[Openid-specs-risc] RISC WG Meeting 2/12
adawes at google.com
Mon Feb 12 18:39:03 UTC 2018
Attendees: Phil Hunt, Roshni Chandrasekhar, Annabelle Backman, Luke Camery,
Adam Dawes, Henrik Biering
- Over 20 people and 10 companies represented
- Offered presentation to bring everyone up to speed on efforts
- Working on generic bi-lateral agreement which will then be made public
for re-use by the community. Google collaborating directly with Amazon
right now on draft to bring to the WG to be adopted. Any two parties are
free to modify the agreement as they would like. Google's plan is to not
negotiate further after this initial draft is finalized.
Phil had some concerns about the management API.
AI: Phil to send specific points he wants to bring up to the list.
*"Verified" attribute for add/remove subject*
Verified attribute outside the subject identifier was previous agreement.
This might not always work. If we have ID Token subject type along with
others in the subject, it is not clear which claim verified pertains to.
Let's have a more rigorous definition of what verified means. Can't come up
with a definition that doesn't meet with how most providers have
implemented- many may not exactly know the verification method or time.
Proposed definition: Service provider has verified an account if they have
sent a message (email, SMS) to the user's address and the user has
acknowledged the receipt from the service provider by replying back to the
service provider by clicking a link or entering a code at the service
Questions: Does a marketing email with a click on a link work? Is a receipt
where the recipient can dispute the transaction but doesn't do so an
indication that the account is verified?
*One or many streams*
Discussion about what should live in RISC and what should live in SecEvents.
Phil believes some items in Marius' drafts should live in SecEvents.
Commentary that this was brought up in SecEvents already by Annabelle and
the group did not take it up. RISC trying to define something to meet our
base cases. No objection if that later is taken to SecEvents but want to
Group agreed that we would have an additional meeting on Wednesday
afternoon this week. Luke will schedule.
At that meeting we will find a time for a meeting next week given Monday is
a US holiday.
After next week, we will move to a weekly meeting cadence on Mondays.
On Sun, Feb 11, 2018 at 8:10 PM, Luke Camery <lcamery at google.com> wrote:
> Dear All,
> The RISC working group will meet tomorrow at 09:30 PST.
> 1. Recap of legal summit
> 2. Discussion of Marius' RISC Profile draft:
> - "verified" attribute for add/remove subject
> - discovery URL, path before or after .well-known
> - one or many streams
> The call in details are below.
> You can also dial in using your phone. United States +1 (786) 358-5410
> <(786)%20358-5410> Access Code: 576-653-581 More phone numbers Australia
> (Long distance): +61 2 9087 3604 <+61%202%209087%203604> Austria (Long
> distance): +43 7 2088 1400 Belgium (Long distance): +32 (0) 92 98 0592
> Canada (Long distance): +1 (647) 497-9350 Denmark (Long distance): +45 69
> 91 88 62 Finland (Long distance): +358 (0) 942 41 5778 France (Long
> distance): +33 (0) 182 880 456 Germany (Long distance): +49 (0) 692 5736
> 7211 Ireland (Long distance): +353 (0) 14 845 976 Italy (Long distance):
> +39 0 247 92 12 39 Netherlands (Long distance): +31 (0) 208 080 379 New
> Zealand (Long distance): +64 4 974 7215 Norway (Long distance): +47 21 03
> 58 96 Spain (Long distance): +34 911 82 9782 Sweden (Long distance): +46
> (0) 313 613 558 Switzerland (Long distance): +41 (0) 225 3314 51 United
> Kingdom (Long distance): +44 (0) 20 3535 0621
> * • **Luke Camery*
> * • *Associate Product Manager
> * • *Federated Identity
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-risc