[Openid-specs-risc] RISC WG Meeting 2/12

Phil Hunt phil.hunt at oracle.com
Mon Feb 12 19:17:05 UTC 2018


Thanks everyone.

Annabelle, can you provide the link where the issue was brought up in SECEVENTs? I’m not sure what exactly the question posed was to search for it.

Certainly the SECEVENTs charter itself says the group is producing a control plane (aka management API) that likely would cover most of the items in Marius’s draft. There has been no formal call to change the charter in this respect.



Phil

Oracle Corporation, Identity Cloud Services Architect
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>

> On Feb 12, 2018, at 10:39 AM, Adam Dawes via Openid-specs-risc <openid-specs-risc at lists.openid.net> wrote:
> 
> Attendees: Phil Hunt, Roshni Chandrasekhar, Annabelle Backman, Luke Camery, Adam Dawes, Henrik Biering
> 
> Legal Summary
> Over 20 people and 10 companies represented
> Offered presentation to bring everyone up to speed on efforts
> Working on generic bi-lateral agreement which will then be made public for re-use by the community. Google collaborating directly with Amazon right now on draft to bring to the WG to be adopted. Any two parties are free to modify the agreement as they would like. Google's plan is to not negotiate further after this initial draft is finalized.
> Spec Feedback
> Phil had some concerns about the management API. 
> AI: Phil to send specific points he wants to bring up to the list.
> 
> "Verified" attribute for add/remove subject
> Verified attribute outside the subject identifier was previous agreement. This might not always work. If we have ID Token subject type along with others in the subject, it is not clear which claim verified pertains to.
> 
> Let's have a more rigorous definition of what verified means. Can't come up with a definition that doesn't meet with how most providers have implemented- many may not exactly know the verification method or time. 
> 
> Proposed definition: Service provider has verified an account if they have sent a message (email, SMS) to the user's address and the user has acknowledged the receipt from the service provider by replying back to the service provider by clicking a link or entering a code at the service provider.
> 
> Questions: Does a marketing email with a click on a link work? Is a receipt where the recipient can dispute the transaction but doesn't do so an indication that the account is verified?
> 
> One or many streams
> Discussion about what should live in RISC and what should live in SecEvents.
> Phil believes some items in Marius' drafts should live in SecEvents. 
> Commentary that this was brought up in SecEvents already by Annabelle and the group did not take it up. RISC trying to define something to meet our base cases. No objection if that later is taken to SecEvents but want to unblock now.
> 
> Future Meetings
> Group agreed that we would have an additional meeting on Wednesday afternoon this week. Luke will schedule. 
> At that meeting we will find a time for a meeting next week given Monday is a US holiday.
> After next week, we will move to a weekly meeting cadence on Mondays.
> 
> 
> On Sun, Feb 11, 2018 at 8:10 PM, Luke Camery <lcamery at google.com <mailto:lcamery at google.com>> wrote:
> Dear All,
> 
> The RISC working group will meet tomorrow at 09:30 PST.
> 
> Agenda
> 1. Recap of legal summit
> 2. Discussion of Marius' RISC Profile draft:
> - "verified" attribute for add/remove subject
> - discovery URL, path before or after .well-known
> - one or many streams
> 
> The call in details are below.
> 
> Thanks,
> Luke
> 
> https://global.gotomeeting.com/join/576653581 <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_url-3Fq-3Dhttps-253A-252F-252Fglobal.gotomeeting.com-252Fjoin-252F576653581-26sa-3DD-26ust-3D1518415757211000-26usg-3DAFQjCNH7ZIi2zl7C0-2D32TKJtZ1qyaek8zQ&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=mlGR2GZ5OQO3mqBq8fZEtiQ3GFTWUgBt-jwBtVht8Hc&s=bDynMzt5wlRTJERUczT53c4STA5EmvIBx26WaeSmyAc&e=>
> You can also dial in using your phone.
> 
> United States +1 (786) 358-5410 <tel:(786)%20358-5410>
> 
> Access Code: 576-653-581 
> 
> More phone numbers
> 
> Australia (Long distance): +61 2 9087 3604 <tel:+61%202%209087%203604>
> 
> Austria (Long distance): +43 7 2088 1400
> 
> Belgium (Long distance): +32 (0) 92 98 0592
> 
> Canada (Long distance): +1 (647) 497-9350
> 
> Denmark (Long distance): +45 69 91 88 62
> 
> Finland (Long distance): +358 (0) 942 41 5778
> 
> France (Long distance): +33 (0) 182 880 456
> 
> Germany (Long distance): +49 (0) 692 5736 7211
> 
> Ireland (Long distance): +353 (0) 14 845 976
> 
> Italy (Long distance): +39 0 247 92 12 39
> 
> Netherlands (Long distance): +31 (0) 208 080 379
> 
> New Zealand (Long distance): +64 4 974 7215
> 
> Norway (Long distance): +47 21 03 58 96
> 
> Spain (Long distance): +34 911 82 9782
> 
> Sweden (Long distance): +46 (0) 313 613 558
> 
> Switzerland (Long distance): +41 (0) 225 3314 51
> 
> United Kingdom (Long distance): +44 (0) 20 3535 0621
> 
> 
> -- 
> 	
>   •  Luke Camery
>   •  Associate Product Manager
>   •  Federated Identity
> 
> 
> 
> -- 
> Adam Dawes | Sr. Product Manager | adawes at google.com <mailto:adawes at google.com> | +1 650-214-2410
> 
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net <mailto:Openid-specs-risc at lists.openid.net>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=mlGR2GZ5OQO3mqBq8fZEtiQ3GFTWUgBt-jwBtVht8Hc&s=tBc8537ZofF8FmxVFTpZzeD7mfrjgbFo1OBQDEpVC88&e= <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=mlGR2GZ5OQO3mqBq8fZEtiQ3GFTWUgBt-jwBtVht8Hc&s=tBc8537ZofF8FmxVFTpZzeD7mfrjgbFo1OBQDEpVC88&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180212/b4fca1af/attachment-0001.html>


More information about the Openid-specs-risc mailing list