usp=sharing>
Open Issues
-
Decided base URI for all risc events. [AI] MS to send this to the
list saying that we’ll work from this. Phil comments that URLs should be
resolvable and bring up docs describing the event.
-
Should there be base profile for all OAuth based events (like
token_revoked).
-
Does RISC require OAuth clientID? For control plane or securing the
data plane, everyone feels ok requiring OAuth clientID/secrets to secure
that channel. Debate over whether payload semantics should require OAuth
denominated claims.
-
We’re not going to support token_revoked or session_revoked. Use
cases are not clear. As a design principle, we want to be conservative
creating claims without clear use cases. It is also likely that
these will
be defined by OAuth working group.
-
Account disabled breaks into three categories
Allows us to be ambiguous about ToS violation and provides sufficient
detail on others that would benefit from specific response. Agreement on
the following buckets:
-
Bot abuse
Recipient may want to deactivate locally as well.
-
ToS violation, User initiated deactivation, admin deactivated
Recipient would want a new recovery/login mechanism from user.
-
Hijacked
Recipient would want to look at risk on account, particularly
recent use of recovery flows.
-
Work Streams
-
RISC Profile Spec (profiling SecEvents). Contain RISC events and
control plane authentication [owner: adam, marius]
-
SET Spec: format of the JWT [owner: phil]
-
SecEvents Distribution spec:
-
Control plane config, two options:
At next IETF the WG will choose which proposal to adopt.
-
Basic REST proposal [owners: marius, annabelle]
-
SCIM proposal [owner: phil]
-
Data plane config (Post/Pull methods, Error responses). [owners:
phil]
-
Legal
-
Organize legal F2F to hammer out common agreement [owner: dick]
-
Next F2F
-
July: IETF Prague
-
Aug/Sept target, hosted by Amazon in Seattle. [owner: dick]
On Mon, May 15, 2017 at 2:59 PM, Marius Scurtescu <mscurtescu at google.com>
wrote:
> Here is the link to the slides:
> https://docs.google.com/presentation/d/1E1wO33adnitJVkfoibHDJeYsZql3i
> 1ImneBxI1aA-HQ/edit?usp=sharing
>
> Marius
>
> On Mon, May 15, 2017 at 1:22 PM, Phil Hunt (IDM) <phil.hunt at oracle.com>
> wrote:
>
>> I will be on. Unfortunately I have to leave the call at 3:30.
>>
>> Phil
>>
>> On May 15, 2017, at 12:36 PM, Adam Dawes <adawes at google.com> wrote:
>>
>> Hi all,
>>
>> For today's agenda, wanted to do a recap of the f2f for those that didn't
>> attend and review the different workstreams in progress.
>>
>> Anything else?
>>
>> thanks,
>> AD
>>
>> --
>> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>> <(650)%20214-2410>
>>
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.op
>> enid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=R
>> oP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0F
>> kITSeGJxPEivzjWwlNKe4C_lLIGk&m=m_dXrRBEyhGuEIrJ9DAnBBEe39Na
>> n5pL50OnlM3WBEo&s=Rwcalcc4X13EY6gq-uX2m7C9PtpS6LwmJhjcmj1QHa4&e=
>>
>>
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-risc
>>
>>
>
--
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170515/36697a9c/attachment-0001.html>
More information about the Openid-specs-risc
mailing list