[Openid-specs-ab] FW: OpenID Meeting at IETF 89 2-Mar-14

Mike Jones Michael.Jones at microsoft.com
Mon Mar 3 10:29:58 UTC 2014 


From: Mike Jones
Sent: Monday, March 03, 2014 2:29 AM
To: John Bradley; Torsten Lodderstedt (t.lodderstedt at telekom.de); Carsten Bormann; Lucy Lynch; Tatsuya Hayashi (hayashi at lepidum.co.jp); Kaoru Maeda; 'Bill Mills'; Klaas Wierenga; David Misell; Steve Olshansky; Scott Wood; Justin P. Richer; Leif Johansson; Karen O'Donoghue; Phil Hunt; Christine Perey; Tim Bray (tbray at textuality.com); Brian Campbell
Subject: OpenID Meeting at IETF 89 2-Mar-14

OpenID Meeting at IETF 89 2-Mar-14

Attendees:
               Mike Jones
               John Bradley
               Torsten Lodderstedt
               Carsten Bormann
               Lucy Lynch
               Tatsuya Hayashi
               Kaoru Maeda
               Bill Mills
               Klaas Wierenga
               David Misell
               Steve Olshansky
               Scott Wood
               Justin Richer
               Leif Johansson
               Karen O'Donoghue
               Phil Hunt
               Christine Perey
               Tim Bray
               Brian Campbell

Agenda:
               Introductions
               OpenID Connect Launch
               Remaining OpenID Connect Work
               Migration from OpenID 2.0
               Registries
               Account Chooser Status
               Native Applications WG Status
               Profiles

Introductions
               We introduced ourselves
               Mike thanked Lucy for arranging the meeting once again
               Mike described how useful the meeting series has been
                              For example, the restructuring of the Messages & Standard specs into the Core spec was a result

OpenID Connect Launch
               See http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/
               and http://openid.net/2014/02/28/no-oscars-but-openid-connect-launch-receives-international-raves/
               Tim Bray described the positive reception at the Mobile World Congress and by the GSMA

Remaining OpenID Connect Work
               Session Management issues remain
               These underlying IETF specs are hopefully soon to be completed:
                              JWS, JWE, JWS, JWA, JWT, OAuth Assertions, OAuth JWT Profile

Migration from OpenID 2.0
               The Connect WG is working on ways to migrate from OpenID 2.0 to OpenID Connect
               Google and Yahoo have both announced that they will turn off their OpenID 2.0 support
               Google has published how people can upgrade with them at https://developers.google.com/accounts/docs/OpenID#openid-connect
               The working group may publish a best practices document

Registries
               It would be useful to have OpenID specs be able to use IANA registries
               Leif - See Happy IANA http://tools.ietf.org/html/draft-nottingham-appsawg-happiana-00
               See RFC 6711 for an example
               Expert review probably the way to go
               Lucy - The IETF is gating for an IANA registry
               An RFC defining the registry could be independent submission
                              Independent submissions have an AD sponsor
               We should have a discussion with the Security ADs and IETF editor

Account Chooser Status
               Tim Bray discussed Account Chooser bootstrapping
                              The OIDF authorized experimentation with push by OIDF members who agree to a policy
               Account Chooser population is easier to do in enterprise contexts
               Phil Hunt pointed out that signin requirements vary a good deal between sectors
               Lucy Lynch made the point that the challenge is to go from where IdP choices are made by default
                              and where people are aware of and can actually choose their IdPs

Native Applications WG Status
               John Bradley described the Native Applications working group status
               It is working on standards for an agent to manage authentication status for users of native applications
               Enables coordination between multiple applications
               Inter-application communication and communication with the agent are distinct interfaces
               The Google Play services on Android does an equivalent thing but only for Google accounts
               Mostly trying to standardize Token Agent to Authorization Server communication
               Communication between the applications and Token Agent are likely to be environment dependent
               This is intended to be general enough to cover both ID Tokens and general Access Tokens

Profiles
               There is some profile work happening in the OIX/Kantara Federation Interoperability group
                              Intended for higher LOA use cases
               GSMA interested in creating a standard profile for mobile carriers to use
                              They will use persistent identifiers that are distinct from phone numbers
                              Discovery will likely be needed based upon phone numbers
                              Verified phone number claims could be issued
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140303/f425daa3/attachment.html>

More information about the Openid-specs-ab mailing list