[Openid-specs-risc] RISC Notes 3/19

Luke Camery lcamery at google.com
Tue Mar 20 00:19:41 UTC 2018 

*Summary*
Thanks everyone for attending despite the busy week with IETF. We will
continue next week at 3:30pm PST with a discussion of the updated specs and
updates on the issues in the tracker.

*Attendees*= [Luke Camery, Tushar Pradhan, Marius Scurtescu, Adam Dawes]

*ACTION ITEMS*
*- AI: Marius will renew this document by next week*
* - AI: Marius to take on figuring out oauth events*
* - AI: Marius remind Annabelle and Chair to resolve this at secevents*

*FULL NOTES*
- Opt out / opt in / opt in cancel / opt out requested
- Most likely opt out will become an extra hijacking signal
- Four state change give you a great picture
- Tushar: Publish some timeframe to make abuse work easier
- Recovery Activated
- Positive sentiment from google
- Confusion about identifier versus recovery
- Need to clarify this in a description body
- Recovery Information Change
- Positive sentiment from google
- Token and Sessions Revoked
- Not risk (or risc) events
- Token lifecycle / oauth events
- oauth client disabled or recycled
- oauth IETF working group or RISC working group?
- Tushar agrees in separating it out and linking oauth specific events to
oauth
- Tushar agrees it's important though with a different mechanism
* - AI: Marius will renew this document by next week*
* - AI: Marius to take on figuring out oauth events*
- Update: Marius and Phil discussed the delivery spec
- Multiple delivery methods required one mandatory (Phil)
- Others disagree with Phil on this point
- AI: Raise issues with the chairs on mandatory to implement
- Phil is thinking of hybrid method that covers both
- Marius thinks hybrid could be better than polling, but push is by far the
best and needs to be preserved
* - AI: Marius remind Annabelle and Chair to resolve this at secevents*
- Update on secevents work for RISC, but not working group AIs

-- 

*  •  **Luke Camery*
*  •  *Associate Product Manager
*  •  *Federated Identity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180320/5e22db9f/attachment.html>

More information about the Openid-specs-risc mailing list