<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I plan to attend.  Morning is better so  i can catch late aft flight out of sfo. <br><br>Phil</div><div><br>On Sep 30, 2016, at 12:34 PM, Adam Dawes <<a href="mailto:adawes@google.com">adawes@google.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi all,<div><br></div><div>I haven't seen any <a href="https://www.eventbrite.com/e/oidf-risc-wg-f2f-tickets-28032589229">registrations</a> yet for the RISC F2F on October 28. If you plan to come, please register to make planning easier.</div><div><br></div><div>As far as timing goes, I was planning on having this from 12-5 (lunch provided). We can switch to something like 9:30 - 1:30 if that is better for folks since I know some people are traveling. Please reply to me if you have a strong preference for morning or afternoon and if you don't care, please register now.</div><div><br></div><div>Agenda topics:</div><div><ul><li>Initial RISC event definitions</li><ul><li>Hijacking</li><li>Session revocation/Change password</li><li>Token revocation (flavors)</li></ul><li>RP registration </li><ul><li>API</li><li>Email header</li></ul><li>Signal sending transport (API)</li><li>SET proposal alignment</li><li>SET RISC format</li><li>Mutual milestones (RISC spec, SET spec, provider implementations)</li></ul><div>thanks,</div></div><div>AD</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 22, 2016 at 11:38 PM, Adam Dawes <span dir="ltr"><<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Notes on today's call:<div><br></div><div><span id="m_375313417473542256gmail-docs-internal-guid-761a6c06-55c2-ad57-6c3f-cdb29e2afcff"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Sept 22</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Attendees</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Adam Dawes, Marius Scurtescu, Jeroen Kemperman, Phil Hunt, Brian Campbell, George Fletcher, Dick Hardt, Henrik Biering</span></p><br><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">October 28 F2F at Google on Friday after IIW [</span><a href="https://www.eventbrite.com/edit?eid=28032589229&published=0" style="text-decoration:none" target="_blank"><span style="font-size:14.6667px;background-color:transparent;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">please register</span></a><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">]</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SET working group charter: </span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Who will be a reviewer? (Dick agrees)</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Contract is signed between Microsoft and Google</span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Google will get a clean contract and share with Amazon, Facebook, Confyrm. Let me know if you have interest in joining as well.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reviewed Microsoft-Google F2F (below). Went through first 2 use cases. Discussed email header registration process.</span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Feedback:</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Header idea is interesting but not sure what it adds</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">The recipient still needs to trust that content of the message aligns with the header definition - otherwise can just send promo emails to the user to receive RISC signals. Nothing empirically more trustworthy about the mail.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Seems to add a lot more complexity than just using the pub/sub mechanism. Free to have any 2 parties to use this mechanism if they desire but doesn’t sound like a great fit for the standard.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Header might be useful for enterprise customers - actually not so hard to look MX and then do the registration if the mail is hosted.</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Marius and Phil have been collaborating on the transport spec. </span></p></li></ul><br><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">NOTES FROM MICROSOFT MEETING 9/21</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Assumptions:</span></p><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Relying Parties (RPs) start sending a special email header on all password reset and account registration messages. RPs keep track of when they request an account recovery from IDP.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Mail providers (IDPs) need to keep track of the email reset messages received by looking for this header. This will qualify as the registration for later events.</span></p></li></ul><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Mail types</span></p><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Password Reset</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email OTP challenge</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email verification for new accounts</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Change email address</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Account closed</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Password change successful</span></p></li></ul><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Cases </span></p><ol style="margin-top:0pt;margin-bottom:0pt"><li style="list-style-type:decimal;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Relying Party (RP) tells Mail Provider (IDP) of possible compromise</span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">RP will tell IDP when compromise of RP account started when RP received a password reset or OTP to IDP account.</span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">RP sends PubSub message to IDP after local detection determines of compromise and links it to the account recovery via the IDP.</span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"><br class="m_375313417473542256gmail-kix-line-break"></span></p></li><li>Proof at risk: IDP tells RP they are at risk<br></li></ol></span></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><span><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IDP will tell RP when IDP received an OTP or PWR from RP account during a time IDP account was compromised.</span></span></div><div><span><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="m_375313417473542256gmail-kix-line-break"></span></span></div><div><span><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IDP keeps track of incoming PWRs, sends pubsub to RPs that have sent recent PWRs</span></span></div></blockquote></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 22, 2016 at 9:24 AM, Adam Dawes <span dir="ltr"><<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>For today's call, I think we'll have a bit to talk about. Google and Microsoft spent all day yesterday talking about our collaboration together for RISC and today Google, Microsoft and Amazon are talking.</div><div><br></div><div>Additionally, if we have time, we can continue our discussion about SET and transport.</div><div><br></div><div>Hope to see you there.</div><div><br></div><div><div>1.  Please join my meeting.</div><div><a href="https://global.gotomeeting.com/join/576653581" target="_blank">https://global.gotomeeting.com<wbr>/join/576653581</a></div><div><br></div><div>2.  Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.</div><div><br></div><div>United States: <a href="tel:%2B1%20%28312%29%20757-3119" value="+13127573119" target="_blank">+1 (312) 757-3119</a></div><div>Australia: <a href="tel:%2B61%202%209091%207603" value="+61290917603" target="_blank">+61 2 9091 7603</a></div><div>Austria: +43 (0) 7 2088 0716</div><div>Belgium: +32 (0) 28 08 4372</div><div>Canada: <a href="tel:%2B1%20%28647%29%20497-9380" value="+16474979380" target="_blank">+1 (647) 497-9380</a></div><div>Denmark: +45 (0) 69 91 84 58</div><div>Finland: +358 (0) 931 58 1773</div><div>France: +33 (0) 170 950 590</div><div>Germany: <a href="tel:%2B49%20%280%29%20692%205736%207300" value="+4969257367300" target="_blank">+49 (0) 692 5736 7300</a></div><div>Ireland: +353 (0) 15 133 006</div><div>Italy: +39 0 699 26 68 65</div><div>Netherlands: +31 (0) 208 080 759</div><div>New Zealand: <a href="tel:%2B64%209%20974%209579" value="+6499749579" target="_blank">+64 9 974 9579</a></div><div>Norway: <a href="tel:%2B47%2021%2004%2030%2059" value="+4721043059" target="_blank">+47 21 04 30 59</a></div><div>Spain: <a href="tel:%2B34%20931%2076%201534" value="+34931761534" target="_blank">+34 931 76 1534</a></div><div>Sweden: +46 (0) 852 500 691</div><div>Switzerland: +41 (0) 435 0026 89</div><div>United Kingdom: <a href="tel:%2B44%20%280%29%2020%203713%205011" value="+442037135011" target="_blank">+44 (0) 20 3713 5011</a></div><div><br></div><div>Access Code: 576-653-581</div><div>Audio PIN: Shown after joining the meeting</div><div><br></div><div>Meeting ID: 576-653-581</div></div><span class="m_375313417473542256HOEnZb"><font color="#888888"><div><div><br></div>-- <br><div class="m_375313417473542256m_7143548855754700222gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> <a href="tel:%2B1%20650-214-2410" value="+16502142410" target="_blank"><wbr>+1 650-214-2410</a></span></div><br></div></div>
</div></font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_375313417473542256gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> <a href="tel:%2B1%20650-214-2410" value="+16502142410" target="_blank"><wbr>+1 650-214-2410</a></span></div><br></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> +1 650-214-2410</span></div><br></div></div>
</div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-risc mailing list</span><br><span><a href="mailto:Openid-specs-risc@lists.openid.net">Openid-specs-risc@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-risc">http://lists.openid.net/mailman/listinfo/openid-specs-risc</a></span><br></div></blockquote></body></html>