<div dir="ltr">Notes:<div><br></div><div><span id="gmail-docs-internal-guid-d7d0d651-0e4f-5548-75fa-e435e07841f8"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">May 15, </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Attendees:Adam Dawes, Marius Scurtescu, Annabelle Backman, Dale Olds, Henrik Biering, Phil Hunt, Edmund Jay</span></p><br><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://docs.google.com/presentation/d/1E1wO33adnitJVkfoibHDJeYsZql3i1ImneBxI1aA-HQ/edit?usp=sharing" style="text-decoration-line:none"><span style="font-size:11pt;background-color:transparent;text-decoration-line:underline;vertical-align:baseline;white-space:pre-wrap">F2F Review</span></a><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Open Issues</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Decided base URI for all risc events. [AI] MS to send this to the list saying that we’ll work from this. Phil comments that URLs should be resolvable and bring up docs describing the event.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Should there be base profile for all OAuth based events (like token_revoked). </span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Does RISC require OAuth clientID? For control plane or securing the data plane, everyone feels ok requiring OAuth clientID/secrets to secure that channel. Debate over whether payload semantics should require OAuth denominated claims.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">We’re not going to support token_revoked or session_revoked. Use cases are not clear. As a design principle, we want to be conservative creating claims without clear use cases. It is also likely that these will be defined by OAuth working group.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Account disabled breaks into three categories</span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Allows us to be ambiguous about ToS violation and provides sufficient detail on others that would benefit from specific response. Agreement on the following buckets:</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Bot abuse</span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Recipient may want to deactivate locally as well.</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">ToS violation, User initiated deactivation, admin deactivated</span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Recipient would want a new recovery/login mechanism from user.</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hijacked</span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Recipient would want to look at risk on account, particularly recent use of recovery flows.</span></p></li></ul></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Work Streams</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">RISC Profile Spec (profiling SecEvents). Contain RISC events and control plane authentication [owner: adam, marius]</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SET Spec: format of the JWT [owner: phil]</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SecEvents Distribution spec: </span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Control plane config, two options:</span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">At next IETF the WG will choose which proposal to adopt.</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Basic REST proposal [owners: marius, annabelle]</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SCIM proposal [owner: phil]</span></p></li></ul><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Data plane config (Post/Pull methods, Error responses). [owners: phil]</span></p></li></ul><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Legal</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Organize legal F2F to hammer out common agreement [owner: dick]</span></p></li></ul><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Next F2F</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">July: IETF Prague</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Aug/Sept target, hosted by Amazon in Seattle. [owner: dick]</span></p></li></ul></ul></ul></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 15, 2017 at 2:59 PM, Marius Scurtescu <span dir="ltr"><<a href="mailto:mscurtescu@google.com" target="_blank">mscurtescu@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Here is the link to the slides:<div><a href="https://docs.google.com/presentation/d/1E1wO33adnitJVkfoibHDJeYsZql3i1ImneBxI1aA-HQ/edit?usp=sharing" target="_blank">https://docs.google.com/<wbr>presentation/d/<wbr>1E1wO33adnitJVkfoibHDJeYsZql3i<wbr>1ImneBxI1aA-HQ/edit?usp=<wbr>sharing</a><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="m_5815243439504428571gmail_signature" data-smartmail="gmail_signature">Marius</div></div>
<br><div class="gmail_quote"><div><div class="h5">On Mon, May 15, 2017 at 1:22 PM, Phil Hunt (IDM) <span dir="ltr"><<a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="auto"><div>I will be on. Unfortunately I have to leave the call at 3:30. <br><br>Phil</div><div><div class="m_5815243439504428571h5"><div><br>On May 15, 2017, at 12:36 PM, Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi all,<div><br></div><div>For today's agenda, wanted to do a recap of the f2f for those that didn't attend and review the different workstreams in progress.</div><div><br></div><div>Anything else?</div><div><br></div><div>thanks,</div><div>AD<br clear="all"><div><br></div>-- <br><div class="m_5815243439504428571m_8265608348283654383gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> <a href="tel:(650)%20214-2410" value="+16502142410" target="_blank"><wbr>+1 650-214-2410</a></span></div><br></div></div>
</div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span>Openid-specs-risc mailing list</span><br><span><a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid<wbr>.net</a></span><br><span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=m_dXrRBEyhGuEIrJ9DAnBBEe39Nan5pL50OnlM3WBEo&s=Rwcalcc4X13EY6gq-uX2m7C9PtpS6LwmJhjcmj1QHa4&e=" target="_blank">https://urldefense.proofpoint.<wbr>com/v2/url?u=http-3A__lists.op<wbr>enid.net_mailman_listinfo_open<wbr>id-2Dspecs-2Drisc&d=DwICAg&c=R<wbr>oP1YumCXCgaWHvlZYR8PQcxBKCX5YT<wbr>pkKY057SbK10&r=JBm5biRrKugCH0F<wbr>kITSeGJxPEivzjWwlNKe4C_lLIGk&<wbr>m=m_dXrRBEyhGuEIrJ9DAnBBEe39Na<wbr>n5pL50OnlM3WBEo&s=Rwcalcc4X13E<wbr>Y6gq-uX2m7C9PtpS6LwmJhjcmj1QHa<wbr>4&e=</a> </span><br></div></blockquote></div><br>______________________________<wbr>_________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid<wbr>.net</a><br>
</div></div><a href="http://lists.openid.net/mailman/listinfo/openid-specs-risc" rel="noreferrer" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-risc</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> +1 650-214-2410</span></div><br></div></div>
</div>